# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 05.08.2022 10:57:18.630 Process: id = "1" image_name = "81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" filename = "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" page_root = "0x47027000" os_pid = "0xedc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x77c" cmd_line = "\"C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 114 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 115 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 116 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 117 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 118 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 119 start_va = 0xd0000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 120 start_va = 0x2b0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 121 start_va = 0x10b0000 end_va = 0x1151fff monitored = 1 entry_point = 0x114ddbe region_type = mapped_file name = "81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") Region: id = 122 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 123 start_va = 0x76f00000 end_va = 0x7707ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 124 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 125 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 126 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 127 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 128 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 129 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 130 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 270 start_va = 0x110000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 271 start_va = 0x73690000 end_va = 0x736cefff monitored = 0 entry_point = 0x736be088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 272 start_va = 0x73630000 end_va = 0x7368bfff monitored = 0 entry_point = 0x7366f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 273 start_va = 0x73620000 end_va = 0x73627fff monitored = 0 entry_point = 0x736220f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 274 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 275 start_va = 0x752b0000 end_va = 0x753bffff monitored = 0 entry_point = 0x752c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 276 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 277 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076b00000" filename = "" Region: id = 278 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 279 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076c20000" filename = "" Region: id = 280 start_va = 0x190000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 281 start_va = 0x73500000 end_va = 0x73549fff monitored = 1 entry_point = 0x73502e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 282 start_va = 0x752b0000 end_va = 0x753bffff monitored = 0 entry_point = 0x752c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 283 start_va = 0x753c0000 end_va = 0x75406fff monitored = 0 entry_point = 0x753c74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 284 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 285 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 286 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 287 start_va = 0x3b0000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 288 start_va = 0x420000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 289 start_va = 0x420000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 290 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 291 start_va = 0x76a60000 end_va = 0x76afffff monitored = 0 entry_point = 0x76a749e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 292 start_va = 0x75410000 end_va = 0x754bbfff monitored = 0 entry_point = 0x7541a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 293 start_va = 0x759a0000 end_va = 0x759b8fff monitored = 0 entry_point = 0x759a4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 294 start_va = 0x76970000 end_va = 0x76a5ffff monitored = 0 entry_point = 0x76980569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 295 start_va = 0x74a50000 end_va = 0x74aaffff monitored = 0 entry_point = 0x74a6a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 296 start_va = 0x74a40000 end_va = 0x74a4bfff monitored = 0 entry_point = 0x74a410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 297 start_va = 0x550000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 298 start_va = 0x733b0000 end_va = 0x7343cfff monitored = 1 entry_point = 0x733c2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 299 start_va = 0x734f0000 end_va = 0x734f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 300 start_va = 0x751c0000 end_va = 0x75216fff monitored = 0 entry_point = 0x751d9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 301 start_va = 0x75220000 end_va = 0x752affff monitored = 0 entry_point = 0x75236343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 302 start_va = 0x76860000 end_va = 0x7695ffff monitored = 0 entry_point = 0x7687b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 303 start_va = 0x759c0000 end_va = 0x759c9fff monitored = 0 entry_point = 0x759c36a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 304 start_va = 0x74d40000 end_va = 0x74ddcfff monitored = 0 entry_point = 0x74d73fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 305 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 306 start_va = 0x660000 end_va = 0x7e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000660000" filename = "" Region: id = 307 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 308 start_va = 0x75550000 end_va = 0x755affff monitored = 0 entry_point = 0x7556158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 309 start_va = 0x74c40000 end_va = 0x74d0bfff monitored = 0 entry_point = 0x74c4168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 310 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 311 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 312 start_va = 0x7f0000 end_va = 0x970fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 313 start_va = 0x1160000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 314 start_va = 0x420000 end_va = 0x4bcfff monitored = 1 entry_point = 0x4bddbe region_type = mapped_file name = "81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") Region: id = 315 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 316 start_va = 0x420000 end_va = 0x4bcfff monitored = 1 entry_point = 0x4bddbe region_type = mapped_file name = "81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" filename = "\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") Region: id = 317 start_va = 0x733a0000 end_va = 0x733a8fff monitored = 0 entry_point = 0x733a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 318 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 319 start_va = 0x70fc0000 end_va = 0x7176efff monitored = 1 entry_point = 0x70fdd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 320 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 321 start_va = 0x73600000 end_va = 0x73613fff monitored = 0 entry_point = 0x7360ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 322 start_va = 0x73550000 end_va = 0x735fafff monitored = 0 entry_point = 0x735e5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 323 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 324 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 325 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 326 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 327 start_va = 0xb0000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 328 start_va = 0xc0000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 329 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 330 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 331 start_va = 0x420000 end_va = 0x420fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 332 start_va = 0x550000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 333 start_va = 0x650000 end_va = 0x65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000650000" filename = "" Region: id = 334 start_va = 0x980000 end_va = 0xb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 335 start_va = 0xa30000 end_va = 0xa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 336 start_va = 0xb40000 end_va = 0xb7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 337 start_va = 0xd40000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 338 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 339 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 340 start_va = 0x2560000 end_va = 0x455ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 341 start_va = 0x430000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 342 start_va = 0x9c0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 343 start_va = 0xf30000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 344 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 345 start_va = 0xbb0000 end_va = 0xbeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bb0000" filename = "" Region: id = 346 start_va = 0x4620000 end_va = 0x471ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 347 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 348 start_va = 0x4720000 end_va = 0x49eefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 349 start_va = 0x70360000 end_va = 0x7176afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 350 start_va = 0x75740000 end_va = 0x7589bfff monitored = 0 entry_point = 0x7578ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 351 start_va = 0x73a10000 end_va = 0x73a8ffff monitored = 0 entry_point = 0x73a237c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 352 start_va = 0xa70000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a70000" filename = "" Region: id = 353 start_va = 0xbf0000 end_va = 0xccefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bf0000" filename = "" Region: id = 354 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 355 start_va = 0x74a20000 end_va = 0x74a22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 356 start_va = 0x74990000 end_va = 0x74a18fff monitored = 1 entry_point = 0x74991130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 357 start_va = 0x75130000 end_va = 0x751befff monitored = 0 entry_point = 0x75133fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 358 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 359 start_va = 0x6f900000 end_va = 0x70354fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 360 start_va = 0x6f0e0000 end_va = 0x6f8f7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 361 start_va = 0x6eef0000 end_va = 0x6f0d1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 362 start_va = 0x6ed40000 end_va = 0x6eee2fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 363 start_va = 0x6ded0000 end_va = 0x6ed35fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 364 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 365 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 366 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 367 start_va = 0x550000 end_va = 0x560fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 368 start_va = 0x6ddc0000 end_va = 0x6dec4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 369 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 370 start_va = 0x6d640000 end_va = 0x6ddb3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 371 start_va = 0x74970000 end_va = 0x74982fff monitored = 1 entry_point = 0x7497d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 372 start_va = 0x49f0000 end_va = 0x4cc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 373 start_va = 0x75be0000 end_va = 0x76829fff monitored = 0 entry_point = 0x75c61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 374 start_va = 0x570000 end_va = 0x570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000570000" filename = "" Region: id = 375 start_va = 0x748d0000 end_va = 0x748dafff monitored = 0 entry_point = 0x748d1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 376 start_va = 0xe40000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 377 start_va = 0x74950000 end_va = 0x74966fff monitored = 0 entry_point = 0x749535fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 378 start_va = 0x738e0000 end_va = 0x738f6fff monitored = 0 entry_point = 0x738e3573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 379 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 380 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 381 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 382 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 383 start_va = 0x580000 end_va = 0x5bbfff monitored = 0 entry_point = 0x58128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 384 start_va = 0x738a0000 end_va = 0x738dafff monitored = 0 entry_point = 0x738a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 385 start_va = 0x75950000 end_va = 0x75954fff monitored = 0 entry_point = 0x75951438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 389 start_va = 0x73990000 end_va = 0x739e1fff monitored = 0 entry_point = 0x739914be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 390 start_va = 0x73970000 end_va = 0x73984fff monitored = 0 entry_point = 0x739712de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 391 start_va = 0x75960000 end_va = 0x75994fff monitored = 0 entry_point = 0x7596145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 392 start_va = 0x76960000 end_va = 0x76965fff monitored = 0 entry_point = 0x76961782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 393 start_va = 0x73960000 end_va = 0x7396cfff monitored = 0 entry_point = 0x73961326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 394 start_va = 0x747e0000 end_va = 0x7481bfff monitored = 0 entry_point = 0x747e145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 395 start_va = 0x747d0000 end_va = 0x747d4fff monitored = 0 entry_point = 0x747d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 396 start_va = 0x747c0000 end_va = 0x747c5fff monitored = 0 entry_point = 0x747c1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 397 start_va = 0x4560000 end_va = 0x461ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 398 start_va = 0x580000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 399 start_va = 0x4e30000 end_va = 0x4f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e30000" filename = "" Region: id = 400 start_va = 0x6d5e0000 end_va = 0x6d637fff monitored = 0 entry_point = 0x6d5e13b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 401 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 402 start_va = 0x6d590000 end_va = 0x6d5defff monitored = 0 entry_point = 0x6d591452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 403 start_va = 0x1050000 end_va = 0x108ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 404 start_va = 0x4f40000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 405 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 406 start_va = 0xd00000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 407 start_va = 0x51b0000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 408 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 409 start_va = 0x74940000 end_va = 0x74947fff monitored = 0 entry_point = 0x749434d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 410 start_va = 0x74830000 end_va = 0x7484bfff monitored = 0 entry_point = 0x7483a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 411 start_va = 0x74820000 end_va = 0x74826fff monitored = 0 entry_point = 0x7482128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 412 start_va = 0x4cd0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cd0000" filename = "" Region: id = 413 start_va = 0x74930000 end_va = 0x7493cfff monitored = 0 entry_point = 0x74932012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 414 start_va = 0x6d570000 end_va = 0x6d581fff monitored = 0 entry_point = 0x6d573271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 415 start_va = 0xa70000 end_va = 0xad1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 416 start_va = 0xaf0000 end_va = 0xb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 417 start_va = 0x5120000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005120000" filename = "" Region: id = 418 start_va = 0x5330000 end_va = 0x542ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 419 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 420 start_va = 0x747a0000 end_va = 0x747adfff monitored = 0 entry_point = 0x747a1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 421 start_va = 0x50e0000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000050e0000" filename = "" Region: id = 422 start_va = 0x5510000 end_va = 0x560ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005510000" filename = "" Region: id = 423 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 424 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 425 start_va = 0x5d0000 end_va = 0x5d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 426 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 427 start_va = 0x5d0000 end_va = 0x5d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 428 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 429 start_va = 0x5c0000 end_va = 0x5c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 430 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 431 start_va = 0x5c0000 end_va = 0x5c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 432 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 433 start_va = 0x5c0000 end_va = 0x5c6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 434 start_va = 0x74850000 end_va = 0x74893fff monitored = 0 entry_point = 0x748663f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 435 start_va = 0x5610000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005610000" filename = "" Region: id = 436 start_va = 0x747b0000 end_va = 0x747b5fff monitored = 0 entry_point = 0x747b14b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 437 start_va = 0x6d530000 end_va = 0x6d567fff monitored = 0 entry_point = 0x6d53990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 438 start_va = 0x5610000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005610000" filename = "" Region: id = 439 start_va = 0x57f0000 end_va = 0x582ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057f0000" filename = "" Region: id = 440 start_va = 0x74920000 end_va = 0x74927fff monitored = 0 entry_point = 0x749210e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 441 start_va = 0x6d4f0000 end_va = 0x6d52efff monitored = 0 entry_point = 0x6d4f2351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 442 start_va = 0x74ab0000 end_va = 0x74bd0fff monitored = 0 entry_point = 0x74ab158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 443 start_va = 0x76ed0000 end_va = 0x76edbfff monitored = 0 entry_point = 0x76ed238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 444 start_va = 0x6d4b0000 end_va = 0x6d4e7fff monitored = 0 entry_point = 0x6d4b1489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 445 start_va = 0x6d470000 end_va = 0x6d4acfff monitored = 0 entry_point = 0x6d4710f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 446 start_va = 0x5c0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 447 start_va = 0x5850000 end_va = 0x594ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005850000" filename = "" Region: id = 448 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 449 start_va = 0x6d450000 end_va = 0x6d466fff monitored = 0 entry_point = 0x6d451c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 450 start_va = 0x5950000 end_va = 0x5a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005950000" filename = "" Region: id = 451 start_va = 0x5a50000 end_va = 0x5c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a50000" filename = "" Region: id = 452 start_va = 0x6d430000 end_va = 0x6d445fff monitored = 0 entry_point = 0x6d432061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 830 start_va = 0x640000 end_va = 0x649fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 831 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 832 start_va = 0x980000 end_va = 0x98ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000980000" filename = "" Region: id = 833 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 834 start_va = 0x980000 end_va = 0x9a9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000980000" filename = "" Region: id = 835 start_va = 0x9b0000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009b0000" filename = "" Region: id = 836 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 837 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 838 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 839 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 840 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 841 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 842 start_va = 0x5450000 end_va = 0x548ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005450000" filename = "" Region: id = 843 start_va = 0x5d30000 end_va = 0x5e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d30000" filename = "" Region: id = 844 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 845 start_va = 0x5e30000 end_va = 0x6e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e30000" filename = "" Region: id = 846 start_va = 0x6e30000 end_va = 0x6f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e30000" filename = "" Region: id = 847 start_va = 0x6f80000 end_va = 0x7f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006f80000" filename = "" Region: id = 848 start_va = 0x7f80000 end_va = 0x820ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f80000" filename = "" Region: id = 849 start_va = 0xa00000 end_va = 0xa12fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 850 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 851 start_va = 0xae0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 852 start_va = 0x8210000 end_va = 0x920ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008210000" filename = "" Region: id = 853 start_va = 0x9210000 end_va = 0xa20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 854 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 855 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 856 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 857 start_va = 0x5090000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005090000" filename = "" Region: id = 858 start_va = 0xa370000 end_va = 0xa46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a370000" filename = "" Region: id = 859 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 860 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 861 start_va = 0x5490000 end_va = 0x54cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005490000" filename = "" Region: id = 862 start_va = 0xa560000 end_va = 0xa65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a560000" filename = "" Region: id = 863 start_va = 0x7ef92000 end_va = 0x7ef94fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 864 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 865 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 866 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 867 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 868 start_va = 0x430000 end_va = 0x4b1fff monitored = 0 entry_point = 0x4319a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 869 start_va = 0x430000 end_va = 0x4b1fff monitored = 0 entry_point = 0x4319a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 870 start_va = 0x6d3a0000 end_va = 0x6d423fff monitored = 0 entry_point = 0x6d3a19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 871 start_va = 0x5610000 end_va = 0x56bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005610000" filename = "" Region: id = 872 start_va = 0x56c0000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056c0000" filename = "" Region: id = 873 start_va = 0x6d210000 end_va = 0x6d39ffff monitored = 0 entry_point = 0x6d2ad026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 874 start_va = 0x5700000 end_va = 0x57cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 875 start_va = 0x5170000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 876 start_va = 0x5fd0000 end_va = 0x60cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fd0000" filename = "" Region: id = 877 start_va = 0x6d200000 end_va = 0x6d204fff monitored = 0 entry_point = 0x6d2011d0 region_type = mapped_file name = "shfolder.dll" filename = "\\Windows\\SysWOW64\\shfolder.dll" (normalized: "c:\\windows\\syswow64\\shfolder.dll") Region: id = 878 start_va = 0x7ef8f000 end_va = 0x7ef91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 879 start_va = 0x430000 end_va = 0x432fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 880 start_va = 0x440000 end_va = 0x446fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 881 start_va = 0x440000 end_va = 0x446fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "marlett.ttf" filename = "\\Windows\\Fonts\\marlett.ttf" (normalized: "c:\\windows\\fonts\\marlett.ttf") Region: id = 882 start_va = 0x5700000 end_va = 0x57bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 883 start_va = 0x57c0000 end_va = 0x57cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000057c0000" filename = "" Region: id = 884 start_va = 0x5700000 end_va = 0x57bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arial.ttf" filename = "\\Windows\\Fonts\\arial.ttf" (normalized: "c:\\windows\\fonts\\arial.ttf") Region: id = 885 start_va = 0x5e30000 end_va = 0x5f2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e30000" filename = "" Region: id = 886 start_va = 0x440000 end_va = 0x4c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 887 start_va = 0x440000 end_va = 0x4c7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariali.ttf" filename = "\\Windows\\Fonts\\ariali.ttf" (normalized: "c:\\windows\\fonts\\ariali.ttf") Region: id = 888 start_va = 0x5700000 end_va = 0x57b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 889 start_va = 0x5700000 end_va = 0x57b6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbd.ttf" filename = "\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf") Region: id = 890 start_va = 0x440000 end_va = 0x4c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 891 start_va = 0x440000 end_va = 0x4c9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialbi.ttf" filename = "\\Windows\\Fonts\\arialbi.ttf" (normalized: "c:\\windows\\fonts\\arialbi.ttf") Region: id = 892 start_va = 0x6f80000 end_va = 0x7f02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 893 start_va = 0x6f80000 end_va = 0x7f02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 894 start_va = 0x6f80000 end_va = 0x7f02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 895 start_va = 0x60d0000 end_va = 0x62cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000060d0000" filename = "" Region: id = 896 start_va = 0x6f80000 end_va = 0x7f02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 897 start_va = 0x6f80000 end_va = 0x7f02fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "batang.ttc" filename = "\\Windows\\Fonts\\batang.ttc" (normalized: "c:\\windows\\fonts\\batang.ttc") Region: id = 898 start_va = 0x5700000 end_va = 0x57adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 899 start_va = 0x5700000 end_va = 0x57adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cour.ttf" filename = "\\Windows\\Fonts\\cour.ttf" (normalized: "c:\\windows\\fonts\\cour.ttf") Region: id = 900 start_va = 0x5610000 end_va = 0x56a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 901 start_va = 0x56b0000 end_va = 0x56bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 902 start_va = 0x5610000 end_va = 0x56a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "couri.ttf" filename = "\\Windows\\Fonts\\couri.ttf" (normalized: "c:\\windows\\fonts\\couri.ttf") Region: id = 903 start_va = 0x5700000 end_va = 0x57adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 904 start_va = 0x5700000 end_va = 0x57adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbd.ttf" filename = "\\Windows\\Fonts\\courbd.ttf" (normalized: "c:\\windows\\fonts\\courbd.ttf") Region: id = 905 start_va = 0x440000 end_va = 0x4c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 906 start_va = 0x440000 end_va = 0x4c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "courbi.ttf" filename = "\\Windows\\Fonts\\courbi.ttf" (normalized: "c:\\windows\\fonts\\courbi.ttf") Region: id = 907 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "daunpenh.ttf" filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf") Region: id = 908 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "daunpenh.ttf" filename = "\\Windows\\Fonts\\daunpenh.ttf" (normalized: "c:\\windows\\fonts\\daunpenh.ttf") Region: id = 909 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dokchamp.ttf" filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf") Region: id = 910 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dokchamp.ttf" filename = "\\Windows\\Fonts\\dokchamp.ttf" (normalized: "c:\\windows\\fonts\\dokchamp.ttf") Region: id = 911 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "estre.ttf" filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf") Region: id = 912 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "estre.ttf" filename = "\\Windows\\Fonts\\estre.ttf" (normalized: "c:\\windows\\fonts\\estre.ttf") Region: id = 913 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "euphemia.ttf" filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf") Region: id = 914 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "euphemia.ttf" filename = "\\Windows\\Fonts\\euphemia.ttf" (normalized: "c:\\windows\\fonts\\euphemia.ttf") Region: id = 915 start_va = 0x440000 end_va = 0x47efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautami.ttf" filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf") Region: id = 916 start_va = 0x440000 end_va = 0x47efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautami.ttf" filename = "\\Windows\\Fonts\\gautami.ttf" (normalized: "c:\\windows\\fonts\\gautami.ttf") Region: id = 917 start_va = 0x440000 end_va = 0x476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautamib.ttf" filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf") Region: id = 918 start_va = 0x440000 end_va = 0x476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gautamib.ttf" filename = "\\Windows\\Fonts\\gautamib.ttf" (normalized: "c:\\windows\\fonts\\gautamib.ttf") Region: id = 919 start_va = 0x440000 end_va = 0x49efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vani.ttf" filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf") Region: id = 920 start_va = 0x440000 end_va = 0x49efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vani.ttf" filename = "\\Windows\\Fonts\\Vani.ttf" (normalized: "c:\\windows\\fonts\\vani.ttf") Region: id = 921 start_va = 0x440000 end_va = 0x49afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vanib.ttf" filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf") Region: id = 922 start_va = 0x440000 end_va = 0x49afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vanib.ttf" filename = "\\Windows\\Fonts\\Vanib.ttf" (normalized: "c:\\windows\\fonts\\vanib.ttf") Region: id = 923 start_va = 0x6f80000 end_va = 0x7c65fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 924 start_va = 0x6f80000 end_va = 0x7c65fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 925 start_va = 0x6f80000 end_va = 0x7c65fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 926 start_va = 0x6f80000 end_va = 0x7c65fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 927 start_va = 0x62d0000 end_va = 0x66cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062d0000" filename = "" Region: id = 928 start_va = 0x6f80000 end_va = 0x7c65fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gulim.ttc" filename = "\\Windows\\Fonts\\gulim.ttc" (normalized: "c:\\windows\\fonts\\gulim.ttc") Region: id = 929 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 930 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "impact.ttf" filename = "\\Windows\\Fonts\\impact.ttf" (normalized: "c:\\windows\\fonts\\impact.ttf") Region: id = 931 start_va = 0x440000 end_va = 0x4c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpota.ttf" filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf") Region: id = 932 start_va = 0x440000 end_va = 0x4c5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpota.ttf" filename = "\\Windows\\Fonts\\iskpota.ttf" (normalized: "c:\\windows\\fonts\\iskpota.ttf") Region: id = 933 start_va = 0x440000 end_va = 0x49afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpotab.ttf" filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf") Region: id = 934 start_va = 0x440000 end_va = 0x49afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iskpotab.ttf" filename = "\\Windows\\Fonts\\iskpotab.ttf" (normalized: "c:\\windows\\fonts\\iskpotab.ttf") Region: id = 935 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalinga.ttf" filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf") Region: id = 936 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalinga.ttf" filename = "\\Windows\\Fonts\\kalinga.ttf" (normalized: "c:\\windows\\fonts\\kalinga.ttf") Region: id = 937 start_va = 0x440000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalingab.ttf" filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf") Region: id = 938 start_va = 0x440000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kalingab.ttf" filename = "\\Windows\\Fonts\\kalingab.ttf" (normalized: "c:\\windows\\fonts\\kalingab.ttf") Region: id = 939 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartika.ttf" filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf") Region: id = 940 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartika.ttf" filename = "\\Windows\\Fonts\\kartika.ttf" (normalized: "c:\\windows\\fonts\\kartika.ttf") Region: id = 941 start_va = 0x440000 end_va = 0x45efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartikab.ttf" filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf") Region: id = 942 start_va = 0x440000 end_va = 0x45efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kartikab.ttf" filename = "\\Windows\\Fonts\\kartikab.ttf" (normalized: "c:\\windows\\fonts\\kartikab.ttf") Region: id = 943 start_va = 0x440000 end_va = 0x490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmerui.ttf" filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf") Region: id = 944 start_va = 0x440000 end_va = 0x490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmerui.ttf" filename = "\\Windows\\Fonts\\KhmerUI.ttf" (normalized: "c:\\windows\\fonts\\khmerui.ttf") Region: id = 945 start_va = 0x440000 end_va = 0x480fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmeruib.ttf" filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf") Region: id = 946 start_va = 0x440000 end_va = 0x480fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "khmeruib.ttf" filename = "\\Windows\\Fonts\\KhmerUIb.ttf" (normalized: "c:\\windows\\fonts\\khmeruib.ttf") Region: id = 947 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laoui.ttf" filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf") Region: id = 948 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laoui.ttf" filename = "\\Windows\\Fonts\\LaoUI.ttf" (normalized: "c:\\windows\\fonts\\laoui.ttf") Region: id = 949 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laouib.ttf" filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf") Region: id = 950 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "laouib.ttf" filename = "\\Windows\\Fonts\\LaoUIb.ttf" (normalized: "c:\\windows\\fonts\\laouib.ttf") Region: id = 951 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latha.ttf" filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf") Region: id = 952 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latha.ttf" filename = "\\Windows\\Fonts\\latha.ttf" (normalized: "c:\\windows\\fonts\\latha.ttf") Region: id = 953 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lathab.ttf" filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf") Region: id = 954 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lathab.ttf" filename = "\\Windows\\Fonts\\lathab.ttf" (normalized: "c:\\windows\\fonts\\lathab.ttf") Region: id = 955 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 956 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lucon.ttf" filename = "\\Windows\\Fonts\\lucon.ttf" (normalized: "c:\\windows\\fonts\\lucon.ttf") Region: id = 957 start_va = 0x66d0000 end_va = 0x6af2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 958 start_va = 0x66d0000 end_va = 0x6af2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 959 start_va = 0x66d0000 end_va = 0x6b1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 960 start_va = 0x66d0000 end_va = 0x6b1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgunbd.ttf" filename = "\\Windows\\Fonts\\malgunbd.ttf" (normalized: "c:\\windows\\fonts\\malgunbd.ttf") Region: id = 961 start_va = 0x440000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangal.ttf" filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf") Region: id = 962 start_va = 0x440000 end_va = 0x472fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangal.ttf" filename = "\\Windows\\Fonts\\mangal.ttf" (normalized: "c:\\windows\\fonts\\mangal.ttf") Region: id = 963 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangalb.ttf" filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf") Region: id = 964 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mangalb.ttf" filename = "\\Windows\\Fonts\\mangalb.ttf" (normalized: "c:\\windows\\fonts\\mangalb.ttf") Region: id = 965 start_va = 0x6f80000 end_va = 0x7897fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 966 start_va = 0x6f80000 end_va = 0x7897fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 967 start_va = 0x6f80000 end_va = 0x7897fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 968 start_va = 0x6f80000 end_va = 0x7897fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 969 start_va = 0x6f80000 end_va = 0x7897fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryo.ttc" filename = "\\Windows\\Fonts\\meiryo.ttc" (normalized: "c:\\windows\\fonts\\meiryo.ttc") Region: id = 970 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 971 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 972 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 973 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 974 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "meiryob.ttc" filename = "\\Windows\\Fonts\\meiryob.ttc" (normalized: "c:\\windows\\fonts\\meiryob.ttc") Region: id = 975 start_va = 0x9210000 end_va = 0x9a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000009210000" filename = "" Region: id = 976 start_va = 0x5610000 end_va = 0x56a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 977 start_va = 0x5610000 end_va = 0x56a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "himalaya.ttf" filename = "\\Windows\\Fonts\\himalaya.ttf" (normalized: "c:\\windows\\fonts\\himalaya.ttf") Region: id = 978 start_va = 0xa660000 end_va = 0xbb08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 979 start_va = 0xa660000 end_va = 0xbb08fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 980 start_va = 0x6f80000 end_va = 0x7d56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttf" filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf") Region: id = 981 start_va = 0x6f80000 end_va = 0x7d56fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttf" filename = "\\Windows\\Fonts\\msjhbd.ttf" (normalized: "c:\\windows\\fonts\\msjhbd.ttf") Region: id = 982 start_va = 0xa660000 end_va = 0xbb22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 983 start_va = 0xa660000 end_va = 0xbb22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 984 start_va = 0x6f80000 end_va = 0x7d6dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttf" filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf") Region: id = 985 start_va = 0x6f80000 end_va = 0x7d6dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttf" filename = "\\Windows\\Fonts\\msyhbd.ttf" (normalized: "c:\\windows\\fonts\\msyhbd.ttf") Region: id = 986 start_va = 0xa660000 end_va = 0xc519fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 987 start_va = 0xa660000 end_va = 0xc519fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 988 start_va = 0xa660000 end_va = 0xc519fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 989 start_va = 0xa660000 end_va = 0xc519fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliu.ttc" filename = "\\Windows\\Fonts\\mingliu.ttc" (normalized: "c:\\windows\\fonts\\mingliu.ttc") Region: id = 990 start_va = 0xa660000 end_va = 0xc69dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 991 start_va = 0xa660000 end_va = 0xc69dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 992 start_va = 0xa660000 end_va = 0xc69dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 993 start_va = 0xa660000 end_va = 0xc69dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mingliub.ttc" filename = "\\Windows\\Fonts\\mingliub.ttc" (normalized: "c:\\windows\\fonts\\mingliub.ttc") Region: id = 994 start_va = 0x440000 end_va = 0x497fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 995 start_va = 0x440000 end_va = 0x497fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "monbaiti.ttf" filename = "\\Windows\\Fonts\\monbaiti.ttf" (normalized: "c:\\windows\\fonts\\monbaiti.ttf") Region: id = 996 start_va = 0x6f80000 end_va = 0x7840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 997 start_va = 0x6f80000 end_va = 0x7840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 998 start_va = 0x6f80000 end_va = 0x7840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 999 start_va = 0x6f80000 end_va = 0x7840fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msgothic.ttc" filename = "\\Windows\\Fonts\\msgothic.ttc" (normalized: "c:\\windows\\fonts\\msgothic.ttc") Region: id = 1000 start_va = 0x6f80000 end_va = 0x7917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 1001 start_va = 0x6f80000 end_va = 0x7917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 1002 start_va = 0x6f80000 end_va = 0x7917fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msmincho.ttc" filename = "\\Windows\\Fonts\\msmincho.ttc" (normalized: "c:\\windows\\fonts\\msmincho.ttc") Region: id = 1003 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 1004 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mvboli.ttf" filename = "\\Windows\\Fonts\\mvboli.ttf" (normalized: "c:\\windows\\fonts\\mvboli.ttf") Region: id = 1005 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 1006 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailu.ttf" filename = "\\Windows\\Fonts\\ntailu.ttf" (normalized: "c:\\windows\\fonts\\ntailu.ttf") Region: id = 1007 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 1008 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntailub.ttf" filename = "\\Windows\\Fonts\\ntailub.ttf" (normalized: "c:\\windows\\fonts\\ntailub.ttf") Region: id = 1009 start_va = 0x440000 end_va = 0x4aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nyala.ttf" filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf") Region: id = 1010 start_va = 0x440000 end_va = 0x4aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nyala.ttf" filename = "\\Windows\\Fonts\\nyala.ttf" (normalized: "c:\\windows\\fonts\\nyala.ttf") Region: id = 1011 start_va = 0x440000 end_va = 0x463fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 1012 start_va = 0x440000 end_va = 0x463fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspa.ttf" filename = "\\Windows\\Fonts\\phagspa.ttf" (normalized: "c:\\windows\\fonts\\phagspa.ttf") Region: id = 1013 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 1014 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "phagspab.ttf" filename = "\\Windows\\Fonts\\phagspab.ttf" (normalized: "c:\\windows\\fonts\\phagspab.ttf") Region: id = 1015 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "plantc.ttf" filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf") Region: id = 1016 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "plantc.ttf" filename = "\\Windows\\Fonts\\plantc.ttf" (normalized: "c:\\windows\\fonts\\plantc.ttf") Region: id = 1017 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavi.ttf" filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf") Region: id = 1018 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavi.ttf" filename = "\\Windows\\Fonts\\raavi.ttf" (normalized: "c:\\windows\\fonts\\raavi.ttf") Region: id = 1019 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavib.ttf" filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf") Region: id = 1020 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "raavib.ttf" filename = "\\Windows\\Fonts\\raavib.ttf" (normalized: "c:\\windows\\fonts\\raavib.ttf") Region: id = 1021 start_va = 0x5610000 end_va = 0x56a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 1022 start_va = 0x5610000 end_va = 0x56a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoesc.ttf" filename = "\\Windows\\Fonts\\segoesc.ttf" (normalized: "c:\\windows\\fonts\\segoesc.ttf") Region: id = 1023 start_va = 0x5610000 end_va = 0x56a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 1024 start_va = 0x5610000 end_va = 0x56a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoescb.ttf" filename = "\\Windows\\Fonts\\segoescb.ttf" (normalized: "c:\\windows\\fonts\\segoescb.ttf") Region: id = 1025 start_va = 0x440000 end_va = 0x4befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 1026 start_va = 0x440000 end_va = 0x4befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 1027 start_va = 0x440000 end_va = 0x4b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 1028 start_va = 0x440000 end_va = 0x4b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 1029 start_va = 0x440000 end_va = 0x49efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuii.ttf" filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf") Region: id = 1030 start_va = 0x440000 end_va = 0x49efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuii.ttf" filename = "\\Windows\\Fonts\\segoeuii.ttf" (normalized: "c:\\windows\\fonts\\segoeuii.ttf") Region: id = 1031 start_va = 0x440000 end_va = 0x4a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuiz.ttf" filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf") Region: id = 1032 start_va = 0x440000 end_va = 0x4a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuiz.ttf" filename = "\\Windows\\Fonts\\segoeuiz.ttf" (normalized: "c:\\windows\\fonts\\segoeuiz.ttf") Region: id = 1033 start_va = 0x440000 end_va = 0x4a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 1034 start_va = 0x440000 end_va = 0x4a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 1035 start_va = 0x440000 end_va = 0x490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 1036 start_va = 0x440000 end_va = 0x490fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 1037 start_va = 0x440000 end_va = 0x4befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisym.ttf" filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf") Region: id = 1038 start_va = 0x440000 end_va = 0x4befff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisym.ttf" filename = "\\Windows\\Fonts\\seguisym.ttf" (normalized: "c:\\windows\\fonts\\seguisym.ttf") Region: id = 1039 start_va = 0x440000 end_va = 0x481fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shruti.ttf" filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf") Region: id = 1040 start_va = 0x440000 end_va = 0x481fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shruti.ttf" filename = "\\Windows\\Fonts\\shruti.ttf" (normalized: "c:\\windows\\fonts\\shruti.ttf") Region: id = 1041 start_va = 0x440000 end_va = 0x479fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shrutib.ttf" filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf") Region: id = 1042 start_va = 0x440000 end_va = 0x479fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shrutib.ttf" filename = "\\Windows\\Fonts\\shrutib.ttf" (normalized: "c:\\windows\\fonts\\shrutib.ttf") Region: id = 1043 start_va = 0x6f80000 end_va = 0x7e1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 1044 start_va = 0x6f80000 end_va = 0x7e1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 1045 start_va = 0x6f80000 end_va = 0x7e1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsun.ttc" filename = "\\Windows\\Fonts\\simsun.ttc" (normalized: "c:\\windows\\fonts\\simsun.ttc") Region: id = 1046 start_va = 0x6f80000 end_va = 0x7e31fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 1047 start_va = 0x6f80000 end_va = 0x7e31fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simsunb.ttf" filename = "\\Windows\\Fonts\\simsunb.ttf" (normalized: "c:\\windows\\fonts\\simsunb.ttf") Region: id = 1048 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 1049 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sylfaen.ttf" filename = "\\Windows\\Fonts\\sylfaen.ttf" (normalized: "c:\\windows\\fonts\\sylfaen.ttf") Region: id = 1050 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 1051 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taile.ttf" filename = "\\Windows\\Fonts\\taile.ttf" (normalized: "c:\\windows\\fonts\\taile.ttf") Region: id = 1052 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 1053 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taileb.ttf" filename = "\\Windows\\Fonts\\taileb.ttf" (normalized: "c:\\windows\\fonts\\taileb.ttf") Region: id = 1054 start_va = 0x5c50000 end_va = 0x5d1bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 1055 start_va = 0x5c50000 end_va = 0x5d1bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "times.ttf" filename = "\\Windows\\Fonts\\times.ttf" (normalized: "c:\\windows\\fonts\\times.ttf") Region: id = 1056 start_va = 0x5700000 end_va = 0x57a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesi.ttf" filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf") Region: id = 1057 start_va = 0x5700000 end_va = 0x57a1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesi.ttf" filename = "\\Windows\\Fonts\\timesi.ttf" (normalized: "c:\\windows\\fonts\\timesi.ttf") Region: id = 1058 start_va = 0x5c50000 end_va = 0x5d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 1059 start_va = 0x5c50000 end_va = 0x5d1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbd.ttf" filename = "\\Windows\\Fonts\\timesbd.ttf" (normalized: "c:\\windows\\fonts\\timesbd.ttf") Region: id = 1060 start_va = 0x5610000 end_va = 0x56a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbi.ttf" filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf") Region: id = 1061 start_va = 0x5610000 end_va = 0x56a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "timesbi.ttf" filename = "\\Windows\\Fonts\\timesbi.ttf" (normalized: "c:\\windows\\fonts\\timesbi.ttf") Region: id = 1062 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tunga.ttf" filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf") Region: id = 1063 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tunga.ttf" filename = "\\Windows\\Fonts\\tunga.ttf" (normalized: "c:\\windows\\fonts\\tunga.ttf") Region: id = 1064 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tungab.ttf" filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf") Region: id = 1065 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tungab.ttf" filename = "\\Windows\\Fonts\\tungab.ttf" (normalized: "c:\\windows\\fonts\\tungab.ttf") Region: id = 1066 start_va = 0x440000 end_va = 0x47ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrinda.ttf" filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf") Region: id = 1067 start_va = 0x440000 end_va = 0x47ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrinda.ttf" filename = "\\Windows\\Fonts\\vrinda.ttf" (normalized: "c:\\windows\\fonts\\vrinda.ttf") Region: id = 1068 start_va = 0x440000 end_va = 0x47efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrindab.ttf" filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf") Region: id = 1069 start_va = 0x440000 end_va = 0x47efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vrindab.ttf" filename = "\\Windows\\Fonts\\vrindab.ttf" (normalized: "c:\\windows\\fonts\\vrindab.ttf") Region: id = 1070 start_va = 0x440000 end_va = 0x493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonar.ttf" filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf") Region: id = 1071 start_va = 0x440000 end_va = 0x493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonar.ttf" filename = "\\Windows\\Fonts\\Shonar.ttf" (normalized: "c:\\windows\\fonts\\shonar.ttf") Region: id = 1072 start_va = 0x440000 end_va = 0x489fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonarb.ttf" filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf") Region: id = 1073 start_va = 0x440000 end_va = 0x489fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shonarb.ttf" filename = "\\Windows\\Fonts\\Shonarb.ttf" (normalized: "c:\\windows\\fonts\\shonarb.ttf") Region: id = 1074 start_va = 0x440000 end_va = 0x493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 1075 start_va = 0x440000 end_va = 0x493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyi.ttf" filename = "\\Windows\\Fonts\\msyi.ttf" (normalized: "c:\\windows\\fonts\\msyi.ttf") Region: id = 1076 start_va = 0x5700000 end_va = 0x57aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 1077 start_va = 0x5700000 end_va = 0x57aafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 1078 start_va = 0x5610000 end_va = 0x56aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 1079 start_va = 0x5610000 end_va = 0x56aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahomabd.ttf" filename = "\\Windows\\Fonts\\tahomabd.ttf" (normalized: "c:\\windows\\fonts\\tahomabd.ttf") Region: id = 1080 start_va = 0x5610000 end_va = 0x56affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 1081 start_va = 0x5610000 end_va = 0x56affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 1082 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsa.ttf" filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf") Region: id = 1083 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsa.ttf" filename = "\\Windows\\Fonts\\angsa.ttf" (normalized: "c:\\windows\\fonts\\angsa.ttf") Region: id = 1084 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsai.ttf" filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf") Region: id = 1085 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsai.ttf" filename = "\\Windows\\Fonts\\angsai.ttf" (normalized: "c:\\windows\\fonts\\angsai.ttf") Region: id = 1086 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsab.ttf" filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf") Region: id = 1087 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsab.ttf" filename = "\\Windows\\Fonts\\angsab.ttf" (normalized: "c:\\windows\\fonts\\angsab.ttf") Region: id = 1088 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaz.ttf" filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf") Region: id = 1089 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaz.ttf" filename = "\\Windows\\Fonts\\angsaz.ttf" (normalized: "c:\\windows\\fonts\\angsaz.ttf") Region: id = 1090 start_va = 0x440000 end_va = 0x476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaj.ttf" filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf") Region: id = 1091 start_va = 0x440000 end_va = 0x476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaj.ttf" filename = "\\Windows\\Fonts\\aparaj.ttf" (normalized: "c:\\windows\\fonts\\aparaj.ttf") Region: id = 1092 start_va = 0x440000 end_va = 0x474fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajb.ttf" filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf") Region: id = 1093 start_va = 0x440000 end_va = 0x474fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajb.ttf" filename = "\\Windows\\Fonts\\aparajb.ttf" (normalized: "c:\\windows\\fonts\\aparajb.ttf") Region: id = 1094 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajbi.ttf" filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf") Region: id = 1095 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparajbi.ttf" filename = "\\Windows\\Fonts\\aparajbi.ttf" (normalized: "c:\\windows\\fonts\\aparajbi.ttf") Region: id = 1096 start_va = 0x440000 end_va = 0x47afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaji.ttf" filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf") Region: id = 1097 start_va = 0x440000 end_va = 0x47afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "aparaji.ttf" filename = "\\Windows\\Fonts\\aparaji.ttf" (normalized: "c:\\windows\\fonts\\aparaji.ttf") Region: id = 1098 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordia.ttf" filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf") Region: id = 1099 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordia.ttf" filename = "\\Windows\\Fonts\\cordia.ttf" (normalized: "c:\\windows\\fonts\\cordia.ttf") Region: id = 1100 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiai.ttf" filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf") Region: id = 1101 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiai.ttf" filename = "\\Windows\\Fonts\\cordiai.ttf" (normalized: "c:\\windows\\fonts\\cordiai.ttf") Region: id = 1102 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiab.ttf" filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf") Region: id = 1103 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiab.ttf" filename = "\\Windows\\Fonts\\cordiab.ttf" (normalized: "c:\\windows\\fonts\\cordiab.ttf") Region: id = 1104 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaz.ttf" filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf") Region: id = 1105 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaz.ttf" filename = "\\Windows\\Fonts\\cordiaz.ttf" (normalized: "c:\\windows\\fonts\\cordiaz.ttf") Region: id = 1106 start_va = 0x440000 end_va = 0x48afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 1107 start_va = 0x440000 end_va = 0x48afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrima.ttf" filename = "\\Windows\\Fonts\\ebrima.ttf" (normalized: "c:\\windows\\fonts\\ebrima.ttf") Region: id = 1108 start_va = 0x440000 end_va = 0x488fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 1109 start_va = 0x440000 end_va = 0x488fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ebrimabd.ttf" filename = "\\Windows\\Fonts\\ebrimabd.ttf" (normalized: "c:\\windows\\fonts\\ebrimabd.ttf") Region: id = 1110 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gisha.ttf" filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf") Region: id = 1111 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gisha.ttf" filename = "\\Windows\\Fonts\\gisha.ttf" (normalized: "c:\\windows\\fonts\\gisha.ttf") Region: id = 1112 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gishabd.ttf" filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf") Region: id = 1113 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gishabd.ttf" filename = "\\Windows\\Fonts\\gishabd.ttf" (normalized: "c:\\windows\\fonts\\gishabd.ttf") Region: id = 1114 start_va = 0x440000 end_va = 0x471fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokila.ttf" filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf") Region: id = 1115 start_va = 0x440000 end_va = 0x471fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokila.ttf" filename = "\\Windows\\Fonts\\kokila.ttf" (normalized: "c:\\windows\\fonts\\kokila.ttf") Region: id = 1116 start_va = 0x440000 end_va = 0x471fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilab.ttf" filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf") Region: id = 1117 start_va = 0x440000 end_va = 0x471fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilab.ttf" filename = "\\Windows\\Fonts\\kokilab.ttf" (normalized: "c:\\windows\\fonts\\kokilab.ttf") Region: id = 1118 start_va = 0x440000 end_va = 0x479fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilabi.ttf" filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf") Region: id = 1119 start_va = 0x440000 end_va = 0x479fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilabi.ttf" filename = "\\Windows\\Fonts\\kokilabi.ttf" (normalized: "c:\\windows\\fonts\\kokilabi.ttf") Region: id = 1120 start_va = 0x440000 end_va = 0x47bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilai.ttf" filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf") Region: id = 1121 start_va = 0x440000 end_va = 0x47bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kokilai.ttf" filename = "\\Windows\\Fonts\\kokilai.ttf" (normalized: "c:\\windows\\fonts\\kokilai.ttf") Region: id = 1122 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawad.ttf" filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf") Region: id = 1123 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawad.ttf" filename = "\\Windows\\Fonts\\leelawad.ttf" (normalized: "c:\\windows\\fonts\\leelawad.ttf") Region: id = 1124 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawdb.ttf" filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf") Region: id = 1125 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "leelawdb.ttf" filename = "\\Windows\\Fonts\\leelawdb.ttf" (normalized: "c:\\windows\\fonts\\leelawdb.ttf") Region: id = 1126 start_va = 0x440000 end_va = 0x476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighur.ttf" filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf") Region: id = 1127 start_va = 0x440000 end_va = 0x476fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighur.ttf" filename = "\\Windows\\Fonts\\msuighur.ttf" (normalized: "c:\\windows\\fonts\\msuighur.ttf") Region: id = 1128 start_va = 0x440000 end_va = 0x493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "moolbor.ttf" filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf") Region: id = 1129 start_va = 0x440000 end_va = 0x493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "moolbor.ttf" filename = "\\Windows\\Fonts\\moolbor.ttf" (normalized: "c:\\windows\\fonts\\moolbor.ttf") Region: id = 1130 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 1131 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "symbol.ttf" filename = "\\Windows\\Fonts\\symbol.ttf" (normalized: "c:\\windows\\fonts\\symbol.ttf") Region: id = 1132 start_va = 0x440000 end_va = 0x474fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaah.ttf" filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf") Region: id = 1133 start_va = 0x440000 end_va = 0x474fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaah.ttf" filename = "\\Windows\\Fonts\\utsaah.ttf" (normalized: "c:\\windows\\fonts\\utsaah.ttf") Region: id = 1134 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahb.ttf" filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf") Region: id = 1135 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahb.ttf" filename = "\\Windows\\Fonts\\utsaahb.ttf" (normalized: "c:\\windows\\fonts\\utsaahb.ttf") Region: id = 1136 start_va = 0x440000 end_va = 0x475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahbi.ttf" filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf") Region: id = 1137 start_va = 0x440000 end_va = 0x475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahbi.ttf" filename = "\\Windows\\Fonts\\utsaahbi.ttf" (normalized: "c:\\windows\\fonts\\utsaahbi.ttf") Region: id = 1138 start_va = 0x440000 end_va = 0x47afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahi.ttf" filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf") Region: id = 1139 start_va = 0x440000 end_va = 0x47afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "utsaahi.ttf" filename = "\\Windows\\Fonts\\utsaahi.ttf" (normalized: "c:\\windows\\fonts\\utsaahi.ttf") Region: id = 1140 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijaya.ttf" filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf") Region: id = 1141 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijaya.ttf" filename = "\\Windows\\Fonts\\vijaya.ttf" (normalized: "c:\\windows\\fonts\\vijaya.ttf") Region: id = 1142 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijayab.ttf" filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf") Region: id = 1143 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vijayab.ttf" filename = "\\Windows\\Fonts\\vijayab.ttf" (normalized: "c:\\windows\\fonts\\vijayab.ttf") Region: id = 1144 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 1145 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingding.ttf" filename = "\\Windows\\Fonts\\wingding.ttf" (normalized: "c:\\windows\\fonts\\wingding.ttf") Region: id = 1146 start_va = 0x440000 end_va = 0x442fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "modern.fon" filename = "\\Windows\\Fonts\\modern.fon" (normalized: "c:\\windows\\fonts\\modern.fon") Region: id = 1147 start_va = 0x440000 end_va = 0x443fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roman.fon" filename = "\\Windows\\Fonts\\roman.fon" (normalized: "c:\\windows\\fonts\\roman.fon") Region: id = 1148 start_va = 0x440000 end_va = 0x442fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "script.fon" filename = "\\Windows\\Fonts\\script.fon" (normalized: "c:\\windows\\fonts\\script.fon") Region: id = 1149 start_va = 0x440000 end_va = 0x466fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "andlso.ttf" filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf") Region: id = 1150 start_va = 0x440000 end_va = 0x466fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "andlso.ttf" filename = "\\Windows\\Fonts\\andlso.ttf" (normalized: "c:\\windows\\fonts\\andlso.ttf") Region: id = 1151 start_va = 0x5610000 end_va = 0x56a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arabtype.ttf" filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf") Region: id = 1152 start_va = 0x5610000 end_va = 0x56a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arabtype.ttf" filename = "\\Windows\\Fonts\\arabtype.ttf" (normalized: "c:\\windows\\fonts\\arabtype.ttf") Region: id = 1153 start_va = 0x440000 end_va = 0x45efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpo.ttf" filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf") Region: id = 1154 start_va = 0x440000 end_va = 0x45efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpo.ttf" filename = "\\Windows\\Fonts\\simpo.ttf" (normalized: "c:\\windows\\fonts\\simpo.ttf") Region: id = 1155 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpbdo.ttf" filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf") Region: id = 1156 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpbdo.ttf" filename = "\\Windows\\Fonts\\simpbdo.ttf" (normalized: "c:\\windows\\fonts\\simpbdo.ttf") Region: id = 1157 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpfxo.ttf" filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf") Region: id = 1158 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simpfxo.ttf" filename = "\\Windows\\Fonts\\simpfxo.ttf" (normalized: "c:\\windows\\fonts\\simpfxo.ttf") Region: id = 1159 start_va = 0x440000 end_va = 0x49afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majalla.ttf" filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf") Region: id = 1160 start_va = 0x440000 end_va = 0x49afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majalla.ttf" filename = "\\Windows\\Fonts\\majalla.ttf" (normalized: "c:\\windows\\fonts\\majalla.ttf") Region: id = 1161 start_va = 0x440000 end_va = 0x49bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majallab.ttf" filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf") Region: id = 1162 start_va = 0x440000 end_va = 0x49bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "majallab.ttf" filename = "\\Windows\\Fonts\\majallab.ttf" (normalized: "c:\\windows\\fonts\\majallab.ttf") Region: id = 1163 start_va = 0x440000 end_va = 0x46bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trado.ttf" filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf") Region: id = 1164 start_va = 0x440000 end_va = 0x46bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trado.ttf" filename = "\\Windows\\Fonts\\trado.ttf" (normalized: "c:\\windows\\fonts\\trado.ttf") Region: id = 1165 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tradbdo.ttf" filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf") Region: id = 1166 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tradbdo.ttf" filename = "\\Windows\\Fonts\\tradbdo.ttf" (normalized: "c:\\windows\\fonts\\tradbdo.ttf") Region: id = 1167 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ahronbd.ttf" filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf") Region: id = 1168 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ahronbd.ttf" filename = "\\Windows\\Fonts\\ahronbd.ttf" (normalized: "c:\\windows\\fonts\\ahronbd.ttf") Region: id = 1169 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "david.ttf" filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf") Region: id = 1170 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "david.ttf" filename = "\\Windows\\Fonts\\david.ttf" (normalized: "c:\\windows\\fonts\\david.ttf") Region: id = 1171 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "davidbd.ttf" filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf") Region: id = 1172 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "davidbd.ttf" filename = "\\Windows\\Fonts\\davidbd.ttf" (normalized: "c:\\windows\\fonts\\davidbd.ttf") Region: id = 1173 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frank.ttf" filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf") Region: id = 1174 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frank.ttf" filename = "\\Windows\\Fonts\\frank.ttf" (normalized: "c:\\windows\\fonts\\frank.ttf") Region: id = 1175 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnm.ttf" filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf") Region: id = 1176 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnm.ttf" filename = "\\Windows\\Fonts\\lvnm.ttf" (normalized: "c:\\windows\\fonts\\lvnm.ttf") Region: id = 1177 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnmbd.ttf" filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf") Region: id = 1178 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lvnmbd.ttf" filename = "\\Windows\\Fonts\\lvnmbd.ttf" (normalized: "c:\\windows\\fonts\\lvnmbd.ttf") Region: id = 1179 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriam.ttf" filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf") Region: id = 1180 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriam.ttf" filename = "\\Windows\\Fonts\\mriam.ttf" (normalized: "c:\\windows\\fonts\\mriam.ttf") Region: id = 1181 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriamc.ttf" filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf") Region: id = 1182 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mriamc.ttf" filename = "\\Windows\\Fonts\\mriamc.ttf" (normalized: "c:\\windows\\fonts\\mriamc.ttf") Region: id = 1183 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nrkis.ttf" filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf") Region: id = 1184 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nrkis.ttf" filename = "\\Windows\\Fonts\\nrkis.ttf" (normalized: "c:\\windows\\fonts\\nrkis.ttf") Region: id = 1185 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rod.ttf" filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf") Region: id = 1186 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rod.ttf" filename = "\\Windows\\Fonts\\rod.ttf" (normalized: "c:\\windows\\fonts\\rod.ttf") Region: id = 1187 start_va = 0x6f80000 end_va = 0x7996fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simfang.ttf" filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf") Region: id = 1188 start_va = 0x6f80000 end_va = 0x7996fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simfang.ttf" filename = "\\Windows\\Fonts\\simfang.ttf" (normalized: "c:\\windows\\fonts\\simfang.ttf") Region: id = 1189 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simhei.ttf" filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf") Region: id = 1190 start_va = 0x6f80000 end_va = 0x78ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simhei.ttf" filename = "\\Windows\\Fonts\\simhei.ttf" (normalized: "c:\\windows\\fonts\\simhei.ttf") Region: id = 1191 start_va = 0xa660000 end_va = 0xb62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a660000" filename = "" Region: id = 1192 start_va = 0x6f80000 end_va = 0x7abdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simkai.ttf" filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf") Region: id = 1193 start_va = 0x6f80000 end_va = 0x7abdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "simkai.ttf" filename = "\\Windows\\Fonts\\simkai.ttf" (normalized: "c:\\windows\\fonts\\simkai.ttf") Region: id = 1194 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsau.ttf" filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf") Region: id = 1195 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsau.ttf" filename = "\\Windows\\Fonts\\angsau.ttf" (normalized: "c:\\windows\\fonts\\angsau.ttf") Region: id = 1196 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaui.ttf" filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf") Region: id = 1197 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaui.ttf" filename = "\\Windows\\Fonts\\angsaui.ttf" (normalized: "c:\\windows\\fonts\\angsaui.ttf") Region: id = 1198 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaub.ttf" filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf") Region: id = 1199 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsaub.ttf" filename = "\\Windows\\Fonts\\angsaub.ttf" (normalized: "c:\\windows\\fonts\\angsaub.ttf") Region: id = 1200 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsauz.ttf" filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf") Region: id = 1201 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "angsauz.ttf" filename = "\\Windows\\Fonts\\angsauz.ttf" (normalized: "c:\\windows\\fonts\\angsauz.ttf") Region: id = 1202 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browa.ttf" filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf") Region: id = 1203 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browa.ttf" filename = "\\Windows\\Fonts\\browa.ttf" (normalized: "c:\\windows\\fonts\\browa.ttf") Region: id = 1204 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browai.ttf" filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf") Region: id = 1205 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browai.ttf" filename = "\\Windows\\Fonts\\browai.ttf" (normalized: "c:\\windows\\fonts\\browai.ttf") Region: id = 1206 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browab.ttf" filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf") Region: id = 1207 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browab.ttf" filename = "\\Windows\\Fonts\\browab.ttf" (normalized: "c:\\windows\\fonts\\browab.ttf") Region: id = 1208 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaz.ttf" filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf") Region: id = 1209 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaz.ttf" filename = "\\Windows\\Fonts\\browaz.ttf" (normalized: "c:\\windows\\fonts\\browaz.ttf") Region: id = 1210 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browau.ttf" filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf") Region: id = 1211 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browau.ttf" filename = "\\Windows\\Fonts\\browau.ttf" (normalized: "c:\\windows\\fonts\\browau.ttf") Region: id = 1212 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaui.ttf" filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf") Region: id = 1213 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaui.ttf" filename = "\\Windows\\Fonts\\browaui.ttf" (normalized: "c:\\windows\\fonts\\browaui.ttf") Region: id = 1214 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaub.ttf" filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf") Region: id = 1215 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browaub.ttf" filename = "\\Windows\\Fonts\\browaub.ttf" (normalized: "c:\\windows\\fonts\\browaub.ttf") Region: id = 1216 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browauz.ttf" filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf") Region: id = 1217 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "browauz.ttf" filename = "\\Windows\\Fonts\\browauz.ttf" (normalized: "c:\\windows\\fonts\\browauz.ttf") Region: id = 1218 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiau.ttf" filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf") Region: id = 1219 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiau.ttf" filename = "\\Windows\\Fonts\\cordiau.ttf" (normalized: "c:\\windows\\fonts\\cordiau.ttf") Region: id = 1220 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaub.ttf" filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf") Region: id = 1221 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaub.ttf" filename = "\\Windows\\Fonts\\cordiaub.ttf" (normalized: "c:\\windows\\fonts\\cordiaub.ttf") Region: id = 1222 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiauz.ttf" filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf") Region: id = 1223 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiauz.ttf" filename = "\\Windows\\Fonts\\cordiauz.ttf" (normalized: "c:\\windows\\fonts\\cordiauz.ttf") Region: id = 1224 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaui.ttf" filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf") Region: id = 1225 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cordiaui.ttf" filename = "\\Windows\\Fonts\\cordiaui.ttf" (normalized: "c:\\windows\\fonts\\cordiaui.ttf") Region: id = 1226 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdl.ttf" filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf") Region: id = 1227 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdl.ttf" filename = "\\Windows\\Fonts\\upcdl.ttf" (normalized: "c:\\windows\\fonts\\upcdl.ttf") Region: id = 1228 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdi.ttf" filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf") Region: id = 1229 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdi.ttf" filename = "\\Windows\\Fonts\\upcdi.ttf" (normalized: "c:\\windows\\fonts\\upcdi.ttf") Region: id = 1230 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdb.ttf" filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf") Region: id = 1231 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdb.ttf" filename = "\\Windows\\Fonts\\upcdb.ttf" (normalized: "c:\\windows\\fonts\\upcdb.ttf") Region: id = 1232 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdbi.ttf" filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf") Region: id = 1233 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcdbi.ttf" filename = "\\Windows\\Fonts\\upcdbi.ttf" (normalized: "c:\\windows\\fonts\\upcdbi.ttf") Region: id = 1234 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcel.ttf" filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf") Region: id = 1235 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcel.ttf" filename = "\\Windows\\Fonts\\upcel.ttf" (normalized: "c:\\windows\\fonts\\upcel.ttf") Region: id = 1236 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcei.ttf" filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf") Region: id = 1237 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcei.ttf" filename = "\\Windows\\Fonts\\upcei.ttf" (normalized: "c:\\windows\\fonts\\upcei.ttf") Region: id = 1238 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upceb.ttf" filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf") Region: id = 1239 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upceb.ttf" filename = "\\Windows\\Fonts\\upceb.ttf" (normalized: "c:\\windows\\fonts\\upceb.ttf") Region: id = 1240 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcebi.ttf" filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf") Region: id = 1241 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcebi.ttf" filename = "\\Windows\\Fonts\\upcebi.ttf" (normalized: "c:\\windows\\fonts\\upcebi.ttf") Region: id = 1242 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfl.ttf" filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf") Region: id = 1243 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfl.ttf" filename = "\\Windows\\Fonts\\upcfl.ttf" (normalized: "c:\\windows\\fonts\\upcfl.ttf") Region: id = 1244 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfi.ttf" filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf") Region: id = 1245 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfi.ttf" filename = "\\Windows\\Fonts\\upcfi.ttf" (normalized: "c:\\windows\\fonts\\upcfi.ttf") Region: id = 1246 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfb.ttf" filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf") Region: id = 1247 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfb.ttf" filename = "\\Windows\\Fonts\\upcfb.ttf" (normalized: "c:\\windows\\fonts\\upcfb.ttf") Region: id = 1248 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfbi.ttf" filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf") Region: id = 1249 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcfbi.ttf" filename = "\\Windows\\Fonts\\upcfbi.ttf" (normalized: "c:\\windows\\fonts\\upcfbi.ttf") Region: id = 1250 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcil.ttf" filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf") Region: id = 1251 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcil.ttf" filename = "\\Windows\\Fonts\\upcil.ttf" (normalized: "c:\\windows\\fonts\\upcil.ttf") Region: id = 1252 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcii.ttf" filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf") Region: id = 1253 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcii.ttf" filename = "\\Windows\\Fonts\\upcii.ttf" (normalized: "c:\\windows\\fonts\\upcii.ttf") Region: id = 1254 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcib.ttf" filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf") Region: id = 1255 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcib.ttf" filename = "\\Windows\\Fonts\\upcib.ttf" (normalized: "c:\\windows\\fonts\\upcib.ttf") Region: id = 1256 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcibi.ttf" filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf") Region: id = 1257 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcibi.ttf" filename = "\\Windows\\Fonts\\upcibi.ttf" (normalized: "c:\\windows\\fonts\\upcibi.ttf") Region: id = 1258 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjl.ttf" filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf") Region: id = 1259 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjl.ttf" filename = "\\Windows\\Fonts\\upcjl.ttf" (normalized: "c:\\windows\\fonts\\upcjl.ttf") Region: id = 1260 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcji.ttf" filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf") Region: id = 1261 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcji.ttf" filename = "\\Windows\\Fonts\\upcji.ttf" (normalized: "c:\\windows\\fonts\\upcji.ttf") Region: id = 1262 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjb.ttf" filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf") Region: id = 1263 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjb.ttf" filename = "\\Windows\\Fonts\\upcjb.ttf" (normalized: "c:\\windows\\fonts\\upcjb.ttf") Region: id = 1264 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjbi.ttf" filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf") Region: id = 1265 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcjbi.ttf" filename = "\\Windows\\Fonts\\upcjbi.ttf" (normalized: "c:\\windows\\fonts\\upcjbi.ttf") Region: id = 1266 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckl.ttf" filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf") Region: id = 1267 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckl.ttf" filename = "\\Windows\\Fonts\\upckl.ttf" (normalized: "c:\\windows\\fonts\\upckl.ttf") Region: id = 1268 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcki.ttf" filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf") Region: id = 1269 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcki.ttf" filename = "\\Windows\\Fonts\\upcki.ttf" (normalized: "c:\\windows\\fonts\\upcki.ttf") Region: id = 1270 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckb.ttf" filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf") Region: id = 1271 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckb.ttf" filename = "\\Windows\\Fonts\\upckb.ttf" (normalized: "c:\\windows\\fonts\\upckb.ttf") Region: id = 1272 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckbi.ttf" filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf") Region: id = 1273 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upckbi.ttf" filename = "\\Windows\\Fonts\\upckbi.ttf" (normalized: "c:\\windows\\fonts\\upckbi.ttf") Region: id = 1274 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcll.ttf" filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf") Region: id = 1275 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcll.ttf" filename = "\\Windows\\Fonts\\upcll.ttf" (normalized: "c:\\windows\\fonts\\upcll.ttf") Region: id = 1276 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcli.ttf" filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf") Region: id = 1277 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upcli.ttf" filename = "\\Windows\\Fonts\\upcli.ttf" (normalized: "c:\\windows\\fonts\\upcli.ttf") Region: id = 1278 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclb.ttf" filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf") Region: id = 1279 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclb.ttf" filename = "\\Windows\\Fonts\\upclb.ttf" (normalized: "c:\\windows\\fonts\\upclb.ttf") Region: id = 1280 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclbi.ttf" filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf") Region: id = 1281 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "upclbi.ttf" filename = "\\Windows\\Fonts\\upclbi.ttf" (normalized: "c:\\windows\\fonts\\upclbi.ttf") Region: id = 1282 start_va = 0x66d0000 end_va = 0x6bc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kaiu.ttf" filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf") Region: id = 1283 start_va = 0x66d0000 end_va = 0x6bc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kaiu.ttf" filename = "\\Windows\\Fonts\\kaiu.ttf" (normalized: "c:\\windows\\fonts\\kaiu.ttf") Region: id = 1284 start_va = 0x440000 end_va = 0x48ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 1285 start_va = 0x440000 end_va = 0x48ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "l_10646.ttf" filename = "\\Windows\\Fonts\\l_10646.ttf" (normalized: "c:\\windows\\fonts\\l_10646.ttf") Region: id = 1286 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 1287 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ariblk.ttf" filename = "\\Windows\\Fonts\\ariblk.ttf" (normalized: "c:\\windows\\fonts\\ariblk.ttf") Region: id = 1288 start_va = 0x5c50000 end_va = 0x5d16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1289 start_va = 0x5c50000 end_va = 0x5d16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibri.ttf" filename = "\\Windows\\Fonts\\calibri.ttf" (normalized: "c:\\windows\\fonts\\calibri.ttf") Region: id = 1290 start_va = 0x5c50000 end_va = 0x5d20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 1291 start_va = 0x5c50000 end_va = 0x5d20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrii.ttf" filename = "\\Windows\\Fonts\\calibrii.ttf" (normalized: "c:\\windows\\fonts\\calibrii.ttf") Region: id = 1292 start_va = 0x5c50000 end_va = 0x5d1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 1293 start_va = 0x5c50000 end_va = 0x5d1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrib.ttf" filename = "\\Windows\\Fonts\\calibrib.ttf" (normalized: "c:\\windows\\fonts\\calibrib.ttf") Region: id = 1294 start_va = 0x5c50000 end_va = 0x5d2bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 1295 start_va = 0x5c50000 end_va = 0x5d2bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibriz.ttf" filename = "\\Windows\\Fonts\\calibriz.ttf" (normalized: "c:\\windows\\fonts\\calibriz.ttf") Region: id = 1296 start_va = 0x66d0000 end_va = 0x685cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1297 start_va = 0x66d0000 end_va = 0x685cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1298 start_va = 0x66d0000 end_va = 0x685cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambria.ttc" filename = "\\Windows\\Fonts\\cambria.ttc" (normalized: "c:\\windows\\fonts\\cambria.ttc") Region: id = 1299 start_va = 0x5c50000 end_va = 0x5d19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 1300 start_va = 0x5c50000 end_va = 0x5d19fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriai.ttf" filename = "\\Windows\\Fonts\\cambriai.ttf" (normalized: "c:\\windows\\fonts\\cambriai.ttf") Region: id = 1301 start_va = 0x5c50000 end_va = 0x5d11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 1302 start_va = 0x5c50000 end_va = 0x5d11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriab.ttf" filename = "\\Windows\\Fonts\\cambriab.ttf" (normalized: "c:\\windows\\fonts\\cambriab.ttf") Region: id = 1303 start_va = 0x5c50000 end_va = 0x5d14fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 1304 start_va = 0x5c50000 end_va = 0x5d14fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cambriaz.ttf" filename = "\\Windows\\Fonts\\cambriaz.ttf" (normalized: "c:\\windows\\fonts\\cambriaz.ttf") Region: id = 1305 start_va = 0x440000 end_va = 0x475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 1306 start_va = 0x440000 end_va = 0x475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candara.ttf" filename = "\\Windows\\Fonts\\Candara.ttf" (normalized: "c:\\windows\\fonts\\candara.ttf") Region: id = 1307 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 1308 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarai.ttf" filename = "\\Windows\\Fonts\\Candarai.ttf" (normalized: "c:\\windows\\fonts\\candarai.ttf") Region: id = 1309 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 1310 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candarab.ttf" filename = "\\Windows\\Fonts\\Candarab.ttf" (normalized: "c:\\windows\\fonts\\candarab.ttf") Region: id = 1311 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaraz.ttf" filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf") Region: id = 1312 start_va = 0x440000 end_va = 0x477fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "candaraz.ttf" filename = "\\Windows\\Fonts\\Candaraz.ttf" (normalized: "c:\\windows\\fonts\\candaraz.ttf") Region: id = 1313 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 1314 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comic.ttf" filename = "\\Windows\\Fonts\\comic.ttf" (normalized: "c:\\windows\\fonts\\comic.ttf") Region: id = 1315 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 1316 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comicbd.ttf" filename = "\\Windows\\Fonts\\comicbd.ttf" (normalized: "c:\\windows\\fonts\\comicbd.ttf") Region: id = 1317 start_va = 0x440000 end_va = 0x497fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 1318 start_va = 0x440000 end_va = 0x497fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consola.ttf" filename = "\\Windows\\Fonts\\consola.ttf" (normalized: "c:\\windows\\fonts\\consola.ttf") Region: id = 1319 start_va = 0x440000 end_va = 0x499fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 1320 start_va = 0x440000 end_va = 0x499fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolai.ttf" filename = "\\Windows\\Fonts\\consolai.ttf" (normalized: "c:\\windows\\fonts\\consolai.ttf") Region: id = 1321 start_va = 0x440000 end_va = 0x499fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 1322 start_va = 0x440000 end_va = 0x499fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolab.ttf" filename = "\\Windows\\Fonts\\consolab.ttf" (normalized: "c:\\windows\\fonts\\consolab.ttf") Region: id = 1323 start_va = 0x440000 end_va = 0x49bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 1324 start_va = 0x440000 end_va = 0x49bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "consolaz.ttf" filename = "\\Windows\\Fonts\\consolaz.ttf" (normalized: "c:\\windows\\fonts\\consolaz.ttf") Region: id = 1325 start_va = 0x440000 end_va = 0x4adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 1326 start_va = 0x440000 end_va = 0x4adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constan.ttf" filename = "\\Windows\\Fonts\\constan.ttf" (normalized: "c:\\windows\\fonts\\constan.ttf") Region: id = 1327 start_va = 0x440000 end_va = 0x4adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constani.ttf" filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf") Region: id = 1328 start_va = 0x440000 end_va = 0x4adfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constani.ttf" filename = "\\Windows\\Fonts\\constani.ttf" (normalized: "c:\\windows\\fonts\\constani.ttf") Region: id = 1329 start_va = 0x440000 end_va = 0x4aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 1330 start_va = 0x440000 end_va = 0x4aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanb.ttf" filename = "\\Windows\\Fonts\\constanb.ttf" (normalized: "c:\\windows\\fonts\\constanb.ttf") Region: id = 1331 start_va = 0x440000 end_va = 0x4aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 1332 start_va = 0x440000 end_va = 0x4aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "constanz.ttf" filename = "\\Windows\\Fonts\\constanz.ttf" (normalized: "c:\\windows\\fonts\\constanz.ttf") Region: id = 1333 start_va = 0x440000 end_va = 0x47ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 1334 start_va = 0x440000 end_va = 0x47ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbel.ttf" filename = "\\Windows\\Fonts\\corbel.ttf" (normalized: "c:\\windows\\fonts\\corbel.ttf") Region: id = 1335 start_va = 0x440000 end_va = 0x481fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 1336 start_va = 0x440000 end_va = 0x481fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbeli.ttf" filename = "\\Windows\\Fonts\\corbeli.ttf" (normalized: "c:\\windows\\fonts\\corbeli.ttf") Region: id = 1337 start_va = 0x440000 end_va = 0x482fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 1338 start_va = 0x440000 end_va = 0x482fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelb.ttf" filename = "\\Windows\\Fonts\\corbelb.ttf" (normalized: "c:\\windows\\fonts\\corbelb.ttf") Region: id = 1339 start_va = 0x440000 end_va = 0x484fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelz.ttf" filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf") Region: id = 1340 start_va = 0x440000 end_va = 0x484fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "corbelz.ttf" filename = "\\Windows\\Fonts\\corbelz.ttf" (normalized: "c:\\windows\\fonts\\corbelz.ttf") Region: id = 1341 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 1342 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framd.ttf" filename = "\\Windows\\Fonts\\framd.ttf" (normalized: "c:\\windows\\fonts\\framd.ttf") Region: id = 1343 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 1344 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdit.ttf" filename = "\\Windows\\Fonts\\framdit.ttf" (normalized: "c:\\windows\\fonts\\framdit.ttf") Region: id = 1345 start_va = 0x66d0000 end_va = 0x6888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 1346 start_va = 0x66d0000 end_va = 0x6888fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gabriola.ttf" filename = "\\Windows\\Fonts\\Gabriola.ttf" (normalized: "c:\\windows\\fonts\\gabriola.ttf") Region: id = 1347 start_va = 0x5c50000 end_va = 0x5d2afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c50000" filename = "" Region: id = 1348 start_va = 0x440000 end_va = 0x466fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 1349 start_va = 0x440000 end_va = 0x466fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgia.ttf" filename = "\\Windows\\Fonts\\georgia.ttf" (normalized: "c:\\windows\\fonts\\georgia.ttf") Region: id = 1350 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 1351 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiai.ttf" filename = "\\Windows\\Fonts\\georgiai.ttf" (normalized: "c:\\windows\\fonts\\georgiai.ttf") Region: id = 1352 start_va = 0x440000 end_va = 0x463fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiab.ttf" filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf") Region: id = 1353 start_va = 0x440000 end_va = 0x463fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiab.ttf" filename = "\\Windows\\Fonts\\georgiab.ttf" (normalized: "c:\\windows\\fonts\\georgiab.ttf") Region: id = 1354 start_va = 0x440000 end_va = 0x468fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 1355 start_va = 0x440000 end_va = 0x468fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "georgiaz.ttf" filename = "\\Windows\\Fonts\\georgiaz.ttf" (normalized: "c:\\windows\\fonts\\georgiaz.ttf") Region: id = 1356 start_va = 0x440000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 1357 start_va = 0x440000 end_va = 0x4b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pala.ttf" filename = "\\Windows\\Fonts\\pala.ttf" (normalized: "c:\\windows\\fonts\\pala.ttf") Region: id = 1358 start_va = 0x440000 end_va = 0x4a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 1359 start_va = 0x440000 end_va = 0x4a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palai.ttf" filename = "\\Windows\\Fonts\\palai.ttf" (normalized: "c:\\windows\\fonts\\palai.ttf") Region: id = 1360 start_va = 0x440000 end_va = 0x4a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 1361 start_va = 0x440000 end_va = 0x4a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palab.ttf" filename = "\\Windows\\Fonts\\palab.ttf" (normalized: "c:\\windows\\fonts\\palab.ttf") Region: id = 1362 start_va = 0x440000 end_va = 0x492fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 1363 start_va = 0x440000 end_va = 0x492fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palabi.ttf" filename = "\\Windows\\Fonts\\palabi.ttf" (normalized: "c:\\windows\\fonts\\palabi.ttf") Region: id = 1364 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 1365 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoepr.ttf" filename = "\\Windows\\Fonts\\segoepr.ttf" (normalized: "c:\\windows\\fonts\\segoepr.ttf") Region: id = 1366 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 1367 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeprb.ttf" filename = "\\Windows\\Fonts\\segoeprb.ttf" (normalized: "c:\\windows\\fonts\\segoeprb.ttf") Region: id = 1368 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 1369 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebuc.ttf" filename = "\\Windows\\Fonts\\trebuc.ttf" (normalized: "c:\\windows\\fonts\\trebuc.ttf") Region: id = 1370 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 1371 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucit.ttf" filename = "\\Windows\\Fonts\\trebucit.ttf" (normalized: "c:\\windows\\fonts\\trebucit.ttf") Region: id = 1372 start_va = 0x440000 end_va = 0x45efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 1373 start_va = 0x440000 end_va = 0x45efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbd.ttf" filename = "\\Windows\\Fonts\\trebucbd.ttf" (normalized: "c:\\windows\\fonts\\trebucbd.ttf") Region: id = 1374 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 1375 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "trebucbi.ttf" filename = "\\Windows\\Fonts\\trebucbi.ttf" (normalized: "c:\\windows\\fonts\\trebucbi.ttf") Region: id = 1376 start_va = 0x440000 end_va = 0x46dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 1377 start_va = 0x440000 end_va = 0x46dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdana.ttf" filename = "\\Windows\\Fonts\\verdana.ttf" (normalized: "c:\\windows\\fonts\\verdana.ttf") Region: id = 1378 start_va = 0x440000 end_va = 0x46bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 1379 start_va = 0x440000 end_va = 0x46bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanai.ttf" filename = "\\Windows\\Fonts\\verdanai.ttf" (normalized: "c:\\windows\\fonts\\verdanai.ttf") Region: id = 1380 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 1381 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanab.ttf" filename = "\\Windows\\Fonts\\verdanab.ttf" (normalized: "c:\\windows\\fonts\\verdanab.ttf") Region: id = 1382 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 1383 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "verdanaz.ttf" filename = "\\Windows\\Fonts\\verdanaz.ttf" (normalized: "c:\\windows\\fonts\\verdanaz.ttf") Region: id = 1384 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 1385 start_va = 0x440000 end_va = 0x45dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "webdings.ttf" filename = "\\Windows\\Fonts\\webdings.ttf" (normalized: "c:\\windows\\fonts\\webdings.ttf") Region: id = 1386 start_va = 0x440000 end_va = 0x445fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coure.fon" filename = "\\Windows\\Fonts\\coure.fon" (normalized: "c:\\windows\\fonts\\coure.fon") Region: id = 1387 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "serife.fon" filename = "\\Windows\\Fonts\\serife.fon" (normalized: "c:\\windows\\fonts\\serife.fon") Region: id = 1388 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sserife.fon" filename = "\\Windows\\Fonts\\sserife.fon" (normalized: "c:\\windows\\fonts\\sserife.fon") Region: id = 1389 start_va = 0x440000 end_va = 0x446fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "smalle.fon" filename = "\\Windows\\Fonts\\smalle.fon" (normalized: "c:\\windows\\fonts\\smalle.fon") Region: id = 1390 start_va = 0x440000 end_va = 0x445fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "smallf.fon" filename = "\\Windows\\Fonts\\smallf.fon" (normalized: "c:\\windows\\fonts\\smallf.fon") Region: id = 1391 start_va = 0x66d0000 end_va = 0x6818fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 1392 start_va = 0x66d0000 end_va = 0x6818fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmala.ttf" filename = "\\Windows\\Fonts\\NIRMALA.TTF" (normalized: "c:\\windows\\fonts\\nirmala.ttf") Region: id = 1393 start_va = 0x66d0000 end_va = 0x680cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 1394 start_va = 0x66d0000 end_va = 0x680cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "nirmalab.ttf" filename = "\\Windows\\Fonts\\NIRMALAB.TTF" (normalized: "c:\\windows\\fonts\\nirmalab.ttf") Region: id = 1395 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyb.ttf" filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf") Region: id = 1396 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyb.ttf" filename = "\\Windows\\Fonts\\AGENCYB.TTF" (normalized: "c:\\windows\\fonts\\agencyb.ttf") Region: id = 1397 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyr.ttf" filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf") Region: id = 1398 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "agencyr.ttf" filename = "\\Windows\\Fonts\\AGENCYR.TTF" (normalized: "c:\\windows\\fonts\\agencyr.ttf") Region: id = 1399 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alger.ttf" filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf") Region: id = 1400 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alger.ttf" filename = "\\Windows\\Fonts\\ALGER.TTF" (normalized: "c:\\windows\\fonts\\alger.ttf") Region: id = 1401 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquab.ttf" filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf") Region: id = 1402 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquab.ttf" filename = "\\Windows\\Fonts\\ANTQUAB.TTF" (normalized: "c:\\windows\\fonts\\antquab.ttf") Region: id = 1403 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquabi.ttf" filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf") Region: id = 1404 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquabi.ttf" filename = "\\Windows\\Fonts\\ANTQUABI.TTF" (normalized: "c:\\windows\\fonts\\antquabi.ttf") Region: id = 1405 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquai.ttf" filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf") Region: id = 1406 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "antquai.ttf" filename = "\\Windows\\Fonts\\ANTQUAI.TTF" (normalized: "c:\\windows\\fonts\\antquai.ttf") Region: id = 1407 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialn.ttf" filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf") Region: id = 1408 start_va = 0x440000 end_va = 0x46afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialn.ttf" filename = "\\Windows\\Fonts\\ARIALN.TTF" (normalized: "c:\\windows\\fonts\\arialn.ttf") Region: id = 1409 start_va = 0x440000 end_va = 0x46cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnb.ttf" filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf") Region: id = 1410 start_va = 0x440000 end_va = 0x46cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnb.ttf" filename = "\\Windows\\Fonts\\ARIALNB.TTF" (normalized: "c:\\windows\\fonts\\arialnb.ttf") Region: id = 1411 start_va = 0x440000 end_va = 0x46bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnbi.ttf" filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf") Region: id = 1412 start_va = 0x440000 end_va = 0x46bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialnbi.ttf" filename = "\\Windows\\Fonts\\ARIALNBI.TTF" (normalized: "c:\\windows\\fonts\\arialnbi.ttf") Region: id = 1413 start_va = 0x440000 end_va = 0x46cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialni.ttf" filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf") Region: id = 1414 start_va = 0x440000 end_va = 0x46cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arialni.ttf" filename = "\\Windows\\Fonts\\ARIALNI.TTF" (normalized: "c:\\windows\\fonts\\arialni.ttf") Region: id = 1415 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arlrdbd.ttf" filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf") Region: id = 1416 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "arlrdbd.ttf" filename = "\\Windows\\Fonts\\ARLRDBD.TTF" (normalized: "c:\\windows\\fonts\\arlrdbd.ttf") Region: id = 1417 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "baskvill.ttf" filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf") Region: id = 1418 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "baskvill.ttf" filename = "\\Windows\\Fonts\\BASKVILL.TTF" (normalized: "c:\\windows\\fonts\\baskvill.ttf") Region: id = 1419 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bauhs93.ttf" filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf") Region: id = 1420 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bauhs93.ttf" filename = "\\Windows\\Fonts\\BAUHS93.TTF" (normalized: "c:\\windows\\fonts\\bauhs93.ttf") Region: id = 1421 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bell.ttf" filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf") Region: id = 1422 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bell.ttf" filename = "\\Windows\\Fonts\\BELL.TTF" (normalized: "c:\\windows\\fonts\\bell.ttf") Region: id = 1423 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bellb.ttf" filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf") Region: id = 1424 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bellb.ttf" filename = "\\Windows\\Fonts\\BELLB.TTF" (normalized: "c:\\windows\\fonts\\bellb.ttf") Region: id = 1425 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "belli.ttf" filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf") Region: id = 1426 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "belli.ttf" filename = "\\Windows\\Fonts\\BELLI.TTF" (normalized: "c:\\windows\\fonts\\belli.ttf") Region: id = 1427 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bernhc.ttf" filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf") Region: id = 1428 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bernhc.ttf" filename = "\\Windows\\Fonts\\BERNHC.TTF" (normalized: "c:\\windows\\fonts\\bernhc.ttf") Region: id = 1429 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bkant.ttf" filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf") Region: id = 1430 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bkant.ttf" filename = "\\Windows\\Fonts\\BKANT.TTF" (normalized: "c:\\windows\\fonts\\bkant.ttf") Region: id = 1431 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_b.ttf" filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf") Region: id = 1432 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_b.ttf" filename = "\\Windows\\Fonts\\BOD_B.TTF" (normalized: "c:\\windows\\fonts\\bod_b.ttf") Region: id = 1433 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_bi.ttf" filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf") Region: id = 1434 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_bi.ttf" filename = "\\Windows\\Fonts\\BOD_BI.TTF" (normalized: "c:\\windows\\fonts\\bod_bi.ttf") Region: id = 1435 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blai.ttf" filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf") Region: id = 1436 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blai.ttf" filename = "\\Windows\\Fonts\\BOD_BLAI.TTF" (normalized: "c:\\windows\\fonts\\bod_blai.ttf") Region: id = 1437 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blar.ttf" filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf") Region: id = 1438 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_blar.ttf" filename = "\\Windows\\Fonts\\BOD_BLAR.TTF" (normalized: "c:\\windows\\fonts\\bod_blar.ttf") Region: id = 1439 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cb.ttf" filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf") Region: id = 1440 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cb.ttf" filename = "\\Windows\\Fonts\\BOD_CB.TTF" (normalized: "c:\\windows\\fonts\\bod_cb.ttf") Region: id = 1441 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cbi.ttf" filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf") Region: id = 1442 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cbi.ttf" filename = "\\Windows\\Fonts\\BOD_CBI.TTF" (normalized: "c:\\windows\\fonts\\bod_cbi.ttf") Region: id = 1443 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_ci.ttf" filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf") Region: id = 1444 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_ci.ttf" filename = "\\Windows\\Fonts\\BOD_CI.TTF" (normalized: "c:\\windows\\fonts\\bod_ci.ttf") Region: id = 1445 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cr.ttf" filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf") Region: id = 1446 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_cr.ttf" filename = "\\Windows\\Fonts\\BOD_CR.TTF" (normalized: "c:\\windows\\fonts\\bod_cr.ttf") Region: id = 1447 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_i.ttf" filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf") Region: id = 1448 start_va = 0x440000 end_va = 0x455fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_i.ttf" filename = "\\Windows\\Fonts\\BOD_I.TTF" (normalized: "c:\\windows\\fonts\\bod_i.ttf") Region: id = 1449 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_pstc.ttf" filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf") Region: id = 1450 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_pstc.ttf" filename = "\\Windows\\Fonts\\BOD_PSTC.TTF" (normalized: "c:\\windows\\fonts\\bod_pstc.ttf") Region: id = 1451 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_r.ttf" filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf") Region: id = 1452 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bod_r.ttf" filename = "\\Windows\\Fonts\\BOD_R.TTF" (normalized: "c:\\windows\\fonts\\bod_r.ttf") Region: id = 1453 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookos.ttf" filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf") Region: id = 1454 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookos.ttf" filename = "\\Windows\\Fonts\\BOOKOS.TTF" (normalized: "c:\\windows\\fonts\\bookos.ttf") Region: id = 1455 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosb.ttf" filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf") Region: id = 1456 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosb.ttf" filename = "\\Windows\\Fonts\\BOOKOSB.TTF" (normalized: "c:\\windows\\fonts\\bookosb.ttf") Region: id = 1457 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosbi.ttf" filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf") Region: id = 1458 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosbi.ttf" filename = "\\Windows\\Fonts\\BOOKOSBI.TTF" (normalized: "c:\\windows\\fonts\\bookosbi.ttf") Region: id = 1459 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosi.ttf" filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf") Region: id = 1460 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bookosi.ttf" filename = "\\Windows\\Fonts\\BOOKOSI.TTF" (normalized: "c:\\windows\\fonts\\bookosi.ttf") Region: id = 1461 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bradhitc.ttf" filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf") Region: id = 1462 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bradhitc.ttf" filename = "\\Windows\\Fonts\\BRADHITC.TTF" (normalized: "c:\\windows\\fonts\\bradhitc.ttf") Region: id = 1463 start_va = 0x440000 end_va = 0x449fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "britanic.ttf" filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf") Region: id = 1464 start_va = 0x440000 end_va = 0x449fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "britanic.ttf" filename = "\\Windows\\Fonts\\BRITANIC.TTF" (normalized: "c:\\windows\\fonts\\britanic.ttf") Region: id = 1465 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsb.ttf" filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf") Region: id = 1466 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsb.ttf" filename = "\\Windows\\Fonts\\BRLNSB.TTF" (normalized: "c:\\windows\\fonts\\brlnsb.ttf") Region: id = 1467 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsdb.ttf" filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf") Region: id = 1468 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsdb.ttf" filename = "\\Windows\\Fonts\\BRLNSDB.TTF" (normalized: "c:\\windows\\fonts\\brlnsdb.ttf") Region: id = 1469 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsr.ttf" filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf") Region: id = 1470 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brlnsr.ttf" filename = "\\Windows\\Fonts\\BRLNSR.TTF" (normalized: "c:\\windows\\fonts\\brlnsr.ttf") Region: id = 1471 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "broadw.ttf" filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf") Region: id = 1472 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "broadw.ttf" filename = "\\Windows\\Fonts\\BROADW.TTF" (normalized: "c:\\windows\\fonts\\broadw.ttf") Region: id = 1473 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brushsci.ttf" filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf") Region: id = 1474 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "brushsci.ttf" filename = "\\Windows\\Fonts\\BRUSHSCI.TTF" (normalized: "c:\\windows\\fonts\\brushsci.ttf") Region: id = 1475 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bssym7.ttf" filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf") Region: id = 1476 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "bssym7.ttf" filename = "\\Windows\\Fonts\\BSSYM7.TTF" (normalized: "c:\\windows\\fonts\\bssym7.ttf") Region: id = 1477 start_va = 0x5700000 end_va = 0x57b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1478 start_va = 0x5700000 end_va = 0x57b9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibril.ttf" filename = "\\Windows\\Fonts\\CalibriL.ttf" (normalized: "c:\\windows\\fonts\\calibril.ttf") Region: id = 1479 start_va = 0x66d0000 end_va = 0x67a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 1480 start_va = 0x66d0000 end_va = 0x67a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calibrili.ttf" filename = "\\Windows\\Fonts\\CalibriLI.ttf" (normalized: "c:\\windows\\fonts\\calibrili.ttf") Region: id = 1481 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califb.ttf" filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf") Region: id = 1482 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califb.ttf" filename = "\\Windows\\Fonts\\CALIFB.TTF" (normalized: "c:\\windows\\fonts\\califb.ttf") Region: id = 1483 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califi.ttf" filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf") Region: id = 1484 start_va = 0x440000 end_va = 0x458fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califi.ttf" filename = "\\Windows\\Fonts\\CALIFI.TTF" (normalized: "c:\\windows\\fonts\\califi.ttf") Region: id = 1485 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califr.ttf" filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf") Region: id = 1486 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "califr.ttf" filename = "\\Windows\\Fonts\\CALIFR.TTF" (normalized: "c:\\windows\\fonts\\califr.ttf") Region: id = 1487 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calist.ttf" filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf") Region: id = 1488 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calist.ttf" filename = "\\Windows\\Fonts\\CALIST.TTF" (normalized: "c:\\windows\\fonts\\calist.ttf") Region: id = 1489 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistb.ttf" filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf") Region: id = 1490 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistb.ttf" filename = "\\Windows\\Fonts\\CALISTB.TTF" (normalized: "c:\\windows\\fonts\\calistb.ttf") Region: id = 1491 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistbi.ttf" filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf") Region: id = 1492 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calistbi.ttf" filename = "\\Windows\\Fonts\\CALISTBI.TTF" (normalized: "c:\\windows\\fonts\\calistbi.ttf") Region: id = 1493 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calisti.ttf" filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf") Region: id = 1494 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "calisti.ttf" filename = "\\Windows\\Fonts\\CALISTI.TTF" (normalized: "c:\\windows\\fonts\\calisti.ttf") Region: id = 1495 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "castelar.ttf" filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf") Region: id = 1496 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "castelar.ttf" filename = "\\Windows\\Fonts\\CASTELAR.TTF" (normalized: "c:\\windows\\fonts\\castelar.ttf") Region: id = 1497 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "censcbk.ttf" filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf") Region: id = 1498 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "censcbk.ttf" filename = "\\Windows\\Fonts\\CENSCBK.TTF" (normalized: "c:\\windows\\fonts\\censcbk.ttf") Region: id = 1499 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "centaur.ttf" filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf") Region: id = 1500 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "centaur.ttf" filename = "\\Windows\\Fonts\\CENTAUR.TTF" (normalized: "c:\\windows\\fonts\\centaur.ttf") Region: id = 1501 start_va = 0x440000 end_va = 0x468fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "century.ttf" filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf") Region: id = 1502 start_va = 0x440000 end_va = 0x468fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "century.ttf" filename = "\\Windows\\Fonts\\CENTURY.TTF" (normalized: "c:\\windows\\fonts\\century.ttf") Region: id = 1503 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "chiller.ttf" filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf") Region: id = 1504 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "chiller.ttf" filename = "\\Windows\\Fonts\\CHILLER.TTF" (normalized: "c:\\windows\\fonts\\chiller.ttf") Region: id = 1505 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "colonna.ttf" filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf") Region: id = 1506 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "colonna.ttf" filename = "\\Windows\\Fonts\\COLONNA.TTF" (normalized: "c:\\windows\\fonts\\colonna.ttf") Region: id = 1507 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coopbl.ttf" filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf") Region: id = 1508 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coopbl.ttf" filename = "\\Windows\\Fonts\\COOPBL.TTF" (normalized: "c:\\windows\\fonts\\coopbl.ttf") Region: id = 1509 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtb.ttf" filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf") Region: id = 1510 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtb.ttf" filename = "\\Windows\\Fonts\\COPRGTB.TTF" (normalized: "c:\\windows\\fonts\\coprgtb.ttf") Region: id = 1511 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtl.ttf" filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf") Region: id = 1512 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "coprgtl.ttf" filename = "\\Windows\\Fonts\\COPRGTL.TTF" (normalized: "c:\\windows\\fonts\\coprgtl.ttf") Region: id = 1513 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "curlz___.ttf" filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf") Region: id = 1514 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "curlz___.ttf" filename = "\\Windows\\Fonts\\CURLZ___.TTF" (normalized: "c:\\windows\\fonts\\curlz___.ttf") Region: id = 1515 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnt.ttf" filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf") Region: id = 1516 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnt.ttf" filename = "\\Windows\\Fonts\\ELEPHNT.TTF" (normalized: "c:\\windows\\fonts\\elephnt.ttf") Region: id = 1517 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnti.ttf" filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf") Region: id = 1518 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "elephnti.ttf" filename = "\\Windows\\Fonts\\ELEPHNTI.TTF" (normalized: "c:\\windows\\fonts\\elephnti.ttf") Region: id = 1519 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "engr.ttf" filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf") Region: id = 1520 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "engr.ttf" filename = "\\Windows\\Fonts\\ENGR.TTF" (normalized: "c:\\windows\\fonts\\engr.ttf") Region: id = 1521 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasbd.ttf" filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf") Region: id = 1522 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasbd.ttf" filename = "\\Windows\\Fonts\\ERASBD.TTF" (normalized: "c:\\windows\\fonts\\erasbd.ttf") Region: id = 1523 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasdemi.ttf" filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf") Region: id = 1524 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasdemi.ttf" filename = "\\Windows\\Fonts\\ERASDEMI.TTF" (normalized: "c:\\windows\\fonts\\erasdemi.ttf") Region: id = 1525 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eraslght.ttf" filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf") Region: id = 1526 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eraslght.ttf" filename = "\\Windows\\Fonts\\ERASLGHT.TTF" (normalized: "c:\\windows\\fonts\\eraslght.ttf") Region: id = 1527 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasmd.ttf" filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf") Region: id = 1528 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "erasmd.ttf" filename = "\\Windows\\Fonts\\ERASMD.TTF" (normalized: "c:\\windows\\fonts\\erasmd.ttf") Region: id = 1529 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "felixti.ttf" filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf") Region: id = 1530 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "felixti.ttf" filename = "\\Windows\\Fonts\\FELIXTI.TTF" (normalized: "c:\\windows\\fonts\\felixti.ttf") Region: id = 1531 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "forte.ttf" filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf") Region: id = 1532 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "forte.ttf" filename = "\\Windows\\Fonts\\FORTE.TTF" (normalized: "c:\\windows\\fonts\\forte.ttf") Region: id = 1533 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabk.ttf" filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf") Region: id = 1534 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabk.ttf" filename = "\\Windows\\Fonts\\FRABK.TTF" (normalized: "c:\\windows\\fonts\\frabk.ttf") Region: id = 1535 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabkit.ttf" filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf") Region: id = 1536 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frabkit.ttf" filename = "\\Windows\\Fonts\\FRABKIT.TTF" (normalized: "c:\\windows\\fonts\\frabkit.ttf") Region: id = 1537 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradm.ttf" filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf") Region: id = 1538 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradm.ttf" filename = "\\Windows\\Fonts\\FRADM.TTF" (normalized: "c:\\windows\\fonts\\fradm.ttf") Region: id = 1539 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmcn.ttf" filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf") Region: id = 1540 start_va = 0x440000 end_va = 0x45cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmcn.ttf" filename = "\\Windows\\Fonts\\FRADMCN.TTF" (normalized: "c:\\windows\\fonts\\fradmcn.ttf") Region: id = 1541 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmit.ttf" filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf") Region: id = 1542 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fradmit.ttf" filename = "\\Windows\\Fonts\\FRADMIT.TTF" (normalized: "c:\\windows\\fonts\\fradmit.ttf") Region: id = 1543 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahv.ttf" filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf") Region: id = 1544 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahv.ttf" filename = "\\Windows\\Fonts\\FRAHV.TTF" (normalized: "c:\\windows\\fonts\\frahv.ttf") Region: id = 1545 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahvit.ttf" filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf") Region: id = 1546 start_va = 0x440000 end_va = 0x465fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frahvit.ttf" filename = "\\Windows\\Fonts\\FRAHVIT.TTF" (normalized: "c:\\windows\\fonts\\frahvit.ttf") Region: id = 1547 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdcn.ttf" filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf") Region: id = 1548 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "framdcn.ttf" filename = "\\Windows\\Fonts\\FRAMDCN.TTF" (normalized: "c:\\windows\\fonts\\framdcn.ttf") Region: id = 1549 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "freescpt.ttf" filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf") Region: id = 1550 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "freescpt.ttf" filename = "\\Windows\\Fonts\\FREESCPT.TTF" (normalized: "c:\\windows\\fonts\\freescpt.ttf") Region: id = 1551 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frscript.ttf" filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf") Region: id = 1552 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "frscript.ttf" filename = "\\Windows\\Fonts\\FRSCRIPT.TTF" (normalized: "c:\\windows\\fonts\\frscript.ttf") Region: id = 1553 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ftltlt.ttf" filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf") Region: id = 1554 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ftltlt.ttf" filename = "\\Windows\\Fonts\\FTLTLT.TTF" (normalized: "c:\\windows\\fonts\\ftltlt.ttf") Region: id = 1555 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 1556 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugi.ttf" filename = "\\Windows\\Fonts\\GADUGI.TTF" (normalized: "c:\\windows\\fonts\\gadugi.ttf") Region: id = 1557 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 1558 start_va = 0x440000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gadugib.ttf" filename = "\\Windows\\Fonts\\GADUGIB.TTF" (normalized: "c:\\windows\\fonts\\gadugib.ttf") Region: id = 1559 start_va = 0x440000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gara.ttf" filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf") Region: id = 1560 start_va = 0x440000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gara.ttf" filename = "\\Windows\\Fonts\\GARA.TTF" (normalized: "c:\\windows\\fonts\\gara.ttf") Region: id = 1561 start_va = 0x440000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garabd.ttf" filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf") Region: id = 1562 start_va = 0x440000 end_va = 0x470fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garabd.ttf" filename = "\\Windows\\Fonts\\GARABD.TTF" (normalized: "c:\\windows\\fonts\\garabd.ttf") Region: id = 1563 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garait.ttf" filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf") Region: id = 1564 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "garait.ttf" filename = "\\Windows\\Fonts\\GARAIT.TTF" (normalized: "c:\\windows\\fonts\\garait.ttf") Region: id = 1565 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gigi.ttf" filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf") Region: id = 1566 start_va = 0x440000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gigi.ttf" filename = "\\Windows\\Fonts\\GIGI.TTF" (normalized: "c:\\windows\\fonts\\gigi.ttf") Region: id = 1567 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gil_____.ttf" filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf") Region: id = 1568 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gil_____.ttf" filename = "\\Windows\\Fonts\\GIL_____.TTF" (normalized: "c:\\windows\\fonts\\gil_____.ttf") Region: id = 1569 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilb____.ttf" filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf") Region: id = 1570 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilb____.ttf" filename = "\\Windows\\Fonts\\GILB____.TTF" (normalized: "c:\\windows\\fonts\\gilb____.ttf") Region: id = 1571 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilbi___.ttf" filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf") Region: id = 1572 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilbi___.ttf" filename = "\\Windows\\Fonts\\GILBI___.TTF" (normalized: "c:\\windows\\fonts\\gilbi___.ttf") Region: id = 1573 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilc____.ttf" filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf") Region: id = 1574 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilc____.ttf" filename = "\\Windows\\Fonts\\GILC____.TTF" (normalized: "c:\\windows\\fonts\\gilc____.ttf") Region: id = 1575 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gili____.ttf" filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf") Region: id = 1576 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gili____.ttf" filename = "\\Windows\\Fonts\\GILI____.TTF" (normalized: "c:\\windows\\fonts\\gili____.ttf") Region: id = 1577 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gillubcd.ttf" filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf") Region: id = 1578 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gillubcd.ttf" filename = "\\Windows\\Fonts\\GILLUBCD.TTF" (normalized: "c:\\windows\\fonts\\gillubcd.ttf") Region: id = 1579 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilsanub.ttf" filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf") Region: id = 1580 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gilsanub.ttf" filename = "\\Windows\\Fonts\\GILSANUB.TTF" (normalized: "c:\\windows\\fonts\\gilsanub.ttf") Region: id = 1581 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glecb.ttf" filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf") Region: id = 1582 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glecb.ttf" filename = "\\Windows\\Fonts\\GLECB.TTF" (normalized: "c:\\windows\\fonts\\glecb.ttf") Region: id = 1583 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glsnecb.ttf" filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf") Region: id = 1584 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "glsnecb.ttf" filename = "\\Windows\\Fonts\\GLSNECB.TTF" (normalized: "c:\\windows\\fonts\\glsnecb.ttf") Region: id = 1585 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothic.ttf" filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf") Region: id = 1586 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothic.ttf" filename = "\\Windows\\Fonts\\GOTHIC.TTF" (normalized: "c:\\windows\\fonts\\gothic.ttf") Region: id = 1587 start_va = 0x440000 end_va = 0x45ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicb.ttf" filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf") Region: id = 1588 start_va = 0x440000 end_va = 0x45ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicb.ttf" filename = "\\Windows\\Fonts\\GOTHICB.TTF" (normalized: "c:\\windows\\fonts\\gothicb.ttf") Region: id = 1589 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicbi.ttf" filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf") Region: id = 1590 start_va = 0x440000 end_va = 0x461fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothicbi.ttf" filename = "\\Windows\\Fonts\\GOTHICBI.TTF" (normalized: "c:\\windows\\fonts\\gothicbi.ttf") Region: id = 1591 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothici.ttf" filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf") Region: id = 1592 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gothici.ttf" filename = "\\Windows\\Fonts\\GOTHICI.TTF" (normalized: "c:\\windows\\fonts\\gothici.ttf") Region: id = 1593 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudos.ttf" filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf") Region: id = 1594 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudos.ttf" filename = "\\Windows\\Fonts\\GOUDOS.TTF" (normalized: "c:\\windows\\fonts\\goudos.ttf") Region: id = 1595 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosb.ttf" filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf") Region: id = 1596 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosb.ttf" filename = "\\Windows\\Fonts\\GOUDOSB.TTF" (normalized: "c:\\windows\\fonts\\goudosb.ttf") Region: id = 1597 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosi.ttf" filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf") Region: id = 1598 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudosi.ttf" filename = "\\Windows\\Fonts\\GOUDOSI.TTF" (normalized: "c:\\windows\\fonts\\goudosi.ttf") Region: id = 1599 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudysto.ttf" filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf") Region: id = 1600 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "goudysto.ttf" filename = "\\Windows\\Fonts\\GOUDYSTO.TTF" (normalized: "c:\\windows\\fonts\\goudysto.ttf") Region: id = 1601 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harlowsi.ttf" filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf") Region: id = 1602 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harlowsi.ttf" filename = "\\Windows\\Fonts\\HARLOWSI.TTF" (normalized: "c:\\windows\\fonts\\harlowsi.ttf") Region: id = 1603 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harngton.ttf" filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf") Region: id = 1604 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "harngton.ttf" filename = "\\Windows\\Fonts\\HARNGTON.TTF" (normalized: "c:\\windows\\fonts\\harngton.ttf") Region: id = 1605 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hatten.ttf" filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf") Region: id = 1606 start_va = 0x440000 end_va = 0x45afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "hatten.ttf" filename = "\\Windows\\Fonts\\HATTEN.TTF" (normalized: "c:\\windows\\fonts\\hatten.ttf") Region: id = 1607 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowert.ttf" filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf") Region: id = 1608 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowert.ttf" filename = "\\Windows\\Fonts\\HTOWERT.TTF" (normalized: "c:\\windows\\fonts\\htowert.ttf") Region: id = 1609 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowerti.ttf" filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf") Region: id = 1610 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "htowerti.ttf" filename = "\\Windows\\Fonts\\HTOWERTI.TTF" (normalized: "c:\\windows\\fonts\\htowerti.ttf") Region: id = 1611 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imprisha.ttf" filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf") Region: id = 1612 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imprisha.ttf" filename = "\\Windows\\Fonts\\IMPRISHA.TTF" (normalized: "c:\\windows\\fonts\\imprisha.ttf") Region: id = 1613 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "infroman.ttf" filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf") Region: id = 1614 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "infroman.ttf" filename = "\\Windows\\Fonts\\INFROMAN.TTF" (normalized: "c:\\windows\\fonts\\infroman.ttf") Region: id = 1615 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcblkad.ttf" filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf") Region: id = 1616 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcblkad.ttf" filename = "\\Windows\\Fonts\\ITCBLKAD.TTF" (normalized: "c:\\windows\\fonts\\itcblkad.ttf") Region: id = 1617 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcedscr.ttf" filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf") Region: id = 1618 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itcedscr.ttf" filename = "\\Windows\\Fonts\\ITCEDSCR.TTF" (normalized: "c:\\windows\\fonts\\itcedscr.ttf") Region: id = 1619 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itckrist.ttf" filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf") Region: id = 1620 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "itckrist.ttf" filename = "\\Windows\\Fonts\\ITCKRIST.TTF" (normalized: "c:\\windows\\fonts\\itckrist.ttf") Region: id = 1621 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "jokerman.ttf" filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf") Region: id = 1622 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "jokerman.ttf" filename = "\\Windows\\Fonts\\JOKERMAN.TTF" (normalized: "c:\\windows\\fonts\\jokerman.ttf") Region: id = 1623 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "juice___.ttf" filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf") Region: id = 1624 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "juice___.ttf" filename = "\\Windows\\Fonts\\JUICE___.TTF" (normalized: "c:\\windows\\fonts\\juice___.ttf") Region: id = 1625 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kunstler.ttf" filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf") Region: id = 1626 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kunstler.ttf" filename = "\\Windows\\Fonts\\KUNSTLER.TTF" (normalized: "c:\\windows\\fonts\\kunstler.ttf") Region: id = 1627 start_va = 0x440000 end_va = 0x44afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latinwd.ttf" filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf") Region: id = 1628 start_va = 0x440000 end_va = 0x44afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "latinwd.ttf" filename = "\\Windows\\Fonts\\LATINWD.TTF" (normalized: "c:\\windows\\fonts\\latinwd.ttf") Region: id = 1629 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrite.ttf" filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf") Region: id = 1630 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrite.ttf" filename = "\\Windows\\Fonts\\LBRITE.TTF" (normalized: "c:\\windows\\fonts\\lbrite.ttf") Region: id = 1631 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrited.ttf" filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf") Region: id = 1632 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbrited.ttf" filename = "\\Windows\\Fonts\\LBRITED.TTF" (normalized: "c:\\windows\\fonts\\lbrited.ttf") Region: id = 1633 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritedi.ttf" filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf") Region: id = 1634 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritedi.ttf" filename = "\\Windows\\Fonts\\LBRITEDI.TTF" (normalized: "c:\\windows\\fonts\\lbritedi.ttf") Region: id = 1635 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritei.ttf" filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf") Region: id = 1636 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lbritei.ttf" filename = "\\Windows\\Fonts\\LBRITEI.TTF" (normalized: "c:\\windows\\fonts\\lbritei.ttf") Region: id = 1637 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lcallig.ttf" filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf") Region: id = 1638 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lcallig.ttf" filename = "\\Windows\\Fonts\\LCALLIG.TTF" (normalized: "c:\\windows\\fonts\\lcallig.ttf") Region: id = 1639 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfax.ttf" filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf") Region: id = 1640 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfax.ttf" filename = "\\Windows\\Fonts\\LFAX.TTF" (normalized: "c:\\windows\\fonts\\lfax.ttf") Region: id = 1641 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxd.ttf" filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf") Region: id = 1642 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxd.ttf" filename = "\\Windows\\Fonts\\LFAXD.TTF" (normalized: "c:\\windows\\fonts\\lfaxd.ttf") Region: id = 1643 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxdi.ttf" filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf") Region: id = 1644 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxdi.ttf" filename = "\\Windows\\Fonts\\LFAXDI.TTF" (normalized: "c:\\windows\\fonts\\lfaxdi.ttf") Region: id = 1645 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxi.ttf" filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf") Region: id = 1646 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lfaxi.ttf" filename = "\\Windows\\Fonts\\LFAXI.TTF" (normalized: "c:\\windows\\fonts\\lfaxi.ttf") Region: id = 1647 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lhandw.ttf" filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf") Region: id = 1648 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lhandw.ttf" filename = "\\Windows\\Fonts\\LHANDW.TTF" (normalized: "c:\\windows\\fonts\\lhandw.ttf") Region: id = 1649 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsans.ttf" filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf") Region: id = 1650 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsans.ttf" filename = "\\Windows\\Fonts\\LSANS.TTF" (normalized: "c:\\windows\\fonts\\lsans.ttf") Region: id = 1651 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansd.ttf" filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf") Region: id = 1652 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansd.ttf" filename = "\\Windows\\Fonts\\LSANSD.TTF" (normalized: "c:\\windows\\fonts\\lsansd.ttf") Region: id = 1653 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansdi.ttf" filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf") Region: id = 1654 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansdi.ttf" filename = "\\Windows\\Fonts\\LSANSDI.TTF" (normalized: "c:\\windows\\fonts\\lsansdi.ttf") Region: id = 1655 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansi.ttf" filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf") Region: id = 1656 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsansi.ttf" filename = "\\Windows\\Fonts\\LSANSI.TTF" (normalized: "c:\\windows\\fonts\\lsansi.ttf") Region: id = 1657 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltype.ttf" filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf") Region: id = 1658 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltype.ttf" filename = "\\Windows\\Fonts\\LTYPE.TTF" (normalized: "c:\\windows\\fonts\\ltype.ttf") Region: id = 1659 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeb.ttf" filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf") Region: id = 1660 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeb.ttf" filename = "\\Windows\\Fonts\\LTYPEB.TTF" (normalized: "c:\\windows\\fonts\\ltypeb.ttf") Region: id = 1661 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypebo.ttf" filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf") Region: id = 1662 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypebo.ttf" filename = "\\Windows\\Fonts\\LTYPEBO.TTF" (normalized: "c:\\windows\\fonts\\ltypebo.ttf") Region: id = 1663 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeo.ttf" filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf") Region: id = 1664 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ltypeo.ttf" filename = "\\Windows\\Fonts\\LTYPEO.TTF" (normalized: "c:\\windows\\fonts\\ltypeo.ttf") Region: id = 1665 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "magnetob.ttf" filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf") Region: id = 1666 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "magnetob.ttf" filename = "\\Windows\\Fonts\\MAGNETOB.TTF" (normalized: "c:\\windows\\fonts\\magnetob.ttf") Region: id = 1667 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maian.ttf" filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf") Region: id = 1668 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maian.ttf" filename = "\\Windows\\Fonts\\MAIAN.TTF" (normalized: "c:\\windows\\fonts\\maian.ttf") Region: id = 1669 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maturasc.ttf" filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf") Region: id = 1670 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "maturasc.ttf" filename = "\\Windows\\Fonts\\MATURASC.TTF" (normalized: "c:\\windows\\fonts\\maturasc.ttf") Region: id = 1671 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mistral.ttf" filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf") Region: id = 1672 start_va = 0x440000 end_va = 0x46efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mistral.ttf" filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf") Region: id = 1673 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mod20.ttf" filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf") Region: id = 1674 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mod20.ttf" filename = "\\Windows\\Fonts\\MOD20.TTF" (normalized: "c:\\windows\\fonts\\mod20.ttf") Region: id = 1675 start_va = 0xb630000 end_va = 0xca80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1676 start_va = 0xb630000 end_va = 0xca80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1677 start_va = 0xb630000 end_va = 0xca80fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttc" filename = "\\Windows\\Fonts\\MSJH.TTC" (normalized: "c:\\windows\\fonts\\msjh.ttc") Region: id = 1678 start_va = 0x6f80000 end_va = 0x7d2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1679 start_va = 0x6f80000 end_va = 0x7d2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1680 start_va = 0x6f80000 end_va = 0x7d2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjhbd.ttc" filename = "\\Windows\\Fonts\\MSJHBD.TTC" (normalized: "c:\\windows\\fonts\\msjhbd.ttc") Region: id = 1681 start_va = 0x440000 end_va = 0x478fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighub.ttf" filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf") Region: id = 1682 start_va = 0x440000 end_va = 0x478fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msuighub.ttf" filename = "\\Windows\\Fonts\\MSUIGHUB.TTF" (normalized: "c:\\windows\\fonts\\msuighub.ttf") Region: id = 1683 start_va = 0xb630000 end_va = 0xcabbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1684 start_va = 0xb630000 end_va = 0xcabbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1685 start_va = 0xb630000 end_va = 0xcabbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttc" filename = "\\Windows\\Fonts\\MSYH.TTC" (normalized: "c:\\windows\\fonts\\msyh.ttc") Region: id = 1686 start_va = 0x6f80000 end_va = 0x7d37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1687 start_va = 0x6f80000 end_va = 0x7d37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1688 start_va = 0x6f80000 end_va = 0x7d37fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyhbd.ttc" filename = "\\Windows\\Fonts\\MSYHBD.TTC" (normalized: "c:\\windows\\fonts\\msyhbd.ttc") Region: id = 1689 start_va = 0x440000 end_va = 0x466fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtcorsva.ttf" filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf") Region: id = 1690 start_va = 0x440000 end_va = 0x466fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtcorsva.ttf" filename = "\\Windows\\Fonts\\MTCORSVA.TTF" (normalized: "c:\\windows\\fonts\\mtcorsva.ttf") Region: id = 1691 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niageng.ttf" filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf") Region: id = 1692 start_va = 0x440000 end_va = 0x457fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niageng.ttf" filename = "\\Windows\\Fonts\\NIAGENG.TTF" (normalized: "c:\\windows\\fonts\\niageng.ttf") Region: id = 1693 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niagsol.ttf" filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf") Region: id = 1694 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "niagsol.ttf" filename = "\\Windows\\Fonts\\NIAGSOL.TTF" (normalized: "c:\\windows\\fonts\\niagsol.ttf") Region: id = 1695 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ocraext.ttf" filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf") Region: id = 1696 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ocraext.ttf" filename = "\\Windows\\Fonts\\OCRAEXT.TTF" (normalized: "c:\\windows\\fonts\\ocraext.ttf") Region: id = 1697 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oldengl.ttf" filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf") Region: id = 1698 start_va = 0x440000 end_va = 0x456fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oldengl.ttf" filename = "\\Windows\\Fonts\\OLDENGL.TTF" (normalized: "c:\\windows\\fonts\\oldengl.ttf") Region: id = 1699 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "onyx.ttf" filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf") Region: id = 1700 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "onyx.ttf" filename = "\\Windows\\Fonts\\ONYX.TTF" (normalized: "c:\\windows\\fonts\\onyx.ttf") Region: id = 1701 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "outlook.ttf" filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf") Region: id = 1702 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "outlook.ttf" filename = "\\Windows\\Fonts\\OUTLOOK.TTF" (normalized: "c:\\windows\\fonts\\outlook.ttf") Region: id = 1703 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palscri.ttf" filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf") Region: id = 1704 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "palscri.ttf" filename = "\\Windows\\Fonts\\PALSCRI.TTF" (normalized: "c:\\windows\\fonts\\palscri.ttf") Region: id = 1705 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "papyrus.ttf" filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf") Region: id = 1706 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "papyrus.ttf" filename = "\\Windows\\Fonts\\PAPYRUS.TTF" (normalized: "c:\\windows\\fonts\\papyrus.ttf") Region: id = 1707 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "parchm.ttf" filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf") Region: id = 1708 start_va = 0x440000 end_va = 0x464fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "parchm.ttf" filename = "\\Windows\\Fonts\\PARCHM.TTF" (normalized: "c:\\windows\\fonts\\parchm.ttf") Region: id = 1709 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "per_____.ttf" filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf") Region: id = 1710 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "per_____.ttf" filename = "\\Windows\\Fonts\\PER_____.TTF" (normalized: "c:\\windows\\fonts\\per_____.ttf") Region: id = 1711 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perb____.ttf" filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf") Region: id = 1712 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perb____.ttf" filename = "\\Windows\\Fonts\\PERB____.TTF" (normalized: "c:\\windows\\fonts\\perb____.ttf") Region: id = 1713 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perbi___.ttf" filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf") Region: id = 1714 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "perbi___.ttf" filename = "\\Windows\\Fonts\\PERBI___.TTF" (normalized: "c:\\windows\\fonts\\perbi___.ttf") Region: id = 1715 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peri____.ttf" filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf") Region: id = 1716 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peri____.ttf" filename = "\\Windows\\Fonts\\PERI____.TTF" (normalized: "c:\\windows\\fonts\\peri____.ttf") Region: id = 1717 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertibd.ttf" filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf") Region: id = 1718 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertibd.ttf" filename = "\\Windows\\Fonts\\PERTIBD.TTF" (normalized: "c:\\windows\\fonts\\pertibd.ttf") Region: id = 1719 start_va = 0x440000 end_va = 0x44afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertili.ttf" filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf") Region: id = 1720 start_va = 0x440000 end_va = 0x44afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pertili.ttf" filename = "\\Windows\\Fonts\\PERTILI.TTF" (normalized: "c:\\windows\\fonts\\pertili.ttf") Region: id = 1721 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "playbill.ttf" filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf") Region: id = 1722 start_va = 0x440000 end_va = 0x44bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "playbill.ttf" filename = "\\Windows\\Fonts\\PLAYBILL.TTF" (normalized: "c:\\windows\\fonts\\playbill.ttf") Region: id = 1723 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "poorich.ttf" filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf") Region: id = 1724 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "poorich.ttf" filename = "\\Windows\\Fonts\\POORICH.TTF" (normalized: "c:\\windows\\fonts\\poorich.ttf") Region: id = 1725 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pristina.ttf" filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf") Region: id = 1726 start_va = 0x440000 end_va = 0x454fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pristina.ttf" filename = "\\Windows\\Fonts\\PRISTINA.TTF" (normalized: "c:\\windows\\fonts\\pristina.ttf") Region: id = 1727 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rage.ttf" filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf") Region: id = 1728 start_va = 0x440000 end_va = 0x460fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rage.ttf" filename = "\\Windows\\Fonts\\RAGE.TTF" (normalized: "c:\\windows\\fonts\\rage.ttf") Region: id = 1729 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ravie.ttf" filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf") Region: id = 1730 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ravie.ttf" filename = "\\Windows\\Fonts\\RAVIE.TTF" (normalized: "c:\\windows\\fonts\\ravie.ttf") Region: id = 1731 start_va = 0x440000 end_va = 0x475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refsan.ttf" filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf") Region: id = 1732 start_va = 0x440000 end_va = 0x475fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refsan.ttf" filename = "\\Windows\\Fonts\\REFSAN.TTF" (normalized: "c:\\windows\\fonts\\refsan.ttf") Region: id = 1733 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refspcl.ttf" filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf") Region: id = 1734 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "refspcl.ttf" filename = "\\Windows\\Fonts\\REFSPCL.TTF" (normalized: "c:\\windows\\fonts\\refspcl.ttf") Region: id = 1735 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocc____.ttf" filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf") Region: id = 1736 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocc____.ttf" filename = "\\Windows\\Fonts\\ROCC____.TTF" (normalized: "c:\\windows\\fonts\\rocc____.ttf") Region: id = 1737 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roccb___.ttf" filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf") Region: id = 1738 start_va = 0x440000 end_va = 0x44efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "roccb___.ttf" filename = "\\Windows\\Fonts\\ROCCB___.TTF" (normalized: "c:\\windows\\fonts\\roccb___.ttf") Region: id = 1739 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rock.ttf" filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf") Region: id = 1740 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rock.ttf" filename = "\\Windows\\Fonts\\ROCK.TTF" (normalized: "c:\\windows\\fonts\\rock.ttf") Region: id = 1741 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockb.ttf" filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf") Region: id = 1742 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockb.ttf" filename = "\\Windows\\Fonts\\ROCKB.TTF" (normalized: "c:\\windows\\fonts\\rockb.ttf") Region: id = 1743 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockbi.ttf" filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf") Region: id = 1744 start_va = 0x440000 end_va = 0x451fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockbi.ttf" filename = "\\Windows\\Fonts\\ROCKBI.TTF" (normalized: "c:\\windows\\fonts\\rockbi.ttf") Region: id = 1745 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockeb.ttf" filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf") Region: id = 1746 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rockeb.ttf" filename = "\\Windows\\Fonts\\ROCKEB.TTF" (normalized: "c:\\windows\\fonts\\rockeb.ttf") Region: id = 1747 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocki.ttf" filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf") Region: id = 1748 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rocki.ttf" filename = "\\Windows\\Fonts\\ROCKI.TTF" (normalized: "c:\\windows\\fonts\\rocki.ttf") Region: id = 1749 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkb.ttf" filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf") Region: id = 1750 start_va = 0x440000 end_va = 0x469fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkb.ttf" filename = "\\Windows\\Fonts\\SCHLBKB.TTF" (normalized: "c:\\windows\\fonts\\schlbkb.ttf") Region: id = 1751 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkbi.ttf" filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf") Region: id = 1752 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbkbi.ttf" filename = "\\Windows\\Fonts\\SCHLBKBI.TTF" (normalized: "c:\\windows\\fonts\\schlbkbi.ttf") Region: id = 1753 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbki.ttf" filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf") Region: id = 1754 start_va = 0x440000 end_va = 0x467fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schlbki.ttf" filename = "\\Windows\\Fonts\\SCHLBKI.TTF" (normalized: "c:\\windows\\fonts\\schlbki.ttf") Region: id = 1755 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "scriptbl.ttf" filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf") Region: id = 1756 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "scriptbl.ttf" filename = "\\Windows\\Fonts\\SCRIPTBL.TTF" (normalized: "c:\\windows\\fonts\\scriptbl.ttf") Region: id = 1757 start_va = 0x5610000 end_va = 0x56a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuisl.ttf" filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf") Region: id = 1758 start_va = 0x5610000 end_va = 0x56a7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuisl.ttf" filename = "\\Windows\\Fonts\\SEGOEUISL.TTF" (normalized: "c:\\windows\\fonts\\segoeuisl.ttf") Region: id = 1759 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "showg.ttf" filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf") Region: id = 1760 start_va = 0x440000 end_va = 0x44cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "showg.ttf" filename = "\\Windows\\Fonts\\SHOWG.TTF" (normalized: "c:\\windows\\fonts\\showg.ttf") Region: id = 1761 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "snap____.ttf" filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf") Region: id = 1762 start_va = 0x440000 end_va = 0x44ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "snap____.ttf" filename = "\\Windows\\Fonts\\SNAP____.TTF" (normalized: "c:\\windows\\fonts\\snap____.ttf") Region: id = 1763 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stencil.ttf" filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf") Region: id = 1764 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stencil.ttf" filename = "\\Windows\\Fonts\\STENCIL.TTF" (normalized: "c:\\windows\\fonts\\stencil.ttf") Region: id = 1765 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcb_____.ttf" filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf") Region: id = 1766 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcb_____.ttf" filename = "\\Windows\\Fonts\\TCB_____.TTF" (normalized: "c:\\windows\\fonts\\tcb_____.ttf") Region: id = 1767 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcbi____.ttf" filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf") Region: id = 1768 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcbi____.ttf" filename = "\\Windows\\Fonts\\TCBI____.TTF" (normalized: "c:\\windows\\fonts\\tcbi____.ttf") Region: id = 1769 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccb____.ttf" filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf") Region: id = 1770 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccb____.ttf" filename = "\\Windows\\Fonts\\TCCB____.TTF" (normalized: "c:\\windows\\fonts\\tccb____.ttf") Region: id = 1771 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcceb.ttf" filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf") Region: id = 1772 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcceb.ttf" filename = "\\Windows\\Fonts\\TCCEB.TTF" (normalized: "c:\\windows\\fonts\\tcceb.ttf") Region: id = 1773 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccm____.ttf" filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf") Region: id = 1774 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tccm____.ttf" filename = "\\Windows\\Fonts\\TCCM____.TTF" (normalized: "c:\\windows\\fonts\\tccm____.ttf") Region: id = 1775 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcm_____.ttf" filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf") Region: id = 1776 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcm_____.ttf" filename = "\\Windows\\Fonts\\TCM_____.TTF" (normalized: "c:\\windows\\fonts\\tcm_____.ttf") Region: id = 1777 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcmi____.ttf" filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf") Region: id = 1778 start_va = 0x440000 end_va = 0x453fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcmi____.ttf" filename = "\\Windows\\Fonts\\TCMI____.TTF" (normalized: "c:\\windows\\fonts\\tcmi____.ttf") Region: id = 1779 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tempsitc.ttf" filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf") Region: id = 1780 start_va = 0x440000 end_va = 0x452fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tempsitc.ttf" filename = "\\Windows\\Fonts\\TEMPSITC.TTF" (normalized: "c:\\windows\\fonts\\tempsitc.ttf") Region: id = 1781 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vineritc.ttf" filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf") Region: id = 1782 start_va = 0x440000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vineritc.ttf" filename = "\\Windows\\Fonts\\VINERITC.TTF" (normalized: "c:\\windows\\fonts\\vineritc.ttf") Region: id = 1783 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vivaldii.ttf" filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf") Region: id = 1784 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vivaldii.ttf" filename = "\\Windows\\Fonts\\VIVALDII.TTF" (normalized: "c:\\windows\\fonts\\vivaldii.ttf") Region: id = 1785 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vladimir.ttf" filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf") Region: id = 1786 start_va = 0x440000 end_va = 0x44dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vladimir.ttf" filename = "\\Windows\\Fonts\\VLADIMIR.TTF" (normalized: "c:\\windows\\fonts\\vladimir.ttf") Region: id = 1787 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng2.ttf" filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf") Region: id = 1788 start_va = 0x440000 end_va = 0x450fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng2.ttf" filename = "\\Windows\\Fonts\\WINGDNG2.TTF" (normalized: "c:\\windows\\fonts\\wingdng2.ttf") Region: id = 1789 start_va = 0x440000 end_va = 0x448fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng3.ttf" filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf") Region: id = 1790 start_va = 0x440000 end_va = 0x448fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wingdng3.ttf" filename = "\\Windows\\Fonts\\WINGDNG3.TTF" (normalized: "c:\\windows\\fonts\\wingdng3.ttf") Region: id = 1791 start_va = 0x440000 end_va = 0x441fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtextra.ttf" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\mtextra.ttf") Region: id = 1792 start_va = 0x440000 end_va = 0x441fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mtextra.ttf" filename = "\\Program Files (x86)\\Common Files\\microsoft shared\\EQUATION\\MTEXTRA.TTF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\mtextra.ttf") Region: id = 1793 start_va = 0x430000 end_va = 0x44bfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 1794 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1795 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1796 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1797 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1798 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1799 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1800 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1801 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1802 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 1803 start_va = 0x6d110000 end_va = 0x6d20afff monitored = 0 entry_point = 0x6d1217e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 1804 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1805 start_va = 0x450000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 1806 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1807 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1808 start_va = 0xae0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 1809 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1810 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1811 start_va = 0xae0000 end_va = 0xaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 1812 start_va = 0xb30000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b30000" filename = "" Region: id = 1813 start_va = 0xb80000 end_va = 0xb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b80000" filename = "" Region: id = 1814 start_va = 0xb90000 end_va = 0xb9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1815 start_va = 0xba0000 end_va = 0xbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ba0000" filename = "" Region: id = 1816 start_va = 0xcd0000 end_va = 0xcdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 1817 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1818 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1819 start_va = 0x6c340000 end_va = 0x6d10cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.web.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll") Region: id = 1820 start_va = 0x73720000 end_va = 0x73814fff monitored = 0 entry_point = 0x73730d9e region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 1821 start_va = 0xae0000 end_va = 0xae1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1822 start_va = 0x73a90000 end_va = 0x73c2dfff monitored = 0 entry_point = 0x73abe6b5 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll") Region: id = 1823 start_va = 0xb30000 end_va = 0xb30fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1824 start_va = 0xb80000 end_va = 0xb81fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b80000" filename = "" Region: id = 1825 start_va = 0xb30000 end_va = 0xb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 1826 start_va = 0x754c0000 end_va = 0x75542fff monitored = 0 entry_point = 0x754c23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1827 start_va = 0xb90000 end_va = 0xb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 1828 start_va = 0x748a0000 end_va = 0x748c0fff monitored = 0 entry_point = 0x748a145e region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll") Region: id = 1829 start_va = 0x75b90000 end_va = 0x75bd4fff monitored = 0 entry_point = 0x75b911e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 1830 start_va = 0xba0000 end_va = 0xba3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 1831 start_va = 0xcd0000 end_va = 0xcf5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000a.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000a.db") Region: id = 1832 start_va = 0xe40000 end_va = 0xe40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e40000" filename = "" Region: id = 1833 start_va = 0xe90000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 1834 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1835 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1836 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1837 start_va = 0xba0000 end_va = 0xba3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1838 start_va = 0xe50000 end_va = 0xe7ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 1839 start_va = 0xe80000 end_va = 0xe83fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1840 start_va = 0x52b0000 end_va = 0x5315fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 1841 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1842 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1843 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1844 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1845 start_va = 0x759d0000 end_va = 0x75b6cfff monitored = 0 entry_point = 0x759d17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 1846 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1847 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1848 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1849 start_va = 0x66d0000 end_va = 0x67d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000066d0000" filename = "" Region: id = 1850 start_va = 0x758a0000 end_va = 0x758c6fff monitored = 0 entry_point = 0x758a58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1851 start_va = 0x75b70000 end_va = 0x75b81fff monitored = 0 entry_point = 0x75b71441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 1852 start_va = 0xed0000 end_va = 0xedcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 1853 start_va = 0x73820000 end_va = 0x7386bfff monitored = 0 entry_point = 0x73822c14 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 1854 start_va = 0x6c310000 end_va = 0x6c33dfff monitored = 0 entry_point = 0x6c311bba region_type = mapped_file name = "shdocvw.dll" filename = "\\Windows\\SysWOW64\\shdocvw.dll" (normalized: "c:\\windows\\syswow64\\shdocvw.dll") Region: id = 1855 start_va = 0x5050000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 1856 start_va = 0x6730000 end_va = 0x682ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006730000" filename = "" Region: id = 1857 start_va = 0x7ef8c000 end_va = 0x7ef8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 1858 start_va = 0xee0000 end_va = 0xeedfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 1859 start_va = 0x74de0000 end_va = 0x74f15fff monitored = 0 entry_point = 0x74de1b35 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 1860 start_va = 0x755b0000 end_va = 0x756a4fff monitored = 0 entry_point = 0x755b1865 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1861 start_va = 0x74f30000 end_va = 0x7512afff monitored = 0 entry_point = 0x74f322d9 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 1862 start_va = 0xef0000 end_va = 0xef0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ef0000" filename = "" Region: id = 1893 start_va = 0x5f70000 end_va = 0x5faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f70000" filename = "" Region: id = 1894 start_va = 0x68d0000 end_va = 0x69cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000068d0000" filename = "" Region: id = 1895 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Thread: id = 1 os_tid = 0xee0 [0057.571] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0060.700] GetACP () returned 0x4e4 [0061.035] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config", nBufferLength=0x105, lpBuffer=0x3ae6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config", lpFilePart=0x0) returned 0x66 [0061.045] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae3f0 | out: phkResult=0x3ae3f0*=0x0) returned 0x2 [0061.046] RegCloseKey (hKey=0x80000002) returned 0x0 [0061.309] GetCurrentProcess () returned 0xffffffff [0061.309] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aea2c | out: TokenHandle=0x3aea2c*=0x40) returned 1 [0061.317] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x3ae4e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0061.417] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3aea24 | out: lpFileInformation=0x3aea24*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0061.419] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0061.424] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3aea2c | out: lpFileInformation=0x3aea2c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0061.426] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x3ae44c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0061.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ae964) returned 1 [0061.429] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0061.429] GetFileType (hFile=0x1f4) returned 0x1 [0061.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ae960) returned 1 [0061.429] GetFileType (hFile=0x1f4) returned 0x1 [0064.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3adca0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0064.335] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x3add04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0064.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3adf44) returned 1 [0064.336] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x3ae208 | out: lpFileInformation=0x3ae208*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0064.336] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3adf40) returned 1 [0064.540] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x3ae0d4 | out: pfEnabled=0x3ae0d4) returned 0x0 [0064.880] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae9b0 | out: phkResult=0x3ae9b0*=0x0) returned 0x2 [0064.880] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae9b0 | out: phkResult=0x3ae9b0*=0x0) returned 0x2 [0064.882] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x3aea20 | out: lpFileSizeHigh=0x3aea20*=0x0) returned 0x8c8e [0064.883] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae9dc, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae9dc*=0x1000, lpOverlapped=0x0) returned 1 [0064.902] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae88c, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae88c*=0x1000, lpOverlapped=0x0) returned 1 [0064.904] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae740, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae740*=0x1000, lpOverlapped=0x0) returned 1 [0064.904] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae740, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae740*=0x1000, lpOverlapped=0x0) returned 1 [0064.905] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae740, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae740*=0x1000, lpOverlapped=0x0) returned 1 [0064.905] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae678, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae678*=0x1000, lpOverlapped=0x0) returned 1 [0064.912] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae7e4, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae7e4*=0x1000, lpOverlapped=0x0) returned 1 [0064.914] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae6d8, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae6d8*=0x1000, lpOverlapped=0x0) returned 1 [0064.914] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae6d8, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae6d8*=0xc8e, lpOverlapped=0x0) returned 1 [0064.914] ReadFile (in: hFile=0x1f4, lpBuffer=0x25905ac, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x3ae79c, lpOverlapped=0x0 | out: lpBuffer=0x25905ac*, lpNumberOfBytesRead=0x3ae79c*=0x0, lpOverlapped=0x0) returned 1 [0064.914] CloseHandle (hObject=0x1f4) returned 1 [0064.915] CloseHandle (hObject=0x40) returned 1 [0064.916] GetCurrentProcess () returned 0xffffffff [0064.916] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aeb78 | out: TokenHandle=0x3aeb78*=0x40) returned 1 [0064.917] CloseHandle (hObject=0x40) returned 1 [0064.917] GetCurrentProcess () returned 0xffffffff [0064.917] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aeb78 | out: TokenHandle=0x3aeb78*=0x40) returned 1 [0064.918] CloseHandle (hObject=0x40) returned 1 [0064.925] GetCurrentProcess () returned 0xffffffff [0064.925] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aea2c | out: TokenHandle=0x3aea2c*=0x40) returned 1 [0064.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3aea24 | out: lpFileInformation=0x3aea24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0064.926] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config", nBufferLength=0x105, lpBuffer=0x3ae4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config", lpFilePart=0x0) returned 0x66 [0064.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3aea2c | out: lpFileInformation=0x3aea2c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0064.927] CloseHandle (hObject=0x40) returned 1 [0064.927] GetCurrentProcess () returned 0xffffffff [0064.927] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aeb78 | out: TokenHandle=0x3aeb78*=0x40) returned 1 [0064.928] CloseHandle (hObject=0x40) returned 1 [0064.929] GetCurrentProcess () returned 0xffffffff [0064.929] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aeb78 | out: TokenHandle=0x3aeb78*=0x40) returned 1 [0064.929] CloseHandle (hObject=0x40) returned 1 [0064.954] GetCurrentProcess () returned 0xffffffff [0064.955] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae990 | out: TokenHandle=0x3ae990*=0x40) returned 1 [0064.979] CloseHandle (hObject=0x40) returned 1 [0064.980] GetCurrentProcess () returned 0xffffffff [0064.980] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9a8 | out: TokenHandle=0x3ae9a8*=0x40) returned 1 [0064.981] CloseHandle (hObject=0x40) returned 1 [0065.011] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40 [0065.012] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1f4 [0065.021] GetCurrentProcess () returned 0xffffffff [0065.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9b0 | out: TokenHandle=0x3ae9b0*=0x234) returned 1 [0065.025] CloseHandle (hObject=0x234) returned 1 [0065.025] GetCurrentProcess () returned 0xffffffff [0065.025] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9c8 | out: TokenHandle=0x3ae9c8*=0x234) returned 1 [0065.026] CloseHandle (hObject=0x234) returned 1 [0065.036] GetCurrentProcess () returned 0xffffffff [0065.036] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9b8 | out: TokenHandle=0x3ae9b8*=0x234) returned 1 [0065.051] CloseHandle (hObject=0x234) returned 1 [0065.052] GetCurrentProcess () returned 0xffffffff [0065.052] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9d0 | out: TokenHandle=0x3ae9d0*=0x234) returned 1 [0065.052] CloseHandle (hObject=0x234) returned 1 [0065.085] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3adea4 | out: phkResult=0x3adea4*=0x234) returned 0x0 [0065.088] RegQueryValueExW (in: hKey=0x234, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3adec4, lpData=0x0, lpcbData=0x3adec0*=0x0 | out: lpType=0x3adec4*=0x1, lpData=0x0, lpcbData=0x3adec0*=0xe) returned 0x0 [0065.088] RegQueryValueExW (in: hKey=0x234, lpValueName="InstallationType", lpReserved=0x0, lpType=0x3adec4, lpData=0x25b1814, lpcbData=0x3adec0*=0xe | out: lpType=0x3adec4*=0x1, lpData="Client", lpcbData=0x3adec0*=0xe) returned 0x0 [0065.089] RegCloseKey (hKey=0x234) returned 0x0 [0065.095] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec6c | out: phkResult=0x3aec6c*=0x234) returned 0x0 [0065.096] RegQueryValueExW (in: hKey=0x234, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x3aec88, lpData=0x0, lpcbData=0x3aec84*=0x0 | out: lpType=0x3aec88*=0x0, lpData=0x0, lpcbData=0x3aec84*=0x0) returned 0x2 [0065.096] RegCloseKey (hKey=0x234) returned 0x0 [0065.105] GetCurrentProcessId () returned 0xedc [0065.114] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x3ae50c | out: lpLuid=0x3ae50c*(LowPart=0x14, HighPart=0)) returned 1 [0065.117] GetCurrentProcess () returned 0xffffffff [0065.117] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x3ae508 | out: TokenHandle=0x3ae508*=0x230) returned 1 [0065.119] AdjustTokenPrivileges (in: TokenHandle=0x230, DisableAllPrivileges=0, NewState=0x25b2888*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0065.119] CloseHandle (hObject=0x230) returned 1 [0065.121] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.203] EnumProcessModules (in: hProcess=0x230, lphModule=0x25b28cc, cb=0x100, lpcbNeeded=0x3aec78 | out: lphModule=0x25b28cc, lpcbNeeded=0x3aec78) returned 1 [0065.208] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25b2a0c, cb=0xc | out: lpmodinfo=0x25b2a0c*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.210] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.210] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.211] CoTaskMemFree (pv=0x20e200) [0065.212] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.212] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.212] CoTaskMemFree (pv=0x20e200) [0065.213] CloseHandle (hObject=0x230) returned 1 [0065.214] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x0) returned 0x2 [0065.214] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.215] RegQueryValueExW (in: hKey=0x230, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.215] RegCloseKey (hKey=0x230) returned 0x0 [0065.215] GetCurrentProcessId () returned 0xedc [0065.215] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.215] EnumProcessModules (in: hProcess=0x230, lphModule=0x25b55cc, cb=0x100, lpcbNeeded=0x3aec78 | out: lphModule=0x25b55cc, lpcbNeeded=0x3aec78) returned 1 [0065.216] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25b570c, cb=0xc | out: lpmodinfo=0x25b570c*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.216] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.216] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.217] CoTaskMemFree (pv=0x20e200) [0065.217] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.217] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.217] CoTaskMemFree (pv=0x20e200) [0065.217] CloseHandle (hObject=0x230) returned 1 [0065.217] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.218] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x0) returned 0x2 [0065.218] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.218] RegQueryValueExW (in: hKey=0x230, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.218] RegCloseKey (hKey=0x230) returned 0x0 [0065.219] GetCurrentProcessId () returned 0xedc [0065.219] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.219] EnumProcessModules (in: hProcess=0x230, lphModule=0x25b81b0, cb=0x100, lpcbNeeded=0x3aec78 | out: lphModule=0x25b81b0, lpcbNeeded=0x3aec78) returned 1 [0065.220] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25b82f0, cb=0xc | out: lpmodinfo=0x25b82f0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.220] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.220] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.220] CoTaskMemFree (pv=0x20e200) [0065.220] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.220] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.220] CoTaskMemFree (pv=0x20e200) [0065.221] CloseHandle (hObject=0x230) returned 1 [0065.221] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.221] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x0) returned 0x2 [0065.221] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.221] RegQueryValueExW (in: hKey=0x230, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.221] RegCloseKey (hKey=0x230) returned 0x0 [0065.222] GetCurrentProcessId () returned 0xedc [0065.222] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.222] EnumProcessModules (in: hProcess=0x230, lphModule=0x25bad68, cb=0x100, lpcbNeeded=0x3aec78 | out: lphModule=0x25bad68, lpcbNeeded=0x3aec78) returned 1 [0065.223] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25baea8, cb=0xc | out: lpmodinfo=0x25baea8*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.223] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.223] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.223] CoTaskMemFree (pv=0x20e200) [0065.224] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.224] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.224] CoTaskMemFree (pv=0x20e200) [0065.224] CloseHandle (hObject=0x230) returned 1 [0065.224] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.224] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x0) returned 0x2 [0065.225] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.225] RegQueryValueExW (in: hKey=0x230, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.225] RegCloseKey (hKey=0x230) returned 0x0 [0065.225] GetCurrentProcessId () returned 0xedc [0065.225] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.226] EnumProcessModules (in: hProcess=0x230, lphModule=0x25bd8a0, cb=0x100, lpcbNeeded=0x3aec78 | out: lphModule=0x25bd8a0, lpcbNeeded=0x3aec78) returned 1 [0065.226] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25bd9e0, cb=0xc | out: lpmodinfo=0x25bd9e0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.227] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.227] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.227] CoTaskMemFree (pv=0x20e200) [0065.227] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.227] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.227] CoTaskMemFree (pv=0x20e200) [0065.227] CloseHandle (hObject=0x230) returned 1 [0065.227] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.228] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x0) returned 0x2 [0065.228] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.228] RegQueryValueExW (in: hKey=0x230, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.228] RegCloseKey (hKey=0x230) returned 0x0 [0065.229] GetCurrentProcessId () returned 0xedc [0065.229] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.229] EnumProcessModules (in: hProcess=0x230, lphModule=0x25c03c8, cb=0x100, lpcbNeeded=0x3aec78 | out: lphModule=0x25c03c8, lpcbNeeded=0x3aec78) returned 1 [0065.230] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25c0508, cb=0xc | out: lpmodinfo=0x25c0508*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.230] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.230] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.230] CoTaskMemFree (pv=0x20e200) [0065.230] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.230] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.231] CoTaskMemFree (pv=0x20e200) [0065.231] CloseHandle (hObject=0x230) returned 1 [0065.231] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.232] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x0) returned 0x2 [0065.232] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.232] RegQueryValueExW (in: hKey=0x230, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.232] RegCloseKey (hKey=0x230) returned 0x0 [0065.244] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.244] RegQueryValueExW (in: hKey=0x230, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.244] RegCloseKey (hKey=0x230) returned 0x0 [0065.245] GetCurrentProcessId () returned 0xedc [0065.245] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.245] EnumProcessModules (in: hProcess=0x230, lphModule=0x25c3e90, cb=0x100, lpcbNeeded=0x3aec74 | out: lphModule=0x25c3e90, lpcbNeeded=0x3aec74) returned 1 [0065.246] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25c3fd0, cb=0xc | out: lpmodinfo=0x25c3fd0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.246] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.246] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e200, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.246] CoTaskMemFree (pv=0x20e200) [0065.246] CoTaskMemAlloc (cb=0x804) returned 0x20e200 [0065.246] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e200, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.247] CoTaskMemFree (pv=0x20e200) [0065.247] CloseHandle (hObject=0x230) returned 1 [0065.247] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae79c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.248] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec6c | out: phkResult=0x3aec6c*=0x0) returned 0x2 [0065.248] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec6c | out: phkResult=0x3aec6c*=0x230) returned 0x0 [0065.248] RegQueryValueExW (in: hKey=0x230, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x3aec88, lpData=0x0, lpcbData=0x3aec84*=0x0 | out: lpType=0x3aec88*=0x0, lpData=0x0, lpcbData=0x3aec84*=0x0) returned 0x2 [0065.248] RegCloseKey (hKey=0x230) returned 0x0 [0065.249] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec70 | out: phkResult=0x3aec70*=0x230) returned 0x0 [0065.249] RegQueryValueExW (in: hKey=0x230, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x3aec8c, lpData=0x0, lpcbData=0x3aec88*=0x0 | out: lpType=0x3aec8c*=0x0, lpData=0x0, lpcbData=0x3aec88*=0x0) returned 0x2 [0065.249] RegCloseKey (hKey=0x230) returned 0x0 [0065.250] GetCurrentProcessId () returned 0xedc [0065.250] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.250] EnumProcessModules (in: hProcess=0x230, lphModule=0x25c6d9c, cb=0x100, lpcbNeeded=0x3aec74 | out: lphModule=0x25c6d9c, lpcbNeeded=0x3aec74) returned 1 [0065.251] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25c6edc, cb=0xc | out: lpmodinfo=0x25c6edc*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.251] CoTaskMemAlloc (cb=0x804) returned 0x20e3e8 [0065.251] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e3e8, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.251] CoTaskMemFree (pv=0x20e3e8) [0065.252] CoTaskMemAlloc (cb=0x804) returned 0x20e3e8 [0065.252] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e3e8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.252] CoTaskMemFree (pv=0x20e3e8) [0065.252] CloseHandle (hObject=0x230) returned 1 [0065.252] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae79c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.252] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec6c | out: phkResult=0x3aec6c*=0x0) returned 0x2 [0065.253] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec6c | out: phkResult=0x3aec6c*=0x230) returned 0x0 [0065.253] RegQueryValueExW (in: hKey=0x230, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x3aec88, lpData=0x0, lpcbData=0x3aec84*=0x0 | out: lpType=0x3aec88*=0x0, lpData=0x0, lpcbData=0x3aec84*=0x0) returned 0x2 [0065.253] RegCloseKey (hKey=0x230) returned 0x0 [0065.255] GetCurrentProcessId () returned 0xedc [0065.255] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x230 [0065.255] EnumProcessModules (in: hProcess=0x230, lphModule=0x25c98cc, cb=0x100, lpcbNeeded=0x3aec74 | out: lphModule=0x25c98cc, lpcbNeeded=0x3aec74) returned 1 [0065.256] GetModuleInformation (in: hProcess=0x230, hModule=0x10b0000, lpmodinfo=0x25c9a0c, cb=0xc | out: lpmodinfo=0x25c9a0c*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0065.256] CoTaskMemAlloc (cb=0x804) returned 0x20e3e8 [0065.257] GetModuleBaseNameW (in: hProcess=0x230, hModule=0x10b0000, lpBaseName=0x20e3e8, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0065.257] CoTaskMemFree (pv=0x20e3e8) [0065.257] CoTaskMemAlloc (cb=0x804) returned 0x20e3e8 [0065.257] GetModuleFileNameExW (in: hProcess=0x230, hModule=0x10b0000, lpFilename=0x20e3e8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0065.257] CoTaskMemFree (pv=0x20e3e8) [0065.257] CloseHandle (hObject=0x230) returned 1 [0065.257] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae79c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0065.257] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec6c | out: phkResult=0x3aec6c*=0x0) returned 0x2 [0065.260] QueryPerformanceFrequency (in: lpFrequency=0xb53d8 | out: lpFrequency=0xb53d8*=100000000) returned 1 [0065.260] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed78 | out: lpPerformanceCount=0x3aed78*=1628460090758) returned 1 [0065.267] GetCurrentProcess () returned 0xffffffff [0065.267] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae98c | out: TokenHandle=0x3ae98c*=0x230) returned 1 [0065.272] CloseHandle (hObject=0x230) returned 1 [0065.272] GetCurrentProcess () returned 0xffffffff [0065.272] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9a4 | out: TokenHandle=0x3ae9a4*=0x230) returned 1 [0065.273] CloseHandle (hObject=0x230) returned 1 [0065.278] GetCurrentProcess () returned 0xffffffff [0065.278] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aec5c | out: TokenHandle=0x3aec5c*=0x230) returned 1 [0066.070] CoTaskMemAlloc (cb=0xcc0) returned 0x20e3e8 [0066.074] RasEnumConnectionsW (in: param_1=0x20e3e8, param_2=0x3aec6c, param_3=0x3aec70 | out: param_1=0x20e3e8, param_2=0x3aec6c, param_3=0x3aec70) returned 0x0 [0066.339] CoTaskMemFree (pv=0x20e3e8) [0066.348] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x3aea54 | out: lpWSAData=0x3aea54) returned 0 [0066.358] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x27c [0066.688] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0066.689] closesocket (s=0x27c) returned 0 [0066.689] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x27c [0066.723] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0066.723] closesocket (s=0x27c) returned 0 [0066.724] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x27c [0066.725] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x280 [0066.726] ioctlsocket (in: s=0x27c, cmd=-2147195266, argp=0x3aec74 | out: argp=0x3aec74) returned 0 [0066.726] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x284 [0066.727] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x288 [0066.727] ioctlsocket (in: s=0x284, cmd=-2147195266, argp=0x3aec74 | out: argp=0x3aec74) returned 0 [0066.728] WSAIoctl (in: s=0x27c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3aec5c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3aec5c, lpOverlapped=0x0) returned -1 [0066.729] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ae98c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0066.763] WSAEventSelect (s=0x27c, hEventObject=0x280, lNetworkEvents=512) returned 0 [0066.763] WSAIoctl (in: s=0x284, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3aec5c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3aec5c, lpOverlapped=0x0) returned -1 [0066.763] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ae98c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0066.763] WSAEventSelect (s=0x284, hEventObject=0x288, lNetworkEvents=512) returned 0 [0066.764] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x290 [0066.765] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x290, param_3=0x3) returned 0x0 [0066.772] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x3aec88 | out: phkResult=0x3aec88*=0x2a8) returned 0x0 [0066.773] RegOpenKeyExW (in: hKey=0x2a8, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec3c | out: phkResult=0x3aec3c*=0x2ac) returned 0x0 [0066.774] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b0 [0066.774] RegNotifyChangeKeyValue (hKey=0x2ac, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b0, fAsynchronous=1) returned 0x0 [0066.775] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec40 | out: phkResult=0x3aec40*=0x2b4) returned 0x0 [0066.776] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8 [0066.776] RegNotifyChangeKeyValue (hKey=0x2b4, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b8, fAsynchronous=1) returned 0x0 [0066.776] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x3aec40 | out: phkResult=0x3aec40*=0x2bc) returned 0x0 [0066.777] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0066.777] RegNotifyChangeKeyValue (hKey=0x2bc, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2c0, fAsynchronous=1) returned 0x0 [0066.778] GetCurrentProcess () returned 0xffffffff [0066.778] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3aec30 | out: TokenHandle=0x3aec30*=0x2c4) returned 1 [0066.783] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae538 | out: phkResult=0x3ae538*=0x2c8) returned 0x0 [0066.784] RegQueryValueExW (in: hKey=0x2c8, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x3ae554, lpData=0x0, lpcbData=0x3ae550*=0x0 | out: lpType=0x3ae554*=0x0, lpData=0x0, lpcbData=0x3ae550*=0x0) returned 0x2 [0066.784] RegCloseKey (hKey=0x2c8) returned 0x0 [0067.300] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x217f68 [0067.417] WinHttpSetTimeouts (hInternet=0x217f68, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0067.418] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x3aec3c | out: pProxyConfig=0x3aec3c) returned 1 [0068.129] CloseHandle (hObject=0x230) returned 1 [0068.136] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x3ae490, nSize=0x90 | out: lpBuffer="") returned 0x0 [0068.136] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x3ae490, nSize=0x90 | out: lpBuffer="") returned 0x0 [0068.151] EtwEventRegister () returned 0x0 [0068.172] EtwEventRegister () returned 0x0 [0068.228] GetCurrentProcess () returned 0xffffffff [0068.228] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae954 | out: TokenHandle=0x3ae954*=0x31c) returned 1 [0068.231] CloseHandle (hObject=0x31c) returned 1 [0068.231] GetCurrentProcess () returned 0xffffffff [0068.232] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae96c | out: TokenHandle=0x3ae96c*=0x31c) returned 1 [0068.232] CloseHandle (hObject=0x31c) returned 1 [0068.238] SetEvent (hEvent=0x40) returned 1 [0068.251] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3aeb98*=0x290, lpdwindex=0x3ae9bc | out: lpdwindex=0x3ae9bc) returned 0x80010115 [0068.456] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3aeb78*=0x280, lpdwindex=0x3ae99c | out: lpdwindex=0x3ae99c) returned 0x80010115 [0068.456] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3aeb78*=0x288, lpdwindex=0x3ae99c | out: lpdwindex=0x3ae99c) returned 0x80010115 [0068.456] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3aebcc*=0x2b0, lpdwindex=0x3ae9f0 | out: lpdwindex=0x3ae9f0) returned 0x80010115 [0068.456] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3aebcc*=0x2b8, lpdwindex=0x3ae9f0 | out: lpdwindex=0x3ae9f0) returned 0x80010115 [0068.456] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x3aebcc*=0x2c0, lpdwindex=0x3ae9f0 | out: lpdwindex=0x3ae9f0) returned 0x80010115 [0068.460] GetCurrentProcess () returned 0xffffffff [0068.460] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae8d4 | out: TokenHandle=0x3ae8d4*=0x350) returned 1 [0068.461] CloseHandle (hObject=0x350) returned 1 [0068.462] GetCurrentProcess () returned 0xffffffff [0068.462] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae8ec | out: TokenHandle=0x3ae8ec*=0x350) returned 1 [0068.462] CloseHandle (hObject=0x350) returned 1 [0068.466] GetTimeZoneInformation (in: lpTimeZoneInformation=0x3aea9c | out: lpTimeZoneInformation=0x3aea9c) returned 0x2 [0068.506] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x3ae8f8 | out: pTimeZoneInformation=0x3ae8f8) returned 0x2 [0068.508] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae9dc | out: phkResult=0x3ae9dc*=0x350) returned 0x0 [0068.509] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x3ae9f8, lpData=0x0, lpcbData=0x3ae9f4*=0x0 | out: lpType=0x3ae9f8*=0x3, lpData=0x0, lpcbData=0x3ae9f4*=0x2c) returned 0x0 [0068.509] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x3ae9f8, lpData=0x25d6d3c, lpcbData=0x3ae9f4*=0x2c | out: lpType=0x3ae9f8*=0x3, lpData=0x25d6d3c*, lpcbData=0x3ae9f4*=0x2c) returned 0x0 [0068.510] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ae830 | out: phkResult=0x3ae830*=0x0) returned 0x2 [0068.511] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3ae9d0, lpData=0x0, lpcbData=0x3ae9cc*=0x0 | out: lpType=0x3ae9d0*=0x1, lpData=0x0, lpcbData=0x3ae9cc*=0x20) returned 0x0 [0068.511] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x3ae9d0, lpData=0x25d7160, lpcbData=0x3ae9cc*=0x20 | out: lpType=0x3ae9d0*=0x1, lpData="@tzres.dll,-320", lpcbData=0x3ae9cc*=0x20) returned 0x0 [0068.511] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3ae9d0, lpData=0x0, lpcbData=0x3ae9cc*=0x0 | out: lpType=0x3ae9d0*=0x1, lpData=0x0, lpcbData=0x3ae9cc*=0x20) returned 0x0 [0068.511] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x3ae9d0, lpData=0x25d71b8, lpcbData=0x3ae9cc*=0x20 | out: lpType=0x3ae9d0*=0x1, lpData="@tzres.dll,-322", lpcbData=0x3ae9cc*=0x20) returned 0x0 [0068.511] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3ae9d0, lpData=0x0, lpcbData=0x3ae9cc*=0x0 | out: lpType=0x3ae9d0*=0x1, lpData=0x0, lpcbData=0x3ae9cc*=0x20) returned 0x0 [0068.511] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x3ae9d0, lpData=0x25d7210, lpcbData=0x3ae9cc*=0x20 | out: lpType=0x3ae9d0*=0x1, lpData="@tzres.dll,-321", lpcbData=0x3ae9cc*=0x20) returned 0x0 [0068.519] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0068.519] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x2329e0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0068.520] CoTaskMemFree (pv=0x2329e0) [0068.520] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0068.520] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ae9ec, pwszFileMUIPath=0x2329e0, pcchFileMUIPath=0x3ae9f0, pululEnumerator=0x3ae9e4 | out: pwszLanguage=0x0, pcchLanguage=0x3ae9ec, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ae9f0, pululEnumerator=0x3ae9e4) returned 1 [0068.526] CoTaskMemFree (pv=0x0) [0068.526] CoTaskMemFree (pv=0x2329e0) [0068.527] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5c0001 [0068.531] CoTaskMemAlloc (cb=0x3ec) returned 0x2329e0 [0068.531] LoadStringW (in: hInstance=0x5c0001, uID=0x140, lpBuffer=0x2329e0, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0068.531] CoTaskMemFree (pv=0x2329e0) [0068.531] FreeLibrary (hLibModule=0x5c0001) returned 1 [0068.532] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0068.532] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x2329e0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0068.532] CoTaskMemFree (pv=0x2329e0) [0068.532] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0068.532] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ae9ec, pwszFileMUIPath=0x2329e0, pcchFileMUIPath=0x3ae9f0, pululEnumerator=0x3ae9e4 | out: pwszLanguage=0x0, pcchLanguage=0x3ae9ec, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ae9f0, pululEnumerator=0x3ae9e4) returned 1 [0068.534] CoTaskMemFree (pv=0x0) [0068.534] CoTaskMemFree (pv=0x2329e0) [0068.534] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5c0001 [0068.537] CoTaskMemAlloc (cb=0x3ec) returned 0x2329e0 [0068.537] LoadStringW (in: hInstance=0x5c0001, uID=0x142, lpBuffer=0x2329e0, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0068.537] CoTaskMemFree (pv=0x2329e0) [0068.537] FreeLibrary (hLibModule=0x5c0001) returned 1 [0068.538] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0068.538] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x2329e0 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0068.538] CoTaskMemFree (pv=0x2329e0) [0068.538] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0068.538] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x3ae9ec, pwszFileMUIPath=0x2329e0, pcchFileMUIPath=0x3ae9f0, pululEnumerator=0x3ae9e4 | out: pwszLanguage=0x0, pcchLanguage=0x3ae9ec, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x3ae9f0, pululEnumerator=0x3ae9e4) returned 1 [0068.540] CoTaskMemFree (pv=0x0) [0068.540] CoTaskMemFree (pv=0x2329e0) [0068.540] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5c0001 [0068.542] CoTaskMemAlloc (cb=0x3ec) returned 0x2329e0 [0068.542] LoadStringW (in: hInstance=0x5c0001, uID=0x141, lpBuffer=0x2329e0, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0068.542] CoTaskMemFree (pv=0x2329e0) [0068.542] FreeLibrary (hLibModule=0x5c0001) returned 1 [0068.543] RegCloseKey (hKey=0x350) returned 0x0 [0068.544] SetEvent (hEvent=0x40) returned 1 [0068.558] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x3aebf8 | out: pFixedInfo=0x0, pOutBufLen=0x3aebf8) returned 0x6f [0069.366] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x2329e0 [0069.366] GetNetworkParams (in: pFixedInfo=0x2329e0, pOutBufLen=0x3aebf8 | out: pFixedInfo=0x2329e0, pOutBufLen=0x3aebf8) returned 0x0 [0069.382] LocalFree (hMem=0x2329e0) returned 0x0 [0069.384] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0069.384] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x2329e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0069.384] CoTaskMemFree (pv=0x2329e0) [0069.385] CoTaskMemAlloc (cb=0x20c) returned 0x2329e0 [0069.385] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x2329e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0069.385] CoTaskMemFree (pv=0x2329e0) [0069.398] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x364 [0069.407] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x360 [0069.438] GetAddrInfoW (in: pNodeName="www.google.com", pServiceName=0x0, pHints=0x3aead4*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x3aea7c | out: ppResult=0x3aea7c*=0x2251d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x226440*(sa_family=2, sin_port=0x0, sin_addr="142.250.186.36"), ai_next=0x0)) returned 0 [0070.809] FreeAddrInfoW (pAddrInfo=0x2251d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x226440*(sa_family=2, sin_port=0x0, sin_addr="142.250.186.36"), ai_next=0x0)) [0070.810] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x36c [0070.811] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0070.811] ioctlsocket (in: s=0x36c, cmd=-2147195266, argp=0x3aeaac | out: argp=0x3aeaac) returned 0 [0070.811] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x378 [0070.811] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0070.811] ioctlsocket (in: s=0x378, cmd=-2147195266, argp=0x3aeaac | out: argp=0x3aeaac) returned 0 [0070.811] WSAIoctl (in: s=0x36c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3aea94, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3aea94, lpOverlapped=0x0) returned -1 [0070.812] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ae7c4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0070.812] WSAEventSelect (s=0x36c, hEventObject=0x374, lNetworkEvents=512) returned 0 [0070.812] WSAIoctl (in: s=0x378, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x3aea94, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x3aea94, lpOverlapped=0x0) returned -1 [0070.812] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x3ae7c4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0070.812] WSAEventSelect (s=0x378, hEventObject=0x37c, lNetworkEvents=512) returned 0 [0070.813] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x3aea90*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x3aea90*=0x7ec) returned 0x6f [0070.824] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x2361d8 [0070.824] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x2361d8, SizePointer=0x3aea90*=0x7ec | out: AdapterAddresses=0x2361d8*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x2364a4, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x236418, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x7, [2]=0x7d, [3]=0xd7, [4]=0x58, [5]=0x38, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x236350*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x3aea90*=0x7ec) returned 0x0 [0070.889] LocalFree (hMem=0x2361d8) returned 0x0 [0070.892] WSAConnect (in: s=0x364, name=0x25e2dc0*(sa_family=2, sin_port=0x1bb, sin_addr="142.250.186.36"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0070.945] closesocket (s=0x360) returned 0 [0071.552] EnumerateSecurityPackagesW (in: pcPackages=0x3aea00, ppPackageInfo=0x3ae994 | out: pcPackages=0x3aea00, ppPackageInfo=0x3ae994) returned 0x0 [0071.559] FreeContextBuffer (in: pvContextBuffer=0x2331e0 | out: pvContextBuffer=0x2331e0) returned 0x0 [0071.574] GetCurrentProcess () returned 0xffffffff [0071.574] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae7bc | out: TokenHandle=0x3ae7bc*=0x360) returned 1 [0071.576] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x25e4048, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x3ae810, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x25e56cc, ptsExpiry=0x3ae794 | out: phCredential=0x25e56cc, ptsExpiry=0x3ae794) returned 0x0 [0072.893] CloseHandle (hObject=0x360) returned 1 [0072.898] InitializeSecurityContextW (in: phCredential=0x3ae7e0, phContext=0x0, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e5868, pfContextAttr=0x25e400c, ptsExpiry=0x3ae7d8 | out: phNewContext=0x25e58d0, pOutput=0x25e5868, pfContextAttr=0x25e400c, ptsExpiry=0x3ae7d8) returned 0x90312 [0072.900] FreeContextBuffer (in: pvContextBuffer=0x2333a8 | out: pvContextBuffer=0x2333a8) returned 0x0 [0072.903] send (s=0x364, buf=0x25e58e4*, len=152, flags=0) returned 152 [0072.905] recv (in: s=0x364, buf=0x25e58e4, len=5, flags=0 | out: buf=0x25e58e4*) returned 5 [0072.929] recv (in: s=0x364, buf=0x25e58e9, len=87, flags=0 | out: buf=0x25e58e9*) returned 87 [0072.930] InitializeSecurityContextW (in: phCredential=0x3ae73c, phContext=0x3ae72c, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e5b3c, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e5b50, pfContextAttr=0x25e400c, ptsExpiry=0x3ae734 | out: phNewContext=0x25e58d0, pOutput=0x25e5b50, pfContextAttr=0x25e400c, ptsExpiry=0x3ae734) returned 0x90312 [0072.941] recv (in: s=0x364, buf=0x25e5be0, len=5, flags=0 | out: buf=0x25e5be0*) returned 5 [0072.941] recv (in: s=0x364, buf=0x25e5c05, len=3995, flags=0 | out: buf=0x25e5c05*) returned 3995 [0072.942] InitializeSecurityContextW (in: phCredential=0x3ae69c, phContext=0x3ae68c, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e6c10, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e6c24, pfContextAttr=0x25e400c, ptsExpiry=0x3ae694 | out: phNewContext=0x25e58d0, pOutput=0x25e6c24, pfContextAttr=0x25e400c, ptsExpiry=0x3ae694) returned 0x90312 [0072.955] recv (in: s=0x364, buf=0x25e6cb4, len=5, flags=0 | out: buf=0x25e6cb4*) returned 5 [0072.955] recv (in: s=0x364, buf=0x25e6ccd, len=148, flags=0 | out: buf=0x25e6ccd*) returned 148 [0072.955] InitializeSecurityContextW (in: phCredential=0x3ae5fc, phContext=0x3ae5ec, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e6dd4, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e6de8, pfContextAttr=0x25e400c, ptsExpiry=0x3ae5f4 | out: phNewContext=0x25e58d0, pOutput=0x25e6de8, pfContextAttr=0x25e400c, ptsExpiry=0x3ae5f4) returned 0x90312 [0072.955] recv (in: s=0x364, buf=0x25e6e78, len=5, flags=0 | out: buf=0x25e6e78*) returned 5 [0072.955] recv (in: s=0x364, buf=0x25e6e91, len=4, flags=0 | out: buf=0x25e6e91*) returned 4 [0072.956] InitializeSecurityContextW (in: phCredential=0x3ae55c, phContext=0x3ae54c, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e6f08, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e6f1c, pfContextAttr=0x25e400c, ptsExpiry=0x3ae554 | out: phNewContext=0x25e58d0, pOutput=0x25e6f1c, pfContextAttr=0x25e400c, ptsExpiry=0x3ae554) returned 0x90312 [0073.732] FreeContextBuffer (in: pvContextBuffer=0x1f0ef8 | out: pvContextBuffer=0x1f0ef8) returned 0x0 [0073.732] send (s=0x364, buf=0x25e6f98*, len=126, flags=0) returned 126 [0073.733] recv (in: s=0x364, buf=0x25e6f98, len=5, flags=0 | out: buf=0x25e6f98*) returned 5 [0073.750] recv (in: s=0x364, buf=0x25e6f9d, len=1, flags=0 | out: buf=0x25e6f9d*) returned 1 [0073.751] InitializeSecurityContextW (in: phCredential=0x3ae4bc, phContext=0x3ae4ac, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e709c, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e70b0, pfContextAttr=0x25e400c, ptsExpiry=0x3ae4b4 | out: phNewContext=0x25e58d0, pOutput=0x25e70b0, pfContextAttr=0x25e400c, ptsExpiry=0x3ae4b4) returned 0x90312 [0073.751] recv (in: s=0x364, buf=0x25e7140, len=5, flags=0 | out: buf=0x25e7140*) returned 5 [0073.751] recv (in: s=0x364, buf=0x25e7159, len=40, flags=0 | out: buf=0x25e7159*) returned 40 [0073.752] InitializeSecurityContextW (in: phCredential=0x3ae41c, phContext=0x3ae40c, pTargetName=0x25e2eb4, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e71f4, Reserved2=0x0, phNewContext=0x25e58d0, pOutput=0x25e7208, pfContextAttr=0x25e400c, ptsExpiry=0x3ae414 | out: phNewContext=0x25e58d0, pOutput=0x25e7208, pfContextAttr=0x25e400c, ptsExpiry=0x3ae414) returned 0x0 [0075.008] QueryContextAttributesW (in: phContext=0x25e58d0, ulAttribute=0x4, pBuffer=0x25e72b4 | out: pBuffer=0x25e72b4) returned 0x0 [0075.011] QueryContextAttributesW (in: phContext=0x25e58d0, ulAttribute=0x5a, pBuffer=0x25e730c | out: pBuffer=0x25e730c) returned 0x0 [0075.024] QueryContextAttributesW (in: phContext=0x25e58d0, ulAttribute=0x53, pBuffer=0x25e73b8 | out: pBuffer=0x25e73b8) returned 0x0 [0075.052] CertDuplicateCRLContext (pCrlContext=0x238c20) returned 0x238c20 [0075.053] CertDuplicateStore (hCertStore=0x21d448) returned 0x21d448 [0075.053] CertEnumCertificatesInStore (hCertStore=0x21d448, pPrevCertContext=0x0) returned 0x238cc0 [0075.054] CertDuplicateCRLContext (pCrlContext=0x238cc0) returned 0x238cc0 [0075.067] CertEnumCertificatesInStore (hCertStore=0x21d448, pPrevCertContext=0x238cc0) returned 0x238c70 [0075.068] CertDuplicateCRLContext (pCrlContext=0x238c70) returned 0x238c70 [0075.068] CertEnumCertificatesInStore (hCertStore=0x21d448, pPrevCertContext=0x238c70) returned 0x238c20 [0075.068] CertDuplicateCRLContext (pCrlContext=0x238c20) returned 0x238c20 [0075.068] CertEnumCertificatesInStore (hCertStore=0x21d448, pPrevCertContext=0x238c20) returned 0x0 [0075.068] CertCloseStore (hCertStore=0x21d448, dwFlags=0x0) returned 1 [0075.069] CertFreeCRLContext (pCrlContext=0x238c20) returned 1 [0075.084] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x20d138 [0075.087] CertAddCRLLinkToStore (in: hCertStore=0x20d138, pCrlContext=0x238cc0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0075.093] CertAddCRLLinkToStore (in: hCertStore=0x20d138, pCrlContext=0x238c70, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0075.093] CertAddCRLLinkToStore (in: hCertStore=0x20d138, pCrlContext=0x238c20, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0075.095] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x21a0c8 [0075.103] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x238c20, pTime=0x3ae428, hAdditionalStore=0x20d138, pChainPara=0x3ae368, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x3ae35c | out: ppChainContext=0x3ae35c) returned 1 [0079.625] LocalFree (hMem=0x21a0c8) returned 0x0 [0079.627] CertDuplicateCertificateChain (pChainContext=0x5a35900) returned 0x5a35900 [0079.631] CertDuplicateCRLContext (pCrlContext=0x238c20) returned 0x238c20 [0079.632] CertDuplicateCRLContext (pCrlContext=0x5a4d1c8) returned 0x5a4d1c8 [0079.632] CertDuplicateCRLContext (pCrlContext=0x5a4d268) returned 0x5a4d268 [0079.633] CertDuplicateCRLContext (pCrlContext=0x5a4d2b8) returned 0x5a4d2b8 [0079.633] CertFreeCertificateChain (pChainContext=0x5a35900) [0079.634] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5a35900, pPolicyPara=0x3ae508, pPolicyStatus=0x3ae4f4 | out: pPolicyStatus=0x3ae4f4) returned 1 [0079.635] SetLastError (dwErrCode=0x0) [0079.638] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5a35900, pPolicyPara=0x3ae568, pPolicyStatus=0x3ae51c | out: pPolicyStatus=0x3ae51c) returned 1 [0079.649] CertFreeCertificateChain (pChainContext=0x5a35900) [0079.650] CertFreeCRLContext (pCrlContext=0x238c20) returned 1 [0079.657] CoTaskMemAlloc (cb=0x20c) returned 0x5a6fc68 [0079.657] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5a6fc68, nSize=0x104 | out: lpBuffer="") returned 0x0 [0079.658] CoTaskMemFree (pv=0x5a6fc68) [0079.658] CoTaskMemAlloc (cb=0x20c) returned 0x5a6fc68 [0079.658] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5a6fc68, nSize=0x104 | out: lpBuffer="") returned 0x0 [0079.658] CoTaskMemFree (pv=0x5a6fc68) [0079.658] CoTaskMemAlloc (cb=0x20c) returned 0x5a6fc68 [0079.658] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5a6fc68, nSize=0x104 | out: lpBuffer="") returned 0x0 [0079.658] CoTaskMemFree (pv=0x5a6fc68) [0079.658] CoTaskMemAlloc (cb=0x20c) returned 0x5a6fc68 [0079.658] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5a6fc68, nSize=0x104 | out: lpBuffer="") returned 0x0 [0079.658] CoTaskMemFree (pv=0x5a6fc68) [0079.660] EncryptMessage (in: phContext=0x25e58d0, fQOP=0x0, pMessage=0x25ef6a0, MessageSeqNo=0x0 | out: pMessage=0x25ef6a0) returned 0x0 [0079.671] send (s=0x364, buf=0x25ee178*, len=93, flags=0) returned 93 [0079.677] setsockopt (s=0x364, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0079.681] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.751] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.753] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x25ffaa0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x25ffaa0, pfQOP=0x0) returned 0x0 [0079.792] GetCurrentProcess () returned 0xffffffff [0079.792] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9d4 | out: TokenHandle=0x3ae9d4*=0x550) returned 1 [0079.794] CloseHandle (hObject=0x550) returned 1 [0079.794] GetCurrentProcess () returned 0xffffffff [0079.795] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x3ae9ec | out: TokenHandle=0x3ae9ec*=0x550) returned 1 [0079.796] CloseHandle (hObject=0x550) returned 1 [0079.798] setsockopt (s=0x364, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0079.798] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed6c | out: lpPerformanceCount=0x3aed6c*=1629913838301) returned 1 [0079.798] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629913936642) returned 1 [0079.805] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.805] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.827] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604240, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604240, pfQOP=0x0) returned 0x0 [0079.827] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629916786345) returned 1 [0079.827] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.827] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.827] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604360, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604360, pfQOP=0x0) returned 0x0 [0079.827] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629916821334) returned 1 [0079.828] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.828] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.828] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604480, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604480, pfQOP=0x0) returned 0x0 [0079.828] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629916906597) returned 1 [0079.828] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.828] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.829] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26045a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26045a0, pfQOP=0x0) returned 0x0 [0079.829] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629916934756) returned 1 [0079.829] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.829] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.829] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26046c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26046c0, pfQOP=0x0) returned 0x0 [0079.829] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629916963479) returned 1 [0079.829] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.829] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.829] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26047e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26047e0, pfQOP=0x0) returned 0x0 [0079.829] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629916992436) returned 1 [0079.829] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.829] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.829] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604900, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604900, pfQOP=0x0) returned 0x0 [0079.829] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917021103) returned 1 [0079.830] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.830] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.830] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604a20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604a20, pfQOP=0x0) returned 0x0 [0079.830] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917048380) returned 1 [0079.830] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.830] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.830] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604b40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604b40, pfQOP=0x0) returned 0x0 [0079.830] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917077329) returned 1 [0079.830] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.830] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.830] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604c60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604c60, pfQOP=0x0) returned 0x0 [0079.830] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917105078) returned 1 [0079.830] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.830] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.831] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604d80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604d80, pfQOP=0x0) returned 0x0 [0079.831] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917133032) returned 1 [0079.831] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.831] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.831] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604ea0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604ea0, pfQOP=0x0) returned 0x0 [0079.831] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917160432) returned 1 [0079.831] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.831] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.831] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2604fc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604fc0, pfQOP=0x0) returned 0x0 [0079.831] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917191549) returned 1 [0079.831] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.831] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.831] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26050e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26050e0, pfQOP=0x0) returned 0x0 [0079.831] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917221567) returned 1 [0079.832] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.832] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.832] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605200, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605200, pfQOP=0x0) returned 0x0 [0079.832] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917252271) returned 1 [0079.832] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.832] recv (in: s=0x364, buf=0x25fb9e5, len=1181, flags=0 | out: buf=0x25fb9e5*) returned 1181 [0079.832] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605320, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605320, pfQOP=0x0) returned 0x0 [0079.832] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917289568) returned 1 [0079.832] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.832] recv (in: s=0x364, buf=0x25fb9e5, len=185, flags=0 | out: buf=0x25fb9e5*) returned 185 [0079.833] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605440, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605440, pfQOP=0x0) returned 0x0 [0079.833] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917341257) returned 1 [0079.833] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.833] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.833] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605560, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605560, pfQOP=0x0) returned 0x0 [0079.833] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917381689) returned 1 [0079.833] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.833] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.833] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605680, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605680, pfQOP=0x0) returned 0x0 [0079.833] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917417665) returned 1 [0079.834] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.834] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.834] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26057a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26057a0, pfQOP=0x0) returned 0x0 [0079.834] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917451184) returned 1 [0079.834] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.834] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.834] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26058c0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26058c0, pfQOP=0x0) returned 0x0 [0079.834] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917485031) returned 1 [0079.834] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.834] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.834] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26059e0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26059e0, pfQOP=0x0) returned 0x0 [0079.834] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917519453) returned 1 [0079.835] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.835] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.835] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605b00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605b00, pfQOP=0x0) returned 0x0 [0079.835] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917553553) returned 1 [0079.835] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.835] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.835] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605c20, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605c20, pfQOP=0x0) returned 0x0 [0079.835] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917593415) returned 1 [0079.835] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.835] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.835] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605d40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605d40, pfQOP=0x0) returned 0x0 [0079.836] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917628094) returned 1 [0079.836] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.836] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.836] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605e60, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605e60, pfQOP=0x0) returned 0x0 [0079.836] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917661622) returned 1 [0079.836] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.836] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.838] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2605f80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605f80, pfQOP=0x0) returned 0x0 [0079.838] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917863098) returned 1 [0079.838] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.838] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.838] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26060ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26060ac, pfQOP=0x0) returned 0x0 [0079.838] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917902886) returned 1 [0079.838] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.838] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.839] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26061cc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26061cc, pfQOP=0x0) returned 0x0 [0079.839] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629917941186) returned 1 [0079.839] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.839] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.839] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26062ec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26062ec, pfQOP=0x0) returned 0x0 [0079.839] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918014105) returned 1 [0079.840] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.840] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.840] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x260640c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260640c, pfQOP=0x0) returned 0x0 [0079.840] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918059810) returned 1 [0079.840] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.840] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.840] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x260652c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260652c, pfQOP=0x0) returned 0x0 [0079.840] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918101741) returned 1 [0079.840] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.840] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.841] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x260664c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260664c, pfQOP=0x0) returned 0x0 [0079.841] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918133200) returned 1 [0079.841] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.841] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.841] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x260676c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260676c, pfQOP=0x0) returned 0x0 [0079.841] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918167004) returned 1 [0079.841] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.841] recv (in: s=0x364, buf=0x25fb9e5, len=1425, flags=0 | out: buf=0x25fb9e5*) returned 1425 [0079.841] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x260688c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260688c, pfQOP=0x0) returned 0x0 [0079.841] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918201024) returned 1 [0079.841] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.842] recv (in: s=0x364, buf=0x25fb9e5, len=1283, flags=0 | out: buf=0x25fb9e5*) returned 1283 [0079.842] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x26069ac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26069ac, pfQOP=0x0) returned 0x0 [0079.842] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed34 | out: lpPerformanceCount=0x3aed34*=1629918257673) returned 1 [0079.842] recv (in: s=0x364, buf=0x25fb9e0, len=5, flags=0 | out: buf=0x25fb9e0*) returned 5 [0079.842] recv (in: s=0x364, buf=0x25fb9e5, len=29, flags=0 | out: buf=0x25fb9e5*) returned 29 [0079.842] DecryptMessage (in: phContext=0x25e58d0, pMessage=0x2606acc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2606acc, pfQOP=0x0) returned 0x0 [0079.843] SetEvent (hEvent=0x40) returned 1 [0079.843] QueryPerformanceCounter (in: lpPerformanceCount=0x3aed58 | out: lpPerformanceCount=0x3aed58*=1629918387016) returned 1 [0079.979] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae888, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0079.982] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ae890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0081.082] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x29400, lpName=0x0) returned 0x550 [0081.082] memcpy (in: _Dst=0x980000, _Src=0x3592960, _Size=0x29400 | out: _Dst=0x980000) returned 0x980000 [0081.084] CloseHandle (hObject=0x550) returned 1 [0081.862] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12600, lpName=0x0) returned 0x558 [0081.863] memcpy (in: _Dst=0xa00000, _Src=0x25d8f78, _Size=0x12600 | out: _Dst=0xa00000) returned 0xa00000 [0081.864] CloseHandle (hObject=0x558) returned 1 [0082.567] CoTaskMemAlloc (cb=0x20c) returned 0x23e1e0 [0082.567] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x23e1e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0082.567] CoTaskMemFree (pv=0x23e1e0) [0082.712] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cb [0082.712] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ca [0082.725] GetSystemMetrics (nIndex=75) returned 1 [0082.731] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0083.506] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x752b0000 [0083.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x3adf84, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0083.508] GetProcAddress (hModule=0x752b0000, lpProcName="AddDllDirectory") returned 0x753d1e91 [0083.508] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6d3a0000 [0083.540] AdjustWindowRectEx (in: lpRect=0x3ae0ec, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x3ae0ec) returned 1 [0083.545] GetCurrentProcess () returned 0xffffffff [0083.545] GetCurrentThread () returned 0xfffffffe [0083.545] GetCurrentProcess () returned 0xffffffff [0083.546] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x3ae004, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ae004*=0x598) returned 1 [0083.549] GetCurrentThreadId () returned 0xee0 [0083.560] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000 [0083.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x3ade1c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x0fn\x9eCk%Dþwq´æ:", lpUsedDefaultChar=0x0) returned 14 [0083.561] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd [0083.561] GetStockObject (i=5) returned 0x1900015 [0083.565] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0083.567] CoTaskMemAlloc (cb=0x5a) returned 0x5a0db10 [0083.567] RegisterClassW (lpWndClass=0x3ade0c) returned 0xc076 [0083.567] CoTaskMemFree (pv=0x5a0db10) [0083.568] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0083.578] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x10b0000, lpParam=0x0) returned 0x5018a [0083.581] SetWindowLongW (hWnd=0x5018a, nIndex=-4, dwNewLong=1995646429) returned 15271910 [0083.582] GetWindowLongW (hWnd=0x5018a, nIndex=-4) returned 1995646429 [0083.583] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x3ad720 | out: phkResult=0x3ad720*=0x59c) returned 0x0 [0083.584] RegQueryValueExW (in: hKey=0x59c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x3ad740, lpData=0x0, lpcbData=0x3ad73c*=0x0 | out: lpType=0x3ad740*=0x0, lpData=0x0, lpcbData=0x3ad73c*=0x0) returned 0x2 [0083.584] RegQueryValueExW (in: hKey=0x59c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x3ad740, lpData=0x0, lpcbData=0x3ad73c*=0x0 | out: lpType=0x3ad740*=0x0, lpData=0x0, lpcbData=0x3ad73c*=0x0) returned 0x2 [0083.584] RegCloseKey (hKey=0x59c) returned 0x0 [0083.587] SetWindowLongW (hWnd=0x5018a, nIndex=-4, dwNewLong=15271950) returned 1995646429 [0083.587] GetWindowLongW (hWnd=0x5018a, nIndex=-4) returned 15271950 [0083.587] GetWindowLongW (hWnd=0x5018a, nIndex=-16) returned 113311744 [0083.588] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc12d [0083.588] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x5018a, Msg=0x24, wParam=0x0, lParam=0x3ad9f8) returned 0x0 [0083.589] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc073 [0083.589] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x5018a, Msg=0x81, wParam=0x0, lParam=0x3ad9ec) returned 0x1 [0083.590] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x5018a, Msg=0x83, wParam=0x0, lParam=0x3ad9d8) returned 0x0 [0083.590] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x5018a, Msg=0x1, wParam=0x0, lParam=0x3ad9ec) returned 0x0 [0083.590] GetClientRect (in: hWnd=0x5018a, lpRect=0x3ad754 | out: lpRect=0x3ad754) returned 1 [0083.590] GetWindowRect (in: hWnd=0x5018a, lpRect=0x3ad754 | out: lpRect=0x3ad754) returned 1 [0083.592] GetParent (hWnd=0x5018a) returned 0x0 [0083.595] GetSystemMetrics (nIndex=59) returned 1460 [0083.595] GetSystemMetrics (nIndex=60) returned 920 [0083.595] GetSystemMetrics (nIndex=34) returned 132 [0083.595] GetSystemMetrics (nIndex=35) returned 38 [0083.595] AdjustWindowRectEx (in: lpRect=0x3ae028, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x3ae028) returned 1 [0083.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3d92980, Length=0x20000, ResultLength=0x3ae0f8 | out: SystemInformation=0x3d92980, ResultLength=0x3ae0f8*=0xe508) returned 0x0 [0083.823] GetSystemDefaultLCID () returned 0x409 [0083.823] GetStockObject (i=17) returned 0x18a0025 [0083.825] GetObjectW (in: h=0x18a0025, c=92, pv=0x3aded8 | out: pv=0x3aded8) returned 92 [0083.827] GetDC (hWnd=0x0) returned 0x4010b22 [0084.456] GdiplusStartup (in: token=0xb7870, input=0x3ad4a0, output=0x3ad4f0 | out: token=0xb7870, output=0x3ad4f0) returned 0x0 [0084.481] CoTaskMemAlloc (cb=0x5c) returned 0x5a0db10 [0084.482] GdipCreateFontFromLogfontW (hdc=0x4010b22, logfont=0x5a0db10, font=0x3adfa0) returned 0x0 [0091.149] CoTaskMemFree (pv=0x5a0db10) [0091.152] CoTaskMemAlloc (cb=0x5c) returned 0x5a0db10 [0091.152] CoTaskMemFree (pv=0x5a0db10) [0091.153] CoTaskMemAlloc (cb=0x5c) returned 0x5a0db10 [0091.153] CoTaskMemFree (pv=0x5a0db10) [0091.154] GdipGetFontUnit (font=0x57c2230, unit=0x3adf68) returned 0x0 [0091.154] GdipGetFontSize (font=0x57c2230, size=0x3adf6c) returned 0x0 [0091.155] GdipGetFontStyle (font=0x57c2230, style=0x3adf64) returned 0x0 [0091.155] GdipGetFamily (font=0x57c2230, family=0x3adf60) returned 0x0 [0091.157] GdipGetFontSize (font=0x57c2230, size=0x25ebbf0) returned 0x0 [0091.157] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0091.158] GetDC (hWnd=0x0) returned 0x170106ba [0091.160] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adf7c) returned 0x0 [0091.163] GdipGetDpiY (graphics=0xacf4d48, dpi=0x25ebccc) returned 0x0 [0091.163] GdipGetFontHeight (font=0x57c2230, graphics=0xacf4d48, height=0x3adf74) returned 0x0 [0091.164] GdipGetEmHeight (family=0x66cf6b0, style=0, EmHeight=0x3adf7c) returned 0x0 [0091.164] GdipGetLineSpacing (family=0x66cf6b0, style=0, LineSpacing=0x3adf7c) returned 0x0 [0091.165] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.165] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.167] GdipCreateFont (fontFamily=0x66cf6b0, emSize=0x41040000, style=0, unit=0x3, font=0x25ebce8) returned 0x0 [0091.167] GdipGetFontSize (font=0xadc0e68, size=0x25ebcec) returned 0x0 [0091.167] GdipDeleteFont (font=0x57c2230) returned 0x0 [0091.170] GetDC (hWnd=0x0) returned 0x170106ba [0091.170] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.170] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.171] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.171] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.171] GetSystemMetrics (nIndex=5) returned 1 [0091.171] GetSystemMetrics (nIndex=6) returned 1 [0091.174] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.177] GetSystemMetrics (nIndex=5) returned 1 [0091.177] GetSystemMetrics (nIndex=6) returned 1 [0091.178] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.178] GetCurrentThreadId () returned 0xee0 [0091.178] GetCurrentThreadId () returned 0xee0 [0091.182] GetDC (hWnd=0x0) returned 0x170106ba [0091.182] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.183] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.183] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.183] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.183] GetSystemMetrics (nIndex=5) returned 1 [0091.183] GetSystemMetrics (nIndex=6) returned 1 [0091.183] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.183] GetSystemMetrics (nIndex=5) returned 1 [0091.183] GetSystemMetrics (nIndex=6) returned 1 [0091.183] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.183] GetCurrentThreadId () returned 0xee0 [0091.183] GetCurrentThreadId () returned 0xee0 [0091.184] GetDC (hWnd=0x0) returned 0x170106ba [0091.184] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.184] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.184] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.184] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.185] GetSystemMetrics (nIndex=5) returned 1 [0091.185] GetSystemMetrics (nIndex=6) returned 1 [0091.185] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.185] GetSystemMetrics (nIndex=5) returned 1 [0091.185] GetSystemMetrics (nIndex=6) returned 1 [0091.185] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.185] GetCurrentThreadId () returned 0xee0 [0091.185] GetCurrentThreadId () returned 0xee0 [0091.186] GetDC (hWnd=0x0) returned 0x170106ba [0091.186] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.186] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.186] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.186] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.186] GetSystemMetrics (nIndex=5) returned 1 [0091.186] GetSystemMetrics (nIndex=6) returned 1 [0091.186] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.186] GetSystemMetrics (nIndex=5) returned 1 [0091.186] GetSystemMetrics (nIndex=6) returned 1 [0091.186] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.186] GetCurrentThreadId () returned 0xee0 [0091.186] GetCurrentThreadId () returned 0xee0 [0091.187] GetDC (hWnd=0x0) returned 0x170106ba [0091.187] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.187] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.187] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.187] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.187] GetSystemMetrics (nIndex=5) returned 1 [0091.187] GetSystemMetrics (nIndex=6) returned 1 [0091.188] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.188] GetSystemMetrics (nIndex=5) returned 1 [0091.188] GetSystemMetrics (nIndex=6) returned 1 [0091.188] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.188] GetCurrentThreadId () returned 0xee0 [0091.188] GetCurrentThreadId () returned 0xee0 [0091.188] GetDC (hWnd=0x0) returned 0x170106ba [0091.188] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.189] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.189] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.189] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.189] GetSystemMetrics (nIndex=5) returned 1 [0091.189] GetSystemMetrics (nIndex=6) returned 1 [0091.189] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.189] GetSystemMetrics (nIndex=5) returned 1 [0091.189] GetSystemMetrics (nIndex=6) returned 1 [0091.189] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.189] GetCurrentThreadId () returned 0xee0 [0091.189] GetCurrentThreadId () returned 0xee0 [0091.190] GetDC (hWnd=0x0) returned 0x170106ba [0091.190] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.190] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.190] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.190] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.190] GetSystemMetrics (nIndex=5) returned 1 [0091.191] GetSystemMetrics (nIndex=6) returned 1 [0091.191] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.191] GetSystemMetrics (nIndex=5) returned 1 [0091.191] GetSystemMetrics (nIndex=6) returned 1 [0091.191] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.191] GetCurrentThreadId () returned 0xee0 [0091.191] GetCurrentThreadId () returned 0xee0 [0091.191] GetDC (hWnd=0x0) returned 0x170106ba [0091.191] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.192] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.192] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.192] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.192] GetSystemMetrics (nIndex=5) returned 1 [0091.192] GetSystemMetrics (nIndex=6) returned 1 [0091.192] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.192] GetSystemMetrics (nIndex=5) returned 1 [0091.192] GetSystemMetrics (nIndex=6) returned 1 [0091.192] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.192] GetCurrentThreadId () returned 0xee0 [0091.192] GetCurrentThreadId () returned 0xee0 [0091.193] GetDC (hWnd=0x0) returned 0x170106ba [0091.193] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.193] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.193] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.193] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.193] GetSystemMetrics (nIndex=5) returned 1 [0091.193] GetSystemMetrics (nIndex=6) returned 1 [0091.193] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.193] GetSystemMetrics (nIndex=5) returned 1 [0091.194] GetSystemMetrics (nIndex=6) returned 1 [0091.194] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.194] GetCurrentThreadId () returned 0xee0 [0091.194] GetCurrentThreadId () returned 0xee0 [0091.194] GetDC (hWnd=0x0) returned 0x170106ba [0091.194] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.195] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.195] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.195] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.195] GetSystemMetrics (nIndex=5) returned 1 [0091.195] GetSystemMetrics (nIndex=6) returned 1 [0091.195] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.195] GetSystemMetrics (nIndex=5) returned 1 [0091.195] GetSystemMetrics (nIndex=6) returned 1 [0091.195] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.195] GetCurrentThreadId () returned 0xee0 [0091.195] GetCurrentThreadId () returned 0xee0 [0091.196] GetDC (hWnd=0x0) returned 0x170106ba [0091.196] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.196] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.196] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.196] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.197] GetSystemMetrics (nIndex=5) returned 1 [0091.197] GetSystemMetrics (nIndex=6) returned 1 [0091.197] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.197] GetSystemMetrics (nIndex=5) returned 1 [0091.197] GetSystemMetrics (nIndex=6) returned 1 [0091.197] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.197] GetCurrentThreadId () returned 0xee0 [0091.197] GetCurrentThreadId () returned 0xee0 [0091.197] GetDC (hWnd=0x0) returned 0x170106ba [0091.198] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.198] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.198] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.198] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.198] GetSystemMetrics (nIndex=5) returned 1 [0091.198] GetSystemMetrics (nIndex=6) returned 1 [0091.198] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.198] GetSystemMetrics (nIndex=5) returned 1 [0091.198] GetSystemMetrics (nIndex=6) returned 1 [0091.198] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.198] GetCurrentThreadId () returned 0xee0 [0091.198] GetCurrentThreadId () returned 0xee0 [0091.199] GetDC (hWnd=0x0) returned 0x170106ba [0091.199] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.199] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.199] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.199] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.199] GetSystemMetrics (nIndex=5) returned 1 [0091.199] GetSystemMetrics (nIndex=6) returned 1 [0091.199] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.199] GetSystemMetrics (nIndex=5) returned 1 [0091.199] GetSystemMetrics (nIndex=6) returned 1 [0091.199] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.199] GetCurrentThreadId () returned 0xee0 [0091.200] GetCurrentThreadId () returned 0xee0 [0091.200] GetDC (hWnd=0x0) returned 0x170106ba [0091.200] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.200] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.201] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.201] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.201] GetSystemMetrics (nIndex=5) returned 1 [0091.201] GetSystemMetrics (nIndex=6) returned 1 [0091.201] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.201] GetSystemMetrics (nIndex=5) returned 1 [0091.201] GetSystemMetrics (nIndex=6) returned 1 [0091.201] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.201] GetCurrentThreadId () returned 0xee0 [0091.201] GetCurrentThreadId () returned 0xee0 [0091.202] GetDC (hWnd=0x0) returned 0x170106ba [0091.202] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.202] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.202] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.202] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.202] GetSystemMetrics (nIndex=5) returned 1 [0091.202] GetSystemMetrics (nIndex=6) returned 1 [0091.202] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.202] GetSystemMetrics (nIndex=5) returned 1 [0091.202] GetSystemMetrics (nIndex=6) returned 1 [0091.202] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.202] GetCurrentThreadId () returned 0xee0 [0091.202] GetCurrentThreadId () returned 0xee0 [0091.203] GetDC (hWnd=0x0) returned 0x170106ba [0091.203] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.203] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.203] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.203] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.203] GetSystemMetrics (nIndex=5) returned 1 [0091.204] GetSystemMetrics (nIndex=6) returned 1 [0091.204] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.204] GetSystemMetrics (nIndex=5) returned 1 [0091.204] GetSystemMetrics (nIndex=6) returned 1 [0091.204] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.204] GetCurrentThreadId () returned 0xee0 [0091.204] GetCurrentThreadId () returned 0xee0 [0091.204] GetDC (hWnd=0x0) returned 0x170106ba [0091.204] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.205] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.205] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.205] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.205] GetSystemMetrics (nIndex=5) returned 1 [0091.205] GetSystemMetrics (nIndex=6) returned 1 [0091.205] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.205] GetSystemMetrics (nIndex=5) returned 1 [0091.205] GetSystemMetrics (nIndex=6) returned 1 [0091.205] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.205] GetCurrentThreadId () returned 0xee0 [0091.205] GetCurrentThreadId () returned 0xee0 [0091.206] GetDC (hWnd=0x0) returned 0x170106ba [0091.206] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.206] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.206] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.206] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.206] GetSystemMetrics (nIndex=5) returned 1 [0091.206] GetSystemMetrics (nIndex=6) returned 1 [0091.206] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.206] GetSystemMetrics (nIndex=5) returned 1 [0091.206] GetSystemMetrics (nIndex=6) returned 1 [0091.207] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.207] GetCurrentThreadId () returned 0xee0 [0091.207] GetCurrentThreadId () returned 0xee0 [0091.207] GetDC (hWnd=0x0) returned 0x170106ba [0091.207] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.208] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.208] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.208] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.208] GetSystemMetrics (nIndex=5) returned 1 [0091.208] GetSystemMetrics (nIndex=6) returned 1 [0091.208] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.208] GetSystemMetrics (nIndex=5) returned 1 [0091.208] GetSystemMetrics (nIndex=6) returned 1 [0091.208] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.208] GetCurrentThreadId () returned 0xee0 [0091.208] GetCurrentThreadId () returned 0xee0 [0091.209] GetDC (hWnd=0x0) returned 0x170106ba [0091.209] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.209] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.209] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.209] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.209] GetSystemMetrics (nIndex=5) returned 1 [0091.209] GetSystemMetrics (nIndex=6) returned 1 [0091.209] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.209] GetSystemMetrics (nIndex=5) returned 1 [0091.209] GetSystemMetrics (nIndex=6) returned 1 [0091.209] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.209] GetCurrentThreadId () returned 0xee0 [0091.209] GetCurrentThreadId () returned 0xee0 [0091.210] GetDC (hWnd=0x0) returned 0x170106ba [0091.210] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.211] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.211] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.211] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.211] GetSystemMetrics (nIndex=5) returned 1 [0091.211] GetSystemMetrics (nIndex=6) returned 1 [0091.211] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.211] GetSystemMetrics (nIndex=5) returned 1 [0091.211] GetSystemMetrics (nIndex=6) returned 1 [0091.211] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.211] GetCurrentThreadId () returned 0xee0 [0091.211] GetCurrentThreadId () returned 0xee0 [0091.212] GetDC (hWnd=0x0) returned 0x170106ba [0091.212] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.213] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.213] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.213] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.213] GetSystemMetrics (nIndex=5) returned 1 [0091.213] GetSystemMetrics (nIndex=6) returned 1 [0091.213] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.213] GetSystemMetrics (nIndex=5) returned 1 [0091.213] GetSystemMetrics (nIndex=6) returned 1 [0091.213] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.213] GetCurrentThreadId () returned 0xee0 [0091.213] GetCurrentThreadId () returned 0xee0 [0091.214] GetDC (hWnd=0x0) returned 0x170106ba [0091.214] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.214] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.214] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.214] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.214] GetSystemMetrics (nIndex=5) returned 1 [0091.214] GetSystemMetrics (nIndex=6) returned 1 [0091.214] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.214] GetSystemMetrics (nIndex=5) returned 1 [0091.214] GetSystemMetrics (nIndex=6) returned 1 [0091.214] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.214] GetCurrentThreadId () returned 0xee0 [0091.215] GetCurrentThreadId () returned 0xee0 [0091.215] GetDC (hWnd=0x0) returned 0x170106ba [0091.215] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.216] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.216] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.216] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.216] GetSystemMetrics (nIndex=5) returned 1 [0091.216] GetSystemMetrics (nIndex=6) returned 1 [0091.216] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.216] GetSystemMetrics (nIndex=5) returned 1 [0091.216] GetSystemMetrics (nIndex=6) returned 1 [0091.216] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.216] GetCurrentThreadId () returned 0xee0 [0091.216] GetCurrentThreadId () returned 0xee0 [0091.217] GetDC (hWnd=0x0) returned 0x170106ba [0091.217] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.217] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.217] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.217] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.217] GetSystemMetrics (nIndex=5) returned 1 [0091.217] GetSystemMetrics (nIndex=6) returned 1 [0091.217] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.217] GetSystemMetrics (nIndex=5) returned 1 [0091.218] GetSystemMetrics (nIndex=6) returned 1 [0091.218] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.218] GetCurrentThreadId () returned 0xee0 [0091.218] GetCurrentThreadId () returned 0xee0 [0091.218] GetDC (hWnd=0x0) returned 0x170106ba [0091.218] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.219] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.219] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.219] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.219] GetSystemMetrics (nIndex=5) returned 1 [0091.219] GetSystemMetrics (nIndex=6) returned 1 [0091.219] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.219] GetSystemMetrics (nIndex=5) returned 1 [0091.219] GetSystemMetrics (nIndex=6) returned 1 [0091.219] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.219] GetCurrentThreadId () returned 0xee0 [0091.219] GetCurrentThreadId () returned 0xee0 [0091.220] GetDC (hWnd=0x0) returned 0x170106ba [0091.220] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.220] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.220] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.220] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.220] GetSystemMetrics (nIndex=5) returned 1 [0091.220] GetSystemMetrics (nIndex=6) returned 1 [0091.220] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.220] GetSystemMetrics (nIndex=5) returned 1 [0091.220] GetSystemMetrics (nIndex=6) returned 1 [0091.221] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.221] GetCurrentThreadId () returned 0xee0 [0091.221] GetCurrentThreadId () returned 0xee0 [0091.221] GetDC (hWnd=0x0) returned 0x170106ba [0091.221] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.222] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.222] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.222] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.222] GetSystemMetrics (nIndex=5) returned 1 [0091.222] GetSystemMetrics (nIndex=6) returned 1 [0091.222] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.222] GetSystemMetrics (nIndex=5) returned 1 [0091.222] GetSystemMetrics (nIndex=6) returned 1 [0091.222] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.222] GetCurrentThreadId () returned 0xee0 [0091.222] GetCurrentThreadId () returned 0xee0 [0091.223] GetDC (hWnd=0x0) returned 0x170106ba [0091.223] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.223] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.223] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.223] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.223] GetSystemMetrics (nIndex=5) returned 1 [0091.223] GetSystemMetrics (nIndex=6) returned 1 [0091.223] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.223] GetSystemMetrics (nIndex=5) returned 1 [0091.223] GetSystemMetrics (nIndex=6) returned 1 [0091.223] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.223] GetCurrentThreadId () returned 0xee0 [0091.223] GetCurrentThreadId () returned 0xee0 [0091.224] GetDC (hWnd=0x0) returned 0x170106ba [0091.224] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.224] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.224] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.225] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.225] GetSystemMetrics (nIndex=5) returned 1 [0091.225] GetSystemMetrics (nIndex=6) returned 1 [0091.225] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.225] GetSystemMetrics (nIndex=5) returned 1 [0091.225] GetSystemMetrics (nIndex=6) returned 1 [0091.225] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.225] GetCurrentThreadId () returned 0xee0 [0091.225] GetCurrentThreadId () returned 0xee0 [0091.226] GetDC (hWnd=0x0) returned 0x170106ba [0091.226] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.226] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.226] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.226] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.226] GetSystemMetrics (nIndex=5) returned 1 [0091.226] GetSystemMetrics (nIndex=6) returned 1 [0091.226] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.226] GetSystemMetrics (nIndex=5) returned 1 [0091.226] GetSystemMetrics (nIndex=6) returned 1 [0091.226] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.226] GetCurrentThreadId () returned 0xee0 [0091.226] GetCurrentThreadId () returned 0xee0 [0091.227] GetDC (hWnd=0x0) returned 0x170106ba [0091.227] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.228] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.228] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.228] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.228] GetSystemMetrics (nIndex=5) returned 1 [0091.228] GetSystemMetrics (nIndex=6) returned 1 [0091.228] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.228] GetSystemMetrics (nIndex=5) returned 1 [0091.228] GetSystemMetrics (nIndex=6) returned 1 [0091.228] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.228] GetCurrentThreadId () returned 0xee0 [0091.228] GetCurrentThreadId () returned 0xee0 [0091.229] GetDC (hWnd=0x0) returned 0x170106ba [0091.229] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.229] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.229] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.229] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.229] GetSystemMetrics (nIndex=5) returned 1 [0091.229] GetSystemMetrics (nIndex=6) returned 1 [0091.229] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.230] GetSystemMetrics (nIndex=5) returned 1 [0091.230] GetSystemMetrics (nIndex=6) returned 1 [0091.230] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.230] GetCurrentThreadId () returned 0xee0 [0091.230] GetCurrentThreadId () returned 0xee0 [0091.230] GetDC (hWnd=0x0) returned 0x170106ba [0091.230] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.231] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.231] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.231] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.231] GetSystemMetrics (nIndex=5) returned 1 [0091.231] GetSystemMetrics (nIndex=6) returned 1 [0091.231] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.231] GetSystemMetrics (nIndex=5) returned 1 [0091.231] GetSystemMetrics (nIndex=6) returned 1 [0091.231] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.231] GetCurrentThreadId () returned 0xee0 [0091.231] GetCurrentThreadId () returned 0xee0 [0091.232] GetDC (hWnd=0x0) returned 0x170106ba [0091.232] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.232] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.232] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.232] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.232] GetSystemMetrics (nIndex=5) returned 1 [0091.232] GetSystemMetrics (nIndex=6) returned 1 [0091.232] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.232] GetSystemMetrics (nIndex=5) returned 1 [0091.232] GetSystemMetrics (nIndex=6) returned 1 [0091.232] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.232] GetCurrentThreadId () returned 0xee0 [0091.233] GetCurrentThreadId () returned 0xee0 [0091.233] GetDC (hWnd=0x0) returned 0x170106ba [0091.233] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.234] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.234] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.234] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.234] GetSystemMetrics (nIndex=5) returned 1 [0091.234] GetSystemMetrics (nIndex=6) returned 1 [0091.234] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.234] GetSystemMetrics (nIndex=5) returned 1 [0091.234] GetSystemMetrics (nIndex=6) returned 1 [0091.234] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.234] GetCurrentThreadId () returned 0xee0 [0091.234] GetCurrentThreadId () returned 0xee0 [0091.235] GetDC (hWnd=0x0) returned 0x170106ba [0091.235] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.235] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.235] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.235] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.235] GetSystemMetrics (nIndex=5) returned 1 [0091.235] GetSystemMetrics (nIndex=6) returned 1 [0091.235] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.235] GetSystemMetrics (nIndex=5) returned 1 [0091.235] GetSystemMetrics (nIndex=6) returned 1 [0091.235] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.235] GetCurrentThreadId () returned 0xee0 [0091.235] GetCurrentThreadId () returned 0xee0 [0091.236] GetDC (hWnd=0x0) returned 0x170106ba [0091.236] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.236] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.236] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.237] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.237] GetSystemMetrics (nIndex=5) returned 1 [0091.237] GetSystemMetrics (nIndex=6) returned 1 [0091.237] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.237] GetSystemMetrics (nIndex=5) returned 1 [0091.237] GetSystemMetrics (nIndex=6) returned 1 [0091.237] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.237] GetCurrentThreadId () returned 0xee0 [0091.237] GetCurrentThreadId () returned 0xee0 [0091.238] GetDC (hWnd=0x0) returned 0x170106ba [0091.238] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.238] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.238] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.238] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.238] GetSystemMetrics (nIndex=5) returned 1 [0091.238] GetSystemMetrics (nIndex=6) returned 1 [0091.238] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.239] GetSystemMetrics (nIndex=5) returned 1 [0091.239] GetSystemMetrics (nIndex=6) returned 1 [0091.239] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.239] GetCurrentThreadId () returned 0xee0 [0091.239] GetCurrentThreadId () returned 0xee0 [0091.239] GetDC (hWnd=0x0) returned 0x170106ba [0091.239] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.240] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.240] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.240] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.240] GetSystemMetrics (nIndex=5) returned 1 [0091.240] GetSystemMetrics (nIndex=6) returned 1 [0091.240] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.240] GetSystemMetrics (nIndex=5) returned 1 [0091.240] GetSystemMetrics (nIndex=6) returned 1 [0091.240] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.240] GetCurrentThreadId () returned 0xee0 [0091.240] GetCurrentThreadId () returned 0xee0 [0091.241] GetDC (hWnd=0x0) returned 0x170106ba [0091.241] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.241] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.241] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.241] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.241] GetSystemMetrics (nIndex=5) returned 1 [0091.241] GetSystemMetrics (nIndex=6) returned 1 [0091.241] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.241] GetSystemMetrics (nIndex=5) returned 1 [0091.241] GetSystemMetrics (nIndex=6) returned 1 [0091.241] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.241] GetCurrentThreadId () returned 0xee0 [0091.242] GetCurrentThreadId () returned 0xee0 [0091.242] GetDC (hWnd=0x0) returned 0x170106ba [0091.242] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.242] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.243] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.243] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.243] GetSystemMetrics (nIndex=5) returned 1 [0091.243] GetSystemMetrics (nIndex=6) returned 1 [0091.243] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.243] GetSystemMetrics (nIndex=5) returned 1 [0091.243] GetSystemMetrics (nIndex=6) returned 1 [0091.243] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.243] GetCurrentThreadId () returned 0xee0 [0091.243] GetCurrentThreadId () returned 0xee0 [0091.244] GetDC (hWnd=0x0) returned 0x170106ba [0091.244] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.244] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.244] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.244] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.244] GetSystemMetrics (nIndex=5) returned 1 [0091.244] GetSystemMetrics (nIndex=6) returned 1 [0091.244] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.244] GetSystemMetrics (nIndex=5) returned 1 [0091.244] GetSystemMetrics (nIndex=6) returned 1 [0091.244] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.244] GetCurrentThreadId () returned 0xee0 [0091.244] GetCurrentThreadId () returned 0xee0 [0091.245] GetDC (hWnd=0x0) returned 0x170106ba [0091.245] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.245] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.245] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.245] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.246] GetSystemMetrics (nIndex=5) returned 1 [0091.246] GetSystemMetrics (nIndex=6) returned 1 [0091.246] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.246] GetSystemMetrics (nIndex=5) returned 1 [0091.246] GetSystemMetrics (nIndex=6) returned 1 [0091.246] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.246] GetCurrentThreadId () returned 0xee0 [0091.246] GetCurrentThreadId () returned 0xee0 [0091.247] GetDC (hWnd=0x0) returned 0x170106ba [0091.247] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.247] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.247] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.247] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.247] GetSystemMetrics (nIndex=5) returned 1 [0091.247] GetSystemMetrics (nIndex=6) returned 1 [0091.247] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.247] GetSystemMetrics (nIndex=5) returned 1 [0091.247] GetSystemMetrics (nIndex=6) returned 1 [0091.247] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.247] GetCurrentThreadId () returned 0xee0 [0091.247] GetCurrentThreadId () returned 0xee0 [0091.248] GetDC (hWnd=0x0) returned 0x170106ba [0091.248] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.248] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.248] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.248] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.248] GetSystemMetrics (nIndex=5) returned 1 [0091.249] GetSystemMetrics (nIndex=6) returned 1 [0091.249] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.249] GetSystemMetrics (nIndex=5) returned 1 [0091.249] GetSystemMetrics (nIndex=6) returned 1 [0091.249] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.249] GetCurrentThreadId () returned 0xee0 [0091.249] GetCurrentThreadId () returned 0xee0 [0091.250] GetDC (hWnd=0x0) returned 0x170106ba [0091.250] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.250] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.250] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.250] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.250] GetSystemMetrics (nIndex=5) returned 1 [0091.250] GetSystemMetrics (nIndex=6) returned 1 [0091.250] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.250] GetSystemMetrics (nIndex=5) returned 1 [0091.250] GetSystemMetrics (nIndex=6) returned 1 [0091.250] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.250] GetCurrentThreadId () returned 0xee0 [0091.250] GetCurrentThreadId () returned 0xee0 [0091.251] GetDC (hWnd=0x0) returned 0x170106ba [0091.251] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.251] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.251] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.251] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.251] GetSystemMetrics (nIndex=5) returned 1 [0091.251] GetSystemMetrics (nIndex=6) returned 1 [0091.251] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.252] GetSystemMetrics (nIndex=5) returned 1 [0091.252] GetSystemMetrics (nIndex=6) returned 1 [0091.252] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.252] GetCurrentThreadId () returned 0xee0 [0091.252] GetCurrentThreadId () returned 0xee0 [0091.252] GetDC (hWnd=0x0) returned 0x170106ba [0091.252] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.253] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.253] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.253] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.253] GetSystemMetrics (nIndex=5) returned 1 [0091.253] GetSystemMetrics (nIndex=6) returned 1 [0091.253] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.253] GetSystemMetrics (nIndex=5) returned 1 [0091.253] GetSystemMetrics (nIndex=6) returned 1 [0091.253] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.253] GetCurrentThreadId () returned 0xee0 [0091.253] GetCurrentThreadId () returned 0xee0 [0091.253] GetDC (hWnd=0x0) returned 0x170106ba [0091.253] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.254] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.254] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.254] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.254] GetSystemMetrics (nIndex=5) returned 1 [0091.254] GetSystemMetrics (nIndex=6) returned 1 [0091.254] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.254] GetSystemMetrics (nIndex=5) returned 1 [0091.254] GetSystemMetrics (nIndex=6) returned 1 [0091.254] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.254] GetCurrentThreadId () returned 0xee0 [0091.254] GetCurrentThreadId () returned 0xee0 [0091.254] GetDC (hWnd=0x0) returned 0x170106ba [0091.254] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.254] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.254] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.254] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.254] GetSystemMetrics (nIndex=5) returned 1 [0091.254] GetSystemMetrics (nIndex=6) returned 1 [0091.254] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.254] GetSystemMetrics (nIndex=5) returned 1 [0091.255] GetSystemMetrics (nIndex=6) returned 1 [0091.255] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.255] GetCurrentThreadId () returned 0xee0 [0091.255] GetCurrentThreadId () returned 0xee0 [0091.255] GetDC (hWnd=0x0) returned 0x170106ba [0091.255] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.255] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.255] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.255] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.255] GetSystemMetrics (nIndex=5) returned 1 [0091.255] GetSystemMetrics (nIndex=6) returned 1 [0091.255] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.255] GetSystemMetrics (nIndex=5) returned 1 [0091.255] GetSystemMetrics (nIndex=6) returned 1 [0091.255] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.255] GetCurrentThreadId () returned 0xee0 [0091.255] GetCurrentThreadId () returned 0xee0 [0091.255] GetDC (hWnd=0x0) returned 0x170106ba [0091.255] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.256] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.256] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.256] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.256] GetSystemMetrics (nIndex=5) returned 1 [0091.256] GetSystemMetrics (nIndex=6) returned 1 [0091.256] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.256] GetSystemMetrics (nIndex=5) returned 1 [0091.256] GetSystemMetrics (nIndex=6) returned 1 [0091.256] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.256] GetCurrentThreadId () returned 0xee0 [0091.256] GetCurrentThreadId () returned 0xee0 [0091.256] GetDC (hWnd=0x0) returned 0x170106ba [0091.256] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.256] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.256] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.256] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.256] GetSystemMetrics (nIndex=5) returned 1 [0091.256] GetSystemMetrics (nIndex=6) returned 1 [0091.256] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.256] GetSystemMetrics (nIndex=5) returned 1 [0091.256] GetSystemMetrics (nIndex=6) returned 1 [0091.256] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.256] GetCurrentThreadId () returned 0xee0 [0091.257] GetCurrentThreadId () returned 0xee0 [0091.257] GetDC (hWnd=0x0) returned 0x170106ba [0091.257] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.257] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.257] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.257] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.257] GetSystemMetrics (nIndex=5) returned 1 [0091.257] GetSystemMetrics (nIndex=6) returned 1 [0091.257] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.257] GetSystemMetrics (nIndex=5) returned 1 [0091.257] GetSystemMetrics (nIndex=6) returned 1 [0091.257] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.257] GetCurrentThreadId () returned 0xee0 [0091.257] GetCurrentThreadId () returned 0xee0 [0091.257] GetDC (hWnd=0x0) returned 0x170106ba [0091.257] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.257] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.257] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.257] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.258] GetSystemMetrics (nIndex=5) returned 1 [0091.258] GetSystemMetrics (nIndex=6) returned 1 [0091.258] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.258] GetSystemMetrics (nIndex=5) returned 1 [0091.258] GetSystemMetrics (nIndex=6) returned 1 [0091.258] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.258] GetCurrentThreadId () returned 0xee0 [0091.258] GetCurrentThreadId () returned 0xee0 [0091.258] GetDC (hWnd=0x0) returned 0x170106ba [0091.258] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.258] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.258] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.258] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.258] GetSystemMetrics (nIndex=5) returned 1 [0091.260] GetSystemMetrics (nIndex=6) returned 1 [0091.260] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.260] GetSystemMetrics (nIndex=5) returned 1 [0091.260] GetSystemMetrics (nIndex=6) returned 1 [0091.260] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.260] GetCurrentThreadId () returned 0xee0 [0091.260] GetCurrentThreadId () returned 0xee0 [0091.260] GetDC (hWnd=0x0) returned 0x170106ba [0091.260] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.260] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.260] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.260] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.260] GetSystemMetrics (nIndex=5) returned 1 [0091.260] GetSystemMetrics (nIndex=6) returned 1 [0091.260] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.261] GetSystemMetrics (nIndex=5) returned 1 [0091.261] GetSystemMetrics (nIndex=6) returned 1 [0091.261] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.261] GetCurrentThreadId () returned 0xee0 [0091.261] GetCurrentThreadId () returned 0xee0 [0091.261] GetDC (hWnd=0x0) returned 0x170106ba [0091.261] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.261] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.261] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.261] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.261] GetSystemMetrics (nIndex=5) returned 1 [0091.261] GetSystemMetrics (nIndex=6) returned 1 [0091.261] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.261] GetSystemMetrics (nIndex=5) returned 1 [0091.261] GetSystemMetrics (nIndex=6) returned 1 [0091.261] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.261] GetCurrentThreadId () returned 0xee0 [0091.261] GetCurrentThreadId () returned 0xee0 [0091.261] GetDC (hWnd=0x0) returned 0x170106ba [0091.261] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.261] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.262] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.262] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.262] GetSystemMetrics (nIndex=5) returned 1 [0091.262] GetSystemMetrics (nIndex=6) returned 1 [0091.262] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.262] GetSystemMetrics (nIndex=5) returned 1 [0091.262] GetSystemMetrics (nIndex=6) returned 1 [0091.262] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.262] GetCurrentThreadId () returned 0xee0 [0091.262] GetCurrentThreadId () returned 0xee0 [0091.262] GetDC (hWnd=0x0) returned 0x170106ba [0091.262] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.262] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.262] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.262] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.262] GetSystemMetrics (nIndex=5) returned 1 [0091.262] GetSystemMetrics (nIndex=6) returned 1 [0091.262] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.262] GetSystemMetrics (nIndex=5) returned 1 [0091.262] GetSystemMetrics (nIndex=6) returned 1 [0091.262] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.262] GetCurrentThreadId () returned 0xee0 [0091.262] GetCurrentThreadId () returned 0xee0 [0091.262] GetDC (hWnd=0x0) returned 0x170106ba [0091.262] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.263] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.263] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.263] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.263] GetSystemMetrics (nIndex=5) returned 1 [0091.263] GetSystemMetrics (nIndex=6) returned 1 [0091.263] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.263] GetSystemMetrics (nIndex=5) returned 1 [0091.263] GetSystemMetrics (nIndex=6) returned 1 [0091.263] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.263] GetCurrentThreadId () returned 0xee0 [0091.263] GetCurrentThreadId () returned 0xee0 [0091.263] GetDC (hWnd=0x0) returned 0x170106ba [0091.263] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.263] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.263] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.263] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.264] GetSystemMetrics (nIndex=5) returned 1 [0091.264] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.264] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.264] GetCurrentThreadId () returned 0xee0 [0091.264] GetCurrentThreadId () returned 0xee0 [0091.265] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.265] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.265] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.265] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.265] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.265] GetCurrentThreadId () returned 0xee0 [0091.265] GetCurrentThreadId () returned 0xee0 [0091.266] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.266] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.266] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.266] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.266] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.266] GetCurrentThreadId () returned 0xee0 [0091.266] GetCurrentThreadId () returned 0xee0 [0091.266] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.266] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.266] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.266] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.266] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.267] GetCurrentThreadId () returned 0xee0 [0091.267] GetCurrentThreadId () returned 0xee0 [0091.267] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.267] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.267] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.267] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.267] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.267] GetCurrentThreadId () returned 0xee0 [0091.267] GetCurrentThreadId () returned 0xee0 [0091.267] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.267] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.267] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.267] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.267] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.267] GetCurrentThreadId () returned 0xee0 [0091.267] GetCurrentThreadId () returned 0xee0 [0091.268] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.268] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.268] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.268] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.268] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.268] GetCurrentThreadId () returned 0xee0 [0091.268] GetCurrentThreadId () returned 0xee0 [0091.268] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.268] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.268] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.269] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.269] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.269] GetCurrentThreadId () returned 0xee0 [0091.269] GetCurrentThreadId () returned 0xee0 [0091.269] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.269] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.269] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.269] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.269] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.269] GetCurrentThreadId () returned 0xee0 [0091.269] GetCurrentThreadId () returned 0xee0 [0091.270] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.270] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.270] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.270] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.270] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.270] GetCurrentThreadId () returned 0xee0 [0091.270] GetCurrentThreadId () returned 0xee0 [0091.270] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.270] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.271] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.271] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.271] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.271] GetCurrentThreadId () returned 0xee0 [0091.271] GetCurrentThreadId () returned 0xee0 [0091.271] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.271] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.271] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.271] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.271] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.271] GetCurrentThreadId () returned 0xee0 [0091.271] GetCurrentThreadId () returned 0xee0 [0091.272] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.272] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.272] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.272] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.272] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.272] GetCurrentThreadId () returned 0xee0 [0091.272] GetCurrentThreadId () returned 0xee0 [0091.272] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.272] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.273] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.273] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.273] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.273] GetCurrentThreadId () returned 0xee0 [0091.273] GetCurrentThreadId () returned 0xee0 [0091.273] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.273] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.273] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.273] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.273] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.273] GetCurrentThreadId () returned 0xee0 [0091.273] GetCurrentThreadId () returned 0xee0 [0091.274] GetDC (hWnd=0x0) returned 0x170106ba [0091.274] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.274] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.274] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.274] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.274] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.275] GetCurrentThreadId () returned 0xee0 [0091.275] GetCurrentThreadId () returned 0xee0 [0091.275] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.275] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.275] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.275] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.275] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.275] GetCurrentThreadId () returned 0xee0 [0091.275] GetCurrentThreadId () returned 0xee0 [0091.275] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.275] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.275] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.276] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.276] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.276] GetCurrentThreadId () returned 0xee0 [0091.276] GetCurrentThreadId () returned 0xee0 [0091.276] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.276] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.276] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.276] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.276] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.276] GetCurrentThreadId () returned 0xee0 [0091.276] GetCurrentThreadId () returned 0xee0 [0091.276] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.276] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.276] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.276] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.276] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.276] GetCurrentThreadId () returned 0xee0 [0091.276] GetCurrentThreadId () returned 0xee0 [0091.277] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.277] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.277] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.277] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.277] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.277] GetCurrentThreadId () returned 0xee0 [0091.277] GetCurrentThreadId () returned 0xee0 [0091.277] GetDC (hWnd=0x0) returned 0x170106ba [0091.277] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.277] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.277] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.277] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.277] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.277] GetCurrentThreadId () returned 0xee0 [0091.278] GetCurrentThreadId () returned 0xee0 [0091.278] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.278] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.278] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.278] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.278] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.278] GetCurrentThreadId () returned 0xee0 [0091.278] GetCurrentThreadId () returned 0xee0 [0091.278] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.278] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.278] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.278] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.278] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.278] GetCurrentThreadId () returned 0xee0 [0091.278] GetCurrentThreadId () returned 0xee0 [0091.278] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.279] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.279] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.279] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.279] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.279] GetCurrentThreadId () returned 0xee0 [0091.279] GetCurrentThreadId () returned 0xee0 [0091.279] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.279] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.279] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.279] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.279] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.279] GetCurrentThreadId () returned 0xee0 [0091.279] GetCurrentThreadId () returned 0xee0 [0091.279] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.279] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.279] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.279] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.280] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.280] GetCurrentThreadId () returned 0xee0 [0091.280] GetCurrentThreadId () returned 0xee0 [0091.280] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.280] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.280] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.280] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.280] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.280] GetCurrentThreadId () returned 0xee0 [0091.280] GetCurrentThreadId () returned 0xee0 [0091.280] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.280] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.280] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.280] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.280] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.280] GetCurrentThreadId () returned 0xee0 [0091.280] GetCurrentThreadId () returned 0xee0 [0091.281] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.281] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.281] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.281] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.281] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.281] GetCurrentThreadId () returned 0xee0 [0091.281] GetCurrentThreadId () returned 0xee0 [0091.281] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.281] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.281] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.281] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.281] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.281] GetCurrentThreadId () returned 0xee0 [0091.281] GetCurrentThreadId () returned 0xee0 [0091.281] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3adff0) returned 0x0 [0091.281] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4d48, height=0x3adfe8) returned 0x0 [0091.281] GdipDeleteGraphics (graphics=0xacf4d48) returned 0x0 [0091.282] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae118) returned 1 [0091.282] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x3ae07c) returned 1 [0091.282] GetCurrentThreadId () returned 0xee0 [0091.282] GetCurrentThreadId () returned 0xee0 [0091.285] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.286] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.294] GetProcessWindowStation () returned 0x60 [0091.295] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x261cc88, nLength=0xc, lpnLengthNeeded=0x3adf58 | out: pvInfo=0x261cc88, lpnLengthNeeded=0x3adf58) returned 1 [0091.298] SetConsoleCtrlHandler (HandlerRoutine=0xe90836, Add=1) returned 1 [0091.299] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0091.299] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0091.300] GetClassInfoW (in: hInstance=0x10b0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWndClass=0x261ccec | out: lpWndClass=0x261ccec) returned 0 [0091.303] CoTaskMemAlloc (cb=0x56) returned 0x59ee6e0 [0091.303] RegisterClassW (lpWndClass=0x3adea8) returned 0xc1cd [0091.303] CoTaskMemFree (pv=0x59ee6e0) [0091.304] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x10b0000, lpParam=0x0) returned 0x40182 [0091.306] NtdllDefWindowProc_W () returned 0x1 [0091.308] NtdllDefWindowProc_W () returned 0x0 [0091.308] NtdllDefWindowProc_W () returned 0x0 [0091.308] NtdllDefWindowProc_W () returned 0x0 [0091.308] NtdllDefWindowProc_W () returned 0x0 [0091.311] GetSysColor (nIndex=10) returned 0xb4b4b4 [0091.311] GetSysColor (nIndex=2) returned 0xd1b499 [0091.311] GetSysColor (nIndex=9) returned 0x0 [0091.311] GetSysColor (nIndex=12) returned 0xababab [0091.311] GetSysColor (nIndex=15) returned 0xf0f0f0 [0091.311] GetSysColor (nIndex=20) returned 0xffffff [0091.311] GetSysColor (nIndex=16) returned 0xa0a0a0 [0091.311] GetSysColor (nIndex=15) returned 0xf0f0f0 [0091.311] GetSysColor (nIndex=16) returned 0xa0a0a0 [0091.311] GetSysColor (nIndex=21) returned 0x696969 [0091.311] GetSysColor (nIndex=22) returned 0xe3e3e3 [0091.311] GetSysColor (nIndex=20) returned 0xffffff [0091.311] GetSysColor (nIndex=18) returned 0x0 [0091.311] GetSysColor (nIndex=1) returned 0x0 [0091.311] GetSysColor (nIndex=27) returned 0xead1b9 [0091.312] GetSysColor (nIndex=28) returned 0xf2e4d7 [0091.312] GetSysColor (nIndex=17) returned 0x6d6d6d [0091.312] GetSysColor (nIndex=13) returned 0xff9933 [0091.312] GetSysColor (nIndex=14) returned 0xffffff [0091.312] GetSysColor (nIndex=26) returned 0xcc6600 [0091.312] GetSysColor (nIndex=11) returned 0xfcf7f4 [0091.312] GetSysColor (nIndex=3) returned 0xdbcdbf [0091.312] GetSysColor (nIndex=19) returned 0x544e43 [0091.312] GetSysColor (nIndex=24) returned 0xe1ffff [0091.312] GetSysColor (nIndex=23) returned 0x0 [0091.312] GetSysColor (nIndex=4) returned 0xf0f0f0 [0091.312] GetSysColor (nIndex=30) returned 0xf0f0f0 [0091.312] GetSysColor (nIndex=29) returned 0xff9933 [0091.312] GetSysColor (nIndex=7) returned 0x0 [0091.312] GetSysColor (nIndex=0) returned 0xc8c8c8 [0091.312] GetSysColor (nIndex=5) returned 0xffffff [0091.312] GetSysColor (nIndex=6) returned 0x646464 [0091.312] GetSysColor (nIndex=8) returned 0x0 [0091.312] GetCurrentThreadId () returned 0xee0 [0091.313] GetCurrentThreadId () returned 0xee0 [0091.314] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.314] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.315] GetCurrentThreadId () returned 0xee0 [0091.315] GetCurrentThreadId () returned 0xee0 [0091.316] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.316] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.316] GetCurrentThreadId () returned 0xee0 [0091.316] GetCurrentThreadId () returned 0xee0 [0091.317] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.317] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.317] GetCurrentThreadId () returned 0xee0 [0091.317] GetCurrentThreadId () returned 0xee0 [0091.318] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.318] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.318] GetCurrentThreadId () returned 0xee0 [0091.318] GetCurrentThreadId () returned 0xee0 [0091.318] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.318] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.319] GetCurrentThreadId () returned 0xee0 [0091.319] GetCurrentThreadId () returned 0xee0 [0091.319] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.319] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.319] GetCurrentThreadId () returned 0xee0 [0091.319] GetCurrentThreadId () returned 0xee0 [0091.320] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.320] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.320] GetCurrentThreadId () returned 0xee0 [0091.320] GetCurrentThreadId () returned 0xee0 [0091.321] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.321] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.321] GetCurrentThreadId () returned 0xee0 [0091.321] GetCurrentThreadId () returned 0xee0 [0091.322] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.322] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.322] GetCurrentThreadId () returned 0xee0 [0091.322] GetCurrentThreadId () returned 0xee0 [0091.323] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.323] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.323] GetCurrentThreadId () returned 0xee0 [0091.323] GetCurrentThreadId () returned 0xee0 [0091.324] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.324] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.324] GetCurrentThreadId () returned 0xee0 [0091.324] GetCurrentThreadId () returned 0xee0 [0091.324] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.324] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.325] GetCurrentThreadId () returned 0xee0 [0091.325] GetCurrentThreadId () returned 0xee0 [0091.325] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.325] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.325] GetCurrentThreadId () returned 0xee0 [0091.325] GetCurrentThreadId () returned 0xee0 [0091.326] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.326] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.326] GetCurrentThreadId () returned 0xee0 [0091.326] GetCurrentThreadId () returned 0xee0 [0091.327] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.327] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.327] GetCurrentThreadId () returned 0xee0 [0091.327] GetCurrentThreadId () returned 0xee0 [0091.328] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.328] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.328] GetCurrentThreadId () returned 0xee0 [0091.328] GetCurrentThreadId () returned 0xee0 [0091.329] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.329] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.329] GetCurrentThreadId () returned 0xee0 [0091.329] GetCurrentThreadId () returned 0xee0 [0091.329] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.330] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.330] GetCurrentThreadId () returned 0xee0 [0091.330] GetCurrentThreadId () returned 0xee0 [0091.330] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.330] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.330] GetCurrentThreadId () returned 0xee0 [0091.330] GetCurrentThreadId () returned 0xee0 [0091.331] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.331] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.331] GetCurrentThreadId () returned 0xee0 [0091.331] GetCurrentThreadId () returned 0xee0 [0091.332] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.332] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.332] GetCurrentThreadId () returned 0xee0 [0091.332] GetCurrentThreadId () returned 0xee0 [0091.333] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.333] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.333] GetCurrentThreadId () returned 0xee0 [0091.333] GetCurrentThreadId () returned 0xee0 [0091.334] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.334] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.334] GetCurrentThreadId () returned 0xee0 [0091.334] GetCurrentThreadId () returned 0xee0 [0091.334] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.335] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.335] GetCurrentThreadId () returned 0xee0 [0091.335] GetCurrentThreadId () returned 0xee0 [0091.335] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.335] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.335] GetCurrentThreadId () returned 0xee0 [0091.335] GetCurrentThreadId () returned 0xee0 [0091.336] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.336] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.336] GetCurrentThreadId () returned 0xee0 [0091.336] GetCurrentThreadId () returned 0xee0 [0091.337] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.337] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.337] GetCurrentThreadId () returned 0xee0 [0091.337] GetCurrentThreadId () returned 0xee0 [0091.338] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.338] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.338] GetCurrentThreadId () returned 0xee0 [0091.338] GetCurrentThreadId () returned 0xee0 [0091.339] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.339] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.339] GetCurrentThreadId () returned 0xee0 [0091.339] GetCurrentThreadId () returned 0xee0 [0091.340] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.340] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.340] GetCurrentThreadId () returned 0xee0 [0091.340] GetCurrentThreadId () returned 0xee0 [0091.340] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.341] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.341] GetCurrentThreadId () returned 0xee0 [0091.341] GetCurrentThreadId () returned 0xee0 [0091.341] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.341] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.341] GetCurrentThreadId () returned 0xee0 [0091.341] GetCurrentThreadId () returned 0xee0 [0091.342] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.342] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.342] GetCurrentThreadId () returned 0xee0 [0091.342] GetCurrentThreadId () returned 0xee0 [0091.343] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.343] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.343] GetCurrentThreadId () returned 0xee0 [0091.343] GetCurrentThreadId () returned 0xee0 [0091.344] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.344] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.344] GetCurrentThreadId () returned 0xee0 [0091.344] GetCurrentThreadId () returned 0xee0 [0091.345] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.345] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.345] GetCurrentThreadId () returned 0xee0 [0091.345] GetCurrentThreadId () returned 0xee0 [0091.346] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.346] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.346] GetCurrentThreadId () returned 0xee0 [0091.346] GetCurrentThreadId () returned 0xee0 [0091.346] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.347] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.347] GetCurrentThreadId () returned 0xee0 [0091.347] GetCurrentThreadId () returned 0xee0 [0091.347] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.347] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.347] GetCurrentThreadId () returned 0xee0 [0091.347] GetCurrentThreadId () returned 0xee0 [0091.348] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.348] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.348] GetCurrentThreadId () returned 0xee0 [0091.348] GetCurrentThreadId () returned 0xee0 [0091.349] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.349] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.349] GetCurrentThreadId () returned 0xee0 [0091.349] GetCurrentThreadId () returned 0xee0 [0091.350] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.350] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.350] GetCurrentThreadId () returned 0xee0 [0091.350] GetCurrentThreadId () returned 0xee0 [0091.351] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.351] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.351] GetCurrentThreadId () returned 0xee0 [0091.351] GetCurrentThreadId () returned 0xee0 [0091.351] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.351] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.351] GetCurrentThreadId () returned 0xee0 [0091.351] GetCurrentThreadId () returned 0xee0 [0091.352] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.352] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.352] GetCurrentThreadId () returned 0xee0 [0091.353] GetCurrentThreadId () returned 0xee0 [0091.353] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.353] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.353] GetCurrentThreadId () returned 0xee0 [0091.353] GetCurrentThreadId () returned 0xee0 [0091.354] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.354] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.354] GetCurrentThreadId () returned 0xee0 [0091.354] GetCurrentThreadId () returned 0xee0 [0091.355] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.355] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.355] GetCurrentThreadId () returned 0xee0 [0091.355] GetCurrentThreadId () returned 0xee0 [0091.356] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.356] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.356] GetCurrentThreadId () returned 0xee0 [0091.356] GetCurrentThreadId () returned 0xee0 [0091.357] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.357] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.357] GetCurrentThreadId () returned 0xee0 [0091.357] GetCurrentThreadId () returned 0xee0 [0091.358] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.358] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.358] GetCurrentThreadId () returned 0xee0 [0091.358] GetCurrentThreadId () returned 0xee0 [0091.359] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.359] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.359] GetCurrentThreadId () returned 0xee0 [0091.359] GetCurrentThreadId () returned 0xee0 [0091.359] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.359] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.359] GetCurrentThreadId () returned 0xee0 [0091.359] GetCurrentThreadId () returned 0xee0 [0091.360] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.361] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.361] GetCurrentThreadId () returned 0xee0 [0091.361] GetCurrentThreadId () returned 0xee0 [0091.362] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.362] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.362] GetCurrentThreadId () returned 0xee0 [0091.362] GetCurrentThreadId () returned 0xee0 [0091.362] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.362] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.362] GetCurrentThreadId () returned 0xee0 [0091.362] GetCurrentThreadId () returned 0xee0 [0091.363] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.363] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.363] GetCurrentThreadId () returned 0xee0 [0091.363] GetCurrentThreadId () returned 0xee0 [0091.364] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.364] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.364] GetCurrentThreadId () returned 0xee0 [0091.364] GetCurrentThreadId () returned 0xee0 [0091.364] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.364] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.364] GetCurrentThreadId () returned 0xee0 [0091.364] GetCurrentThreadId () returned 0xee0 [0091.365] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.365] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.365] GetCurrentThreadId () returned 0xee0 [0091.365] GetCurrentThreadId () returned 0xee0 [0091.366] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.366] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.366] GetCurrentThreadId () returned 0xee0 [0091.366] GetCurrentThreadId () returned 0xee0 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.367] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.367] GetCurrentThreadId () returned 0xee0 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.368] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.368] GetCurrentThreadId () returned 0xee0 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] GetCurrentThreadId () returned 0xee0 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.369] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] GetCurrentThreadId () returned 0xee0 [0091.370] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] GetCurrentThreadId () returned 0xee0 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.371] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.372] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.372] GetCurrentThreadId () returned 0xee0 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.373] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.373] GetCurrentThreadId () returned 0xee0 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.374] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.374] GetCurrentThreadId () returned 0xee0 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.375] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.375] GetCurrentThreadId () returned 0xee0 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.376] GetCurrentThreadId () returned 0xee0 [0091.376] GetCurrentThreadId () returned 0xee0 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.376] GetCurrentThreadId () returned 0xee0 [0091.376] GetCurrentThreadId () returned 0xee0 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.376] GetCurrentThreadId () returned 0xee0 [0091.376] GetCurrentThreadId () returned 0xee0 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.376] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.377] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.377] GetCurrentThreadId () returned 0xee0 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.378] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.378] GetCurrentThreadId () returned 0xee0 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.379] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.379] GetCurrentThreadId () returned 0xee0 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.380] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.380] GetCurrentThreadId () returned 0xee0 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.381] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.381] GetCurrentThreadId () returned 0xee0 [0091.382] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.382] AdjustWindowRectEx (in: lpRect=0x3ae0a8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae0a8) returned 1 [0091.382] GetCurrentThreadId () returned 0xee0 [0091.382] GetCurrentThreadId () returned 0xee0 [0091.382] AdjustWindowRectEx (in: lpRect=0x3ae11c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae11c) returned 1 [0091.382] AdjustWindowRectEx (in: lpRect=0x3ae07c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae07c) returned 1 [0091.382] GetCurrentThreadId () returned 0xee0 [0091.382] AdjustWindowRectEx (in: lpRect=0x3ae118, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae118) returned 1 [0091.400] GdipCreateSolidFill (color=0xffababab, brush=0x3ae044) returned 0x0 [0091.407] GetSystemMetrics (nIndex=3) returned 17 [0091.407] AdjustWindowRectEx (in: lpRect=0x3ae070, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae070) returned 1 [0091.409] GetSystemMetrics (nIndex=2) returned 17 [0091.409] AdjustWindowRectEx (in: lpRect=0x3ae070, dwStyle=0x56010001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae070) returned 1 [0091.410] AdjustWindowRectEx (in: lpRect=0x3ae080, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae080) returned 1 [0091.417] GdipCreatePen1 (color=0xffa0a0a0, width=0x3f800000, unit=0x0, pen=0x3ae070) returned 0x0 [0091.432] GetSystemMetrics (nIndex=68) returned 4 [0091.432] GetSystemMetrics (nIndex=69) returned 4 [0091.456] AdjustWindowRectEx (in: lpRect=0x3adffc, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3adffc) returned 1 [0091.464] GetCurrentThreadId () returned 0xee0 [0091.464] GetCurrentThreadId () returned 0xee0 [0091.476] AdjustWindowRectEx (in: lpRect=0x3ae000, dwStyle=0x56000001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae000) returned 1 [0091.476] GetCurrentThreadId () returned 0xee0 [0091.476] GetCurrentThreadId () returned 0xee0 [0091.479] AdjustWindowRectEx (in: lpRect=0x3ae070, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x3ae070) returned 1 [0091.535] GetDC (hWnd=0x0) returned 0x170106ba [0091.536] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae048) returned 0x0 [0091.536] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae040) returned 0x0 [0091.536] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.536] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.538] GetDC (hWnd=0x0) returned 0x170106ba [0091.538] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae034) returned 0x0 [0091.539] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae02c) returned 0x0 [0091.539] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.539] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.550] GetCurrentThreadId () returned 0xee0 [0091.550] GetCurrentThreadId () returned 0xee0 [0091.551] GetDC (hWnd=0x0) returned 0x170106ba [0091.551] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.551] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.551] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.551] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.553] GetDC (hWnd=0x0) returned 0x170106ba [0091.553] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.553] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.553] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.553] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.553] GetDC (hWnd=0x0) returned 0x170106ba [0091.554] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.554] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.554] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.554] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.554] GetDC (hWnd=0x0) returned 0x170106ba [0091.554] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.554] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.554] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.555] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.555] GetDC (hWnd=0x0) returned 0x170106ba [0091.555] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.555] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.555] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.556] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.556] GetDC (hWnd=0x0) returned 0x170106ba [0091.556] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.556] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.556] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.556] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.557] GetDC (hWnd=0x0) returned 0x170106ba [0091.557] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.557] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.557] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.557] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.557] GetDC (hWnd=0x0) returned 0x170106ba [0091.557] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.558] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.558] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.558] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.558] GetDC (hWnd=0x0) returned 0x170106ba [0091.558] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.559] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.559] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.559] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.559] GetDC (hWnd=0x0) returned 0x170106ba [0091.559] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.559] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.559] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.559] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.560] GetDC (hWnd=0x0) returned 0x170106ba [0091.560] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.560] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.560] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.560] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.560] GetDC (hWnd=0x0) returned 0x170106ba [0091.561] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.561] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.561] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.561] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.561] GetDC (hWnd=0x0) returned 0x170106ba [0091.561] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.562] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.562] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.562] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.562] GetDC (hWnd=0x0) returned 0x170106ba [0091.562] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.562] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.562] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.562] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.563] GetDC (hWnd=0x0) returned 0x170106ba [0091.563] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.563] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.563] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.563] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.564] GetDC (hWnd=0x0) returned 0x170106ba [0091.564] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.564] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.564] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.564] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.564] GetDC (hWnd=0x0) returned 0x170106ba [0091.564] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.564] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.565] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.565] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.565] GetDC (hWnd=0x0) returned 0x170106ba [0091.565] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.565] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.565] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.565] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.566] GetDC (hWnd=0x0) returned 0x170106ba [0091.566] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.566] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.566] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.566] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.566] GetDC (hWnd=0x0) returned 0x170106ba [0091.566] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.567] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.567] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.567] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.567] GetDC (hWnd=0x0) returned 0x170106ba [0091.567] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.568] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.568] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.568] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.568] GetDC (hWnd=0x0) returned 0x170106ba [0091.568] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.568] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.569] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.569] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.569] GetDC (hWnd=0x0) returned 0x170106ba [0091.569] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.569] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.569] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.570] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.570] GetDC (hWnd=0x0) returned 0x170106ba [0091.570] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.571] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.571] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.572] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.572] GetDC (hWnd=0x0) returned 0x170106ba [0091.572] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.572] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.572] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.573] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.573] GetDC (hWnd=0x0) returned 0x170106ba [0091.573] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.573] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.573] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.573] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.574] GetDC (hWnd=0x0) returned 0x170106ba [0091.574] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.574] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.574] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.574] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.575] GetDC (hWnd=0x0) returned 0x170106ba [0091.575] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.575] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.575] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.575] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.576] GetDC (hWnd=0x0) returned 0x170106ba [0091.576] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.576] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.576] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.576] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.576] GetDC (hWnd=0x0) returned 0x170106ba [0091.576] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ae088) returned 0x0 [0091.577] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ae080) returned 0x0 [0091.577] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.577] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.626] GetDC (hWnd=0x0) returned 0x170106ba [0091.626] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.626] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.626] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.626] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.644] GetDC (hWnd=0x0) returned 0x170106ba [0091.644] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.644] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.644] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.644] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.660] GetDC (hWnd=0x0) returned 0x170106ba [0091.660] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.660] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.660] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.660] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.660] GetDC (hWnd=0x0) returned 0x170106ba [0091.660] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.661] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.661] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.661] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.661] GetDC (hWnd=0x0) returned 0x170106ba [0091.661] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.661] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.661] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.661] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.662] GetDC (hWnd=0x0) returned 0x170106ba [0091.662] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.662] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.662] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.662] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.663] GetDC (hWnd=0x0) returned 0x170106ba [0091.663] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.663] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.663] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.663] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.663] GetDC (hWnd=0x0) returned 0x170106ba [0091.663] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.663] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.664] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.664] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.664] GetDC (hWnd=0x0) returned 0x170106ba [0091.664] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.665] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.665] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.665] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.665] GetDC (hWnd=0x0) returned 0x170106ba [0091.665] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.665] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.665] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.665] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.666] GetDC (hWnd=0x0) returned 0x170106ba [0091.666] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.666] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.666] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.666] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.666] GetDC (hWnd=0x0) returned 0x170106ba [0091.667] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.667] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.667] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.667] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.667] GetDC (hWnd=0x0) returned 0x170106ba [0091.667] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.667] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.668] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.668] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.668] GetDC (hWnd=0x0) returned 0x170106ba [0091.668] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.668] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.668] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.668] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.669] GetDC (hWnd=0x0) returned 0x170106ba [0091.669] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.669] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.669] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.669] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.669] GetDC (hWnd=0x0) returned 0x170106ba [0091.669] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.670] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.670] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.670] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.670] GetDC (hWnd=0x0) returned 0x170106ba [0091.670] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.670] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.670] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.670] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.671] GetDC (hWnd=0x0) returned 0x170106ba [0091.671] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.671] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.671] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.671] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.672] GetDC (hWnd=0x0) returned 0x170106ba [0091.672] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.672] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.672] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.672] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.672] GetDC (hWnd=0x0) returned 0x170106ba [0091.672] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.673] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.673] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.673] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.673] GetDC (hWnd=0x0) returned 0x170106ba [0091.673] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.673] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.673] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.673] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.674] GetDC (hWnd=0x0) returned 0x170106ba [0091.674] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.674] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.674] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.674] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.675] GetDC (hWnd=0x0) returned 0x170106ba [0091.675] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.675] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.675] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.675] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.675] GetDC (hWnd=0x0) returned 0x170106ba [0091.675] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.676] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.676] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.676] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.676] GetDC (hWnd=0x0) returned 0x170106ba [0091.676] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.676] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.676] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.676] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.677] GetDC (hWnd=0x0) returned 0x170106ba [0091.677] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.677] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.677] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.677] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.677] GetDC (hWnd=0x0) returned 0x170106ba [0091.677] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.678] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.678] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.678] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.678] GetDC (hWnd=0x0) returned 0x170106ba [0091.678] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.678] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.678] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.678] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.679] GetDC (hWnd=0x0) returned 0x170106ba [0091.679] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.679] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.679] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.679] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.679] GetDC (hWnd=0x0) returned 0x170106ba [0091.680] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.680] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.680] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.680] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.680] GetDC (hWnd=0x0) returned 0x170106ba [0091.680] GdipCreateFromHDC (hdc=0x170106ba, graphics=0x3ade24) returned 0x0 [0091.680] GdipGetFontHeight (font=0xadc0e68, graphics=0xacf4e78, height=0x3ade1c) returned 0x0 [0091.680] GdipDeleteGraphics (graphics=0xacf4e78) returned 0x0 [0091.681] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0091.685] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ad8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0091.714] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe\\:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe\\:zone.identifier")) returned 0 [0091.758] GetCurrentProcessId () returned 0xedc [0091.759] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xedc) returned 0x5ac [0091.759] EnumProcessModules (in: hProcess=0x5ac, lphModule=0x264413c, cb=0x100, lpcbNeeded=0x3adca8 | out: lphModule=0x264413c, lpcbNeeded=0x3adca8) returned 1 [0091.761] EnumProcessModules (in: hProcess=0x5ac, lphModule=0x2644254, cb=0x200, lpcbNeeded=0x3adca8 | out: lphModule=0x2644254, lpcbNeeded=0x3adca8) returned 1 [0091.762] GetModuleInformation (in: hProcess=0x5ac, hModule=0x10b0000, lpmodinfo=0x2644494, cb=0xc | out: lpmodinfo=0x2644494*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0091.762] CoTaskMemAlloc (cb=0x804) returned 0x5a86e48 [0091.762] GetModuleBaseNameW (in: hProcess=0x5ac, hModule=0x10b0000, lpBaseName=0x5a86e48, nSize=0x800 | out: lpBaseName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe") returned 0x44 [0091.763] CoTaskMemFree (pv=0x5a86e48) [0091.763] CoTaskMemAlloc (cb=0x804) returned 0x5a86e48 [0091.763] GetModuleFileNameExW (in: hProcess=0x5ac, hModule=0x10b0000, lpFilename=0x5a86e48, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe")) returned 0x5f [0091.763] CoTaskMemFree (pv=0x5a86e48) [0091.763] CloseHandle (hObject=0x5ac) returned 1 [0091.888] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config", nBufferLength=0x105, lpBuffer=0x3ad5b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config", lpFilePart=0x0) returned 0x66 [0091.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad800) returned 1 [0091.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x3adac4 | out: lpFileInformation=0x3adac4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0091.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad7fc) returned 1 [0092.176] GdipLoadImageFromStream (stream=0x430030, image=0x3ad750) returned 0x0 [0092.521] GdipImageForceValidation (image=0xacf4e78) returned 0x0 [0092.533] GdipGetImageType (image=0xacf4e78, type=0x3ad74c) returned 0x0 [0092.534] GdipGetImageRawFormat (image=0xacf4e78, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.543] GdipLoadImageFromStream (stream=0x430010, image=0x3ad750) returned 0x0 [0092.544] GdipImageForceValidation (image=0xaf95af8) returned 0x0 [0092.553] GdipGetImageType (image=0xaf95af8, type=0x3ad74c) returned 0x0 [0092.553] GdipGetImageRawFormat (image=0xaf95af8, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.566] GdipLoadImageFromStream (stream=0x43fff0, image=0x3ad750) returned 0x0 [0092.567] GdipImageForceValidation (image=0xaf9b8f0) returned 0x0 [0092.577] GdipGetImageType (image=0xaf9b8f0, type=0x3ad74c) returned 0x0 [0092.577] GdipGetImageRawFormat (image=0xaf9b8f0, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.590] GdipLoadImageFromStream (stream=0x43ffd0, image=0x3ad750) returned 0x0 [0092.591] GdipImageForceValidation (image=0xafa1978) returned 0x0 [0092.600] GdipGetImageType (image=0xafa1978, type=0x3ad74c) returned 0x0 [0092.600] GdipGetImageRawFormat (image=0xafa1978, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.613] GdipLoadImageFromStream (stream=0x43ffb0, image=0x3ad750) returned 0x0 [0092.614] GdipImageForceValidation (image=0xafa7a00) returned 0x0 [0092.624] GdipGetImageType (image=0xafa7a00, type=0x3ad74c) returned 0x0 [0092.624] GdipGetImageRawFormat (image=0xafa7a00, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.639] GdipLoadImageFromStream (stream=0x43ff90, image=0x3ad750) returned 0x0 [0092.640] GdipImageForceValidation (image=0xafada88) returned 0x0 [0092.652] GdipGetImageType (image=0xafada88, type=0x3ad74c) returned 0x0 [0092.652] GdipGetImageRawFormat (image=0xafada88, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.706] GdipLoadImageFromStream (stream=0x43ff70, image=0x3ad750) returned 0x0 [0092.707] GdipImageForceValidation (image=0xafb3b10) returned 0x0 [0092.716] GdipGetImageType (image=0xafb3b10, type=0x3ad74c) returned 0x0 [0092.716] GdipGetImageRawFormat (image=0xafb3b10, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.736] GdipLoadImageFromStream (stream=0x43ff50, image=0x3ad750) returned 0x0 [0092.737] GdipImageForceValidation (image=0xafb9b98) returned 0x0 [0092.746] GdipGetImageType (image=0xafb9b98, type=0x3ad74c) returned 0x0 [0092.746] GdipGetImageRawFormat (image=0xafb9b98, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.758] GdipLoadImageFromStream (stream=0x43ff30, image=0x3ad750) returned 0x0 [0092.759] GdipImageForceValidation (image=0xafbfc20) returned 0x0 [0092.768] GdipGetImageType (image=0xafbfc20, type=0x3ad74c) returned 0x0 [0092.768] GdipGetImageRawFormat (image=0xafbfc20, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.781] GdipLoadImageFromStream (stream=0x43ff10, image=0x3ad750) returned 0x0 [0092.782] GdipImageForceValidation (image=0xafc5ca8) returned 0x0 [0092.791] GdipGetImageType (image=0xafc5ca8, type=0x3ad74c) returned 0x0 [0092.791] GdipGetImageRawFormat (image=0xafc5ca8, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.803] GdipLoadImageFromStream (stream=0x43fef0, image=0x3ad750) returned 0x0 [0092.804] GdipImageForceValidation (image=0xafcc530) returned 0x0 [0092.814] GdipGetImageType (image=0xafcc530, type=0x3ad74c) returned 0x0 [0092.814] GdipGetImageRawFormat (image=0xafcc530, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.846] GdipLoadImageFromStream (stream=0x43fed0, image=0x3ad750) returned 0x0 [0092.847] GdipImageForceValidation (image=0xafd25b8) returned 0x0 [0092.856] GdipGetImageType (image=0xafd25b8, type=0x3ad74c) returned 0x0 [0092.856] GdipGetImageRawFormat (image=0xafd25b8, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.870] GdipLoadImageFromStream (stream=0x43feb0, image=0x3ad750) returned 0x0 [0092.871] GdipImageForceValidation (image=0xafda5b0) returned 0x0 [0092.889] GdipGetImageType (image=0xafda5b0, type=0x3ad74c) returned 0x0 [0092.889] GdipGetImageRawFormat (image=0xafda5b0, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.903] GdipLoadImageFromStream (stream=0x43fe90, image=0x3ad750) returned 0x0 [0092.905] GdipImageForceValidation (image=0xafe05a8) returned 0x0 [0092.916] GdipGetImageType (image=0xafe05a8, type=0x3ad74c) returned 0x0 [0092.916] GdipGetImageRawFormat (image=0xafe05a8, format=0x3ad6c0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0092.957] GdipGetImageWidth (image=0xacf4e78, width=0x3adc88) returned 0x0 [0092.957] GdipGetImageHeight (image=0xacf4e78, height=0x3adc88) returned 0x0 [0092.963] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0092.964] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5a9b9f8 [0092.964] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5a9b9f8 | out: encoders=0x5a9b9f8) returned 0x0 [0092.975] LocalFree (hMem=0x5a9b9f8) returned 0x0 [0092.986] GdipSaveImageToStream (image=0xacf4e78, stream=0x43fe70, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.039] GdipCreateBitmapFromStream (stream=0x43fe50, bitmap=0x3adc90) returned 0x0 [0093.041] GdipImageForceValidation (image=0xafe8470) returned 0x0 [0093.044] GdipGetImageRawFormat (image=0xafe8470, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.048] GdipBitmapLockBits (bitmap=0xafe8470, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x2720f84) returned 0x0 [0093.060] GdipBitmapUnlockBits (bitmap=0xafe8470, lockedBitmapData=0x2720f84) returned 0x0 [0093.060] GdipGetImageWidth (image=0xaf95af8, width=0x3adc88) returned 0x0 [0093.060] GdipGetImageHeight (image=0xaf95af8, height=0x3adc88) returned 0x0 [0093.060] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.061] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ab5b28 [0093.061] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ab5b28 | out: encoders=0x5ab5b28) returned 0x0 [0093.062] LocalFree (hMem=0x5ab5b28) returned 0x0 [0093.062] GdipSaveImageToStream (image=0xaf95af8, stream=0x43fe30, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.084] GdipCreateBitmapFromStream (stream=0x43fe10, bitmap=0x3adc90) returned 0x0 [0093.086] GdipImageForceValidation (image=0xafee338) returned 0x0 [0093.088] GdipGetImageRawFormat (image=0xafee338, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.088] GdipBitmapLockBits (bitmap=0xafee338, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x273aa98) returned 0x0 [0093.098] GdipBitmapUnlockBits (bitmap=0xafee338, lockedBitmapData=0x273aa98) returned 0x0 [0093.099] GdipGetImageWidth (image=0xaf9b8f0, width=0x3adc88) returned 0x0 [0093.099] GdipGetImageHeight (image=0xaf9b8f0, height=0x3adc88) returned 0x0 [0093.099] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.099] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ac7c08 [0093.099] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ac7c08 | out: encoders=0x5ac7c08) returned 0x0 [0093.101] LocalFree (hMem=0x5ac7c08) returned 0x0 [0093.101] GdipSaveImageToStream (image=0xaf9b8f0, stream=0x43fdf0, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.120] GdipCreateBitmapFromStream (stream=0x43fdd0, bitmap=0x3adc90) returned 0x0 [0093.121] GdipImageForceValidation (image=0xaff6130) returned 0x0 [0093.122] GdipGetImageRawFormat (image=0xaff6130, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.123] GdipBitmapLockBits (bitmap=0xaff6130, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x27581ec) returned 0x0 [0093.132] GdipBitmapUnlockBits (bitmap=0xaff6130, lockedBitmapData=0x27581ec) returned 0x0 [0093.132] GdipGetImageWidth (image=0xafa1978, width=0x3adc88) returned 0x0 [0093.132] GdipGetImageHeight (image=0xafa1978, height=0x3adc88) returned 0x0 [0093.132] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.132] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ad7f78 [0093.133] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ad7f78 | out: encoders=0x5ad7f78) returned 0x0 [0093.133] LocalFree (hMem=0x5ad7f78) returned 0x0 [0093.134] GdipSaveImageToStream (image=0xafa1978, stream=0x43fdb0, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.152] GdipCreateBitmapFromStream (stream=0x43fd90, bitmap=0x3adc90) returned 0x0 [0093.154] GdipImageForceValidation (image=0xaffbf40) returned 0x0 [0093.156] GdipGetImageRawFormat (image=0xaffbf40, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.156] GdipBitmapLockBits (bitmap=0xaffbf40, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x277d088) returned 0x0 [0093.166] GdipBitmapUnlockBits (bitmap=0xaffbf40, lockedBitmapData=0x277d088) returned 0x0 [0093.166] GdipGetImageWidth (image=0xafa7a00, width=0x3adc88) returned 0x0 [0093.166] GdipGetImageHeight (image=0xafa7a00, height=0x3adc88) returned 0x0 [0093.166] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.166] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ae8258 [0093.166] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ae8258 | out: encoders=0x5ae8258) returned 0x0 [0093.167] LocalFree (hMem=0x5ae8258) returned 0x0 [0093.167] GdipSaveImageToStream (image=0xafa7a00, stream=0x43fd70, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.186] GdipCreateBitmapFromStream (stream=0x43fd50, bitmap=0x3adc90) returned 0x0 [0093.187] GdipImageForceValidation (image=0xaffc288) returned 0x0 [0093.189] GdipGetImageRawFormat (image=0xaffc288, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.189] GdipBitmapLockBits (bitmap=0xaffc288, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x2792b60) returned 0x0 [0093.199] GdipBitmapUnlockBits (bitmap=0xaffc288, lockedBitmapData=0x2792b60) returned 0x0 [0093.201] GdipGetImageWidth (image=0xafada88, width=0x3adc88) returned 0x0 [0093.201] GdipGetImageHeight (image=0xafada88, height=0x3adc88) returned 0x0 [0093.201] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.201] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5af84a8 [0093.201] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5af84a8 | out: encoders=0x5af84a8) returned 0x0 [0093.202] LocalFree (hMem=0x5af84a8) returned 0x0 [0093.202] GdipSaveImageToStream (image=0xafada88, stream=0x43fd30, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.219] GdipCreateBitmapFromStream (stream=0x43fd10, bitmap=0x3adc90) returned 0x0 [0093.221] GdipImageForceValidation (image=0xaffc5d0) returned 0x0 [0093.223] GdipGetImageRawFormat (image=0xaffc5d0, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.223] GdipBitmapLockBits (bitmap=0xaffc5d0, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x27a8a40) returned 0x0 [0093.234] GdipBitmapUnlockBits (bitmap=0xaffc5d0, lockedBitmapData=0x27a8a40) returned 0x0 [0093.234] GdipGetImageWidth (image=0xafb3b10, width=0x3adc88) returned 0x0 [0093.235] GdipGetImageHeight (image=0xafb3b10, height=0x3adc88) returned 0x0 [0093.235] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.235] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b0a9d8 [0093.235] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b0a9d8 | out: encoders=0x5b0a9d8) returned 0x0 [0093.236] LocalFree (hMem=0x5b0a9d8) returned 0x0 [0093.236] GdipSaveImageToStream (image=0xafb3b10, stream=0x43fcf0, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.256] GdipCreateBitmapFromStream (stream=0x43fcd0, bitmap=0x3adc90) returned 0x0 [0093.257] GdipImageForceValidation (image=0xaffc918) returned 0x0 [0093.258] GdipGetImageRawFormat (image=0xaffc918, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.258] GdipBitmapLockBits (bitmap=0xaffc918, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x27be7d0) returned 0x0 [0093.267] GdipBitmapUnlockBits (bitmap=0xaffc918, lockedBitmapData=0x27be7d0) returned 0x0 [0093.267] GdipGetImageWidth (image=0xafb9b98, width=0x3adc88) returned 0x0 [0093.267] GdipGetImageHeight (image=0xafb9b98, height=0x3adc88) returned 0x0 [0093.267] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.267] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b1ad10 [0093.268] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b1ad10 | out: encoders=0x5b1ad10) returned 0x0 [0093.268] LocalFree (hMem=0x5b1ad10) returned 0x0 [0093.269] GdipSaveImageToStream (image=0xafb9b98, stream=0x43fcb0, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.299] GdipCreateBitmapFromStream (stream=0x43fc90, bitmap=0x3adc90) returned 0x0 [0093.300] GdipImageForceValidation (image=0xaffcc60) returned 0x0 [0093.303] GdipGetImageRawFormat (image=0xaffcc60, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.303] GdipBitmapLockBits (bitmap=0xaffcc60, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x27d456c) returned 0x0 [0093.316] GdipBitmapUnlockBits (bitmap=0xaffcc60, lockedBitmapData=0x27d456c) returned 0x0 [0093.316] GdipGetImageWidth (image=0xafbfc20, width=0x3adc88) returned 0x0 [0093.316] GdipGetImageHeight (image=0xafbfc20, height=0x3adc88) returned 0x0 [0093.316] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.316] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5b2ae20 [0093.317] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5b2ae20 | out: encoders=0x5b2ae20) returned 0x0 [0093.318] LocalFree (hMem=0x5b2ae20) returned 0x0 [0093.320] GdipSaveImageToStream (image=0xafbfc20, stream=0x43fc70, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.343] GdipCreateBitmapFromStream (stream=0x43fc50, bitmap=0x3adc90) returned 0x0 [0093.345] GdipImageForceValidation (image=0xaffcfa8) returned 0x0 [0093.348] GdipGetImageRawFormat (image=0xaffcfa8, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.348] GdipBitmapLockBits (bitmap=0xaffcfa8, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x27ea3f8) returned 0x0 [0093.409] GdipBitmapUnlockBits (bitmap=0xaffcfa8, lockedBitmapData=0x2666518) returned 0x0 [0093.410] GdipGetImageWidth (image=0xafc5ca8, width=0x3adc88) returned 0x0 [0093.410] GdipGetImageHeight (image=0xafc5ca8, height=0x3adc88) returned 0x0 [0093.411] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.411] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ab5b28 [0093.411] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ab5b28 | out: encoders=0x5ab5b28) returned 0x0 [0093.412] LocalFree (hMem=0x5ab5b28) returned 0x0 [0093.412] GdipSaveImageToStream (image=0xafc5ca8, stream=0x43fe70, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.431] GdipCreateBitmapFromStream (stream=0x43fe30, bitmap=0x3adc90) returned 0x0 [0093.432] GdipImageForceValidation (image=0xaffbf40) returned 0x0 [0093.432] GdipGetImageRawFormat (image=0xaffbf40, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.432] GdipBitmapLockBits (bitmap=0xaffbf40, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x267c3d4) returned 0x0 [0093.442] GdipBitmapUnlockBits (bitmap=0xaffbf40, lockedBitmapData=0x267c3d4) returned 0x0 [0093.442] GdipGetImageWidth (image=0xafcc530, width=0x3adc88) returned 0x0 [0093.442] GdipGetImageHeight (image=0xafcc530, height=0x3adc88) returned 0x0 [0093.442] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.442] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aac8c0 [0093.443] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aac8c0 | out: encoders=0x5aac8c0) returned 0x0 [0093.444] LocalFree (hMem=0x5aac8c0) returned 0x0 [0093.445] GdipSaveImageToStream (image=0xafcc530, stream=0x43fdf0, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.463] GdipCreateBitmapFromStream (stream=0x43fdb0, bitmap=0x3adc90) returned 0x0 [0093.464] GdipImageForceValidation (image=0xaffc288) returned 0x0 [0093.465] GdipGetImageRawFormat (image=0xaffc288, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.465] GdipBitmapLockBits (bitmap=0xaffc288, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x2692284) returned 0x0 [0093.475] GdipBitmapUnlockBits (bitmap=0xaffc288, lockedBitmapData=0x2692284) returned 0x0 [0093.475] GdipGetImageWidth (image=0xafd25b8, width=0x3adc88) returned 0x0 [0093.475] GdipGetImageHeight (image=0xafd25b8, height=0x3adc88) returned 0x0 [0093.476] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.476] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5aadf70 [0093.476] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5aadf70 | out: encoders=0x5aadf70) returned 0x0 [0093.477] LocalFree (hMem=0x5aadf70) returned 0x0 [0093.477] GdipSaveImageToStream (image=0xafd25b8, stream=0x43fd70, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.498] GdipCreateBitmapFromStream (stream=0x43fd30, bitmap=0x3adc90) returned 0x0 [0093.500] GdipImageForceValidation (image=0xaffc5d0) returned 0x0 [0093.500] GdipGetImageRawFormat (image=0xaffc5d0, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.501] GdipBitmapLockBits (bitmap=0xaffc5d0, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x26a8158) returned 0x0 [0093.513] GdipBitmapUnlockBits (bitmap=0xaffc5d0, lockedBitmapData=0x26a8158) returned 0x0 [0093.513] GdipGetImageWidth (image=0xafda5b0, width=0x3adc88) returned 0x0 [0093.513] GdipGetImageHeight (image=0xafda5b0, height=0x3adc88) returned 0x0 [0093.514] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.514] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ab8348 [0093.514] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ab8348 | out: encoders=0x5ab8348) returned 0x0 [0093.515] LocalFree (hMem=0x5ab8348) returned 0x0 [0093.515] GdipSaveImageToStream (image=0xafda5b0, stream=0x43fcf0, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.535] GdipCreateBitmapFromStream (stream=0x43fcb0, bitmap=0x3adc90) returned 0x0 [0093.536] GdipImageForceValidation (image=0xaffc918) returned 0x0 [0093.537] GdipGetImageRawFormat (image=0xaffc918, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.537] GdipBitmapLockBits (bitmap=0xaffc918, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x26be02c) returned 0x0 [0093.546] GdipBitmapUnlockBits (bitmap=0xaffc918, lockedBitmapData=0x26be02c) returned 0x0 [0093.546] GdipGetImageWidth (image=0xafe05a8, width=0x3adc88) returned 0x0 [0093.546] GdipGetImageHeight (image=0xafe05a8, height=0x3adc88) returned 0x0 [0093.546] GdipGetImageEncodersSize (numEncoders=0x3adc3c, size=0x3adc38) returned 0x0 [0093.547] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5ab85e8 [0093.547] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5ab85e8 | out: encoders=0x5ab85e8) returned 0x0 [0093.548] LocalFree (hMem=0x5ab85e8) returned 0x0 [0093.548] GdipSaveImageToStream (image=0xafe05a8, stream=0x43fc70, clsidEncoder=0x3adc4c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0093.577] GdipCreateBitmapFromStream (stream=0x43fc30, bitmap=0x3adc90) returned 0x0 [0093.578] GdipImageForceValidation (image=0xaffcc60) returned 0x0 [0093.579] GdipGetImageRawFormat (image=0xaffcc60, format=0x3adc04*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0093.579] GdipBitmapLockBits (bitmap=0xaffcc60, rect=0x3adc24, flags=0x3, format=0x21808, lockedBitmapData=0x26d2310) returned 0x0 [0093.587] GdipBitmapUnlockBits (bitmap=0xaffcc60, lockedBitmapData=0x26d2310) returned 0x0 [0093.832] CoTaskMemAlloc (cb=0x20c) returned 0x5aae210 [0093.832] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x5aae210 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0093.832] CoTaskMemFree (pv=0x5aae210) [0093.832] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x3ad2e0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0093.833] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x3ad2f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26 [0093.910] CoCreateGuid (in: pguid=0x3ad028 | out: pguid=0x3ad028*(Data1=0x62cdda84, Data2=0xd34, Data3=0x408a, Data4=([0]=0xb3, [1]=0x66, [2]=0x9b, [3]=0x9f, [4]=0x78, [5]=0x12, [6]=0xda, [7]=0x9b))) returned 0x0 [0093.913] CoCreateGuid (in: pguid=0x3ad028 | out: pguid=0x3ad028*(Data1=0x70dd020b, Data2=0x81a4, Data3=0x4df6, Data4=([0]=0x8a, [1]=0xd0, [2]=0x73, [3]=0x65, [4]=0xb, [5]=0x6c, [6]=0x47, [7]=0x11))) returned 0x0 [0093.913] CoCreateGuid (in: pguid=0x3ad028 | out: pguid=0x3ad028*(Data1=0xd62505e9, Data2=0x41f6, Data3=0x41f0, Data4=([0]=0xad, [1]=0xb1, [2]=0x17, [3]=0x13, [4]=0x57, [5]=0x1e, [6]=0xa0, [7]=0xd5))) returned 0x0 [0093.916] CoCreateGuid (in: pguid=0x3ad028 | out: pguid=0x3ad028*(Data1=0x4a796386, Data2=0x4756, Data3=0x431d, Data4=([0]=0x91, [1]=0x2c, [2]=0xc8, [3]=0x3, [4]=0x4c, [5]=0xbc, [6]=0x3b, [7]=0xd3))) returned 0x0 [0094.501] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ad24c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0094.502] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ad210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0094.504] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ad204, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0094.505] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ad204, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0094.505] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad444) returned 1 [0094.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe"), fInfoLevelId=0x0, lpFileInformation=0x3ad708 | out: lpFileInformation=0x3ad708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00)) returned 1 [0094.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad440) returned 1 [0094.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad6e0) returned 1 [0094.508] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop", nBufferLength=0x105, lpBuffer=0x3ad1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop", lpFilePart=0x0) returned 0x1a [0094.509] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe"), lpFindFileData=0x3ad490 | out: lpFindFileData=0x3ad490*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", cAlternateFileName="81BAF5~1.EXE")) returned 0x5a0bd40 [0094.511] FindNextFileW (in: hFindFile=0x5a0bd40, lpFindFileData=0x3ad498 | out: lpFindFileData=0x3ad498*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.511] FindClose (in: hFindFile=0x5a0bd40 | out: hFindFile=0x5a0bd40) returned 1 [0094.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad450) returned 1 [0094.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad6b0) returned 1 [0094.512] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad24c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.512] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad210, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.512] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3ad204, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0094.512] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad204, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.512] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad444) returned 1 [0094.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x3ad708 | out: lpFileInformation=0x3ad708*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad440) returned 1 [0094.512] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad1fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad438) returned 1 [0094.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x3ad6fc | out: lpFileInformation=0x3ad6fc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad434) returned 1 [0094.513] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ad1dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0094.513] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad1dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.513] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", nBufferLength=0x105, lpBuffer=0x3ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe", lpFilePart=0x0) returned 0x5f [0094.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad480) returned 1 [0094.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe"), fInfoLevelId=0x0, lpFileInformation=0x3ad744 | out: lpFileInformation=0x3ad744*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00)) returned 1 [0094.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad47c) returned 1 [0094.514] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad238, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad474) returned 1 [0094.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x3ad738 | out: lpFileInformation=0x3ad738*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0094.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad470) returned 1 [0094.514] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x3ad250, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0094.514] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x3ad240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0094.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x3ad408) returned 1 [0094.514] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp"), fInfoLevelId=0x0, lpFileInformation=0x3ad6cc | out: lpFileInformation=0x3ad6cc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x35811100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x35811100, ftLastWriteTime.dwHighDateTime=0x1d8a8ba, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0094.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x3ad404) returned 1 [0094.517] MoveFileExW (lpExistingFileName="C:\\Users\\kEecfMwgj\\Desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\desktop\\81baf55c19c00ec38dd62ea3b30a3af669be588442dc0648865f80195665d2b2.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), dwFlags=0xb) returned 1 [0094.538] LocalAlloc (uFlags=0x0, uBytes=0x60) returned 0x5a0db10 [0094.541] ShellExecuteExW (in: pExecInfo=0x26dd500*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x26dd500*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpParameters=0x0, lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x6f8)) returned 1 [0100.338] LocalFree (hMem=0x5a0db10) returned 0x0 [0100.342] CoGetContextToken (in: pToken=0x3ad674 | out: pToken=0x3ad674) returned 0x0 [0100.342] CObjectContext::QueryInterface () returned 0x0 [0100.342] CObjectContext::GetCurrentThreadType () returned 0x0 [0100.342] Release () returned 0x0 [0100.343] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x1a4180*=0xac, lpdwindex=0x3ad524 | out: lpdwindex=0x3ad524) returned 0x0 Thread: id = 2 os_tid = 0xee4 Thread: id = 3 os_tid = 0xee8 [0058.142] CoGetContextToken (in: pToken=0x102fb5c | out: pToken=0x102fb5c) returned 0x800401f0 [0058.143] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0080.438] CertCloseStore (hCertStore=0x20d138, dwFlags=0x0) returned 1 [0080.438] CertFreeCRLContext (pCrlContext=0x238c20) returned 1 [0080.439] CertFreeCRLContext (pCrlContext=0x5a4d268) returned 1 [0080.439] CertFreeCRLContext (pCrlContext=0x238c20) returned 1 [0080.439] CertFreeCRLContext (pCrlContext=0x238c70) returned 1 [0080.440] CertFreeCRLContext (pCrlContext=0x238cc0) returned 1 [0080.440] CertFreeCRLContext (pCrlContext=0x5a4d2b8) returned 1 [0080.440] CertFreeCRLContext (pCrlContext=0x5a4d1c8) returned 1 [0093.387] GdipDisposeImage (image=0xaffcc60) returned 0x0 [0093.390] GdipDisposeImage (image=0xaffc918) returned 0x0 [0093.391] GdipDisposeImage (image=0xaffc5d0) returned 0x0 [0093.392] GdipDisposeImage (image=0xaffc288) returned 0x0 [0093.393] GdipDisposeImage (image=0xaffbf40) returned 0x0 [0093.393] GdipDisposeImage (image=0xaff6130) returned 0x0 [0093.397] GdipDisposeImage (image=0xafee338) returned 0x0 [0093.398] GdipDisposeImage (image=0xafe8470) returned 0x0 [0100.387] EtwEventUnregister () returned 0x0 [0100.387] EtwEventUnregister () returned 0x0 [0100.388] SetWindowLongW (hWnd=0x5018a, nIndex=-4, dwNewLong=1995646429) returned 15271950 [0100.389] SetClassLongW (hWnd=0x5018a, nIndex=-24, dwNewLong=1995646429) returned 0xe907e6 [0100.390] PostMessageW (hWnd=0x5018a, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0100.391] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0100.391] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", hInstance=0x10b0000) returned 0 [0100.392] IsWindow (hWnd=0x40182) returned 1 [0100.394] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000 [0100.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x102f8dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW³o\x9eCk%Dþwq\\û\x02\x01\x01", lpUsedDefaultChar=0x0) returned 14 [0100.394] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd [0100.395] SetWindowLongW (hWnd=0x40182, nIndex=-4, dwNewLong=1995646429) returned 15272030 [0100.395] SetClassLongW (hWnd=0x40182, nIndex=-24, dwNewLong=1995646429) returned 0xe9085e [0100.395] IsWindow (hWnd=0x40182) returned 1 [0100.395] DestroyWindow (hWnd=0x40182) returned 0 [0100.396] PostMessageW (hWnd=0x40182, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0100.396] SetConsoleCtrlHandler (HandlerRoutine=0xe90836, Add=0) returned 1 [0100.399] GdipDisposeImage (image=0xaffcc60) returned 0x0 [0100.402] GdipDisposeImage (image=0xaffc918) returned 0x0 [0100.402] GdipDisposeImage (image=0xaffc5d0) returned 0x0 [0100.403] GdipDisposeImage (image=0xaffc288) returned 0x0 [0100.403] GdipDisposeImage (image=0xaffbf40) returned 0x0 [0100.422] GdipDisposeImage (image=0xacf4e78) returned 0x0 [0100.423] GdipDisposeImage (image=0xaffcfa8) returned 0x0 [0100.428] GdipDisposeImage (image=0xafe05a8) returned 0x0 [0100.429] GdipDisposeImage (image=0xafda5b0) returned 0x0 [0100.430] GdipDisposeImage (image=0xafd25b8) returned 0x0 [0100.433] GdipDisposeImage (image=0xafcc530) returned 0x0 [0100.436] GdipDisposeImage (image=0xafc5ca8) returned 0x0 [0100.439] GdipDisposeImage (image=0xafbfc20) returned 0x0 [0100.441] GdipDisposeImage (image=0xafb9b98) returned 0x0 [0100.444] GdipDisposeImage (image=0xafb3b10) returned 0x0 [0100.445] GdipDisposeImage (image=0xafada88) returned 0x0 [0100.446] GdipDisposeImage (image=0xafa7a00) returned 0x0 [0100.447] GdipDisposeImage (image=0xafa1978) returned 0x0 [0100.448] GdipDisposeImage (image=0xaf9b8f0) returned 0x0 [0100.449] GdipDisposeImage (image=0xaf95af8) returned 0x0 [0100.454] GdipDeletePen (pen=0xace4f80) returned 0x0 [0100.463] GdipDeleteFont (font=0xadc0e68) returned 0x0 [0100.523] GdipDeleteBrush (brush=0xaf4b818) returned 0x0 [0100.530] CloseHandle (hObject=0x598) returned 1 [0100.590] setsockopt (s=0x364, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0100.591] closesocket (s=0x364) returned 0 [0100.593] setsockopt (s=0x27c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0100.594] closesocket (s=0x27c) returned 0 [0100.594] CloseHandle (hObject=0x280) returned 1 [0100.594] CloseHandle (hObject=0x6f8) returned 1 [0100.595] setsockopt (s=0x378, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0100.595] closesocket (s=0x378) returned 0 [0100.595] CloseHandle (hObject=0x37c) returned 1 [0100.596] WinHttpCloseHandle (hInternet=0x217f68) returned 1 [0100.596] setsockopt (s=0x36c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0100.596] closesocket (s=0x36c) returned 0 [0100.597] CloseHandle (hObject=0x374) returned 1 [0100.597] CloseHandle (hObject=0x2c4) returned 1 [0100.597] CloseHandle (hObject=0x2c0) returned 1 [0100.598] RegCloseKey (hKey=0x2bc) returned 0x0 [0100.598] CloseHandle (hObject=0x2b8) returned 1 [0100.598] RegCloseKey (hKey=0x2b4) returned 0x0 [0100.599] CloseHandle (hObject=0x2b0) returned 1 [0100.599] RegCloseKey (hKey=0x80000004) returned 0x0 [0100.600] RegCloseKey (hKey=0x2ac) returned 0x0 [0100.600] RegCloseKey (hKey=0x2a8) returned 0x0 [0100.600] CloseHandle (hObject=0x290) returned 1 [0100.601] FreeCredentialsHandle (phCredential=0x2594ac0) returned 0x0 [0100.684] DeleteSecurityContext (phContext=0x2594c6c) returned 0x0 [0100.689] CloseHandle (hObject=0x1f0) returned 1 [0100.690] UnmapViewOfFile (lpBaseAddress=0x550000) returned 1 [0100.691] setsockopt (s=0x284, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0100.692] closesocket (s=0x284) returned 0 [0100.692] CloseHandle (hObject=0x288) returned 1 Thread: id = 4 os_tid = 0xeec Thread: id = 5 os_tid = 0xef8 Thread: id = 6 os_tid = 0xefc Thread: id = 7 os_tid = 0xf00 Thread: id = 8 os_tid = 0xf04 [0068.245] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0068.264] ResetEvent (hEvent=0x40) returned 1 Thread: id = 9 os_tid = 0xf08 Thread: id = 10 os_tid = 0xf0c Thread: id = 68 os_tid = 0xf10 Thread: id = 69 os_tid = 0xf14 [0082.575] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 70 os_tid = 0xf18 [0082.605] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0100.764] CoGetContextToken (in: pToken=0xa65ee94 | out: pToken=0xa65ee94) returned 0x0 [0100.764] CObjectContext::QueryInterface () returned 0x0 [0100.764] CObjectContext::GetCurrentThreadType () returned 0x0 [0100.764] Release () returned 0x0 Thread: id = 71 os_tid = 0xf1c Thread: id = 72 os_tid = 0xf20 Thread: id = 74 os_tid = 0xf2c Process: id = "2" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x89ef000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d967" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 453 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 454 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 455 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 456 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 457 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 458 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 459 start_va = 0xd0000 end_va = 0xd0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 460 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 461 start_va = 0xf0000 end_va = 0xf0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 462 start_va = 0x100000 end_va = 0x100fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wship6.dll.mui" filename = "\\Windows\\System32\\en-US\\wship6.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wship6.dll.mui") Region: id = 463 start_va = 0x110000 end_va = 0x110fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000110000" filename = "" Region: id = 464 start_va = 0x120000 end_va = 0x120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000120000" filename = "" Region: id = 465 start_va = 0x130000 end_va = 0x130fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 466 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 467 start_va = 0x170000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 468 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 469 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 470 start_va = 0x210000 end_va = 0x21afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 471 start_va = 0x220000 end_va = 0x22cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 472 start_va = 0x230000 end_va = 0x233fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "taskcomp.dll.mui" filename = "\\Windows\\System32\\en-US\\taskcomp.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskcomp.dll.mui") Region: id = 473 start_va = 0x240000 end_va = 0x249fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "schedsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\schedsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\schedsvc.dll.mui") Region: id = 474 start_va = 0x250000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000250000" filename = "" Region: id = 475 start_va = 0x350000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 476 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 477 start_va = 0x460000 end_va = 0x461fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 478 start_va = 0x470000 end_va = 0x473fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 479 start_va = 0x480000 end_va = 0x481fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 480 start_va = 0x490000 end_va = 0x493fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 481 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 482 start_va = 0x4b0000 end_va = 0x637fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004b0000" filename = "" Region: id = 483 start_va = 0x640000 end_va = 0x7c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000640000" filename = "" Region: id = 484 start_va = 0x7d0000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007d0000" filename = "" Region: id = 485 start_va = 0x890000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000015.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000015.db") Region: id = 486 start_va = 0x8c0000 end_va = 0x8cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 487 start_va = 0x8d0000 end_va = 0x94ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008d0000" filename = "" Region: id = 488 start_va = 0x950000 end_va = 0x957fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 489 start_va = 0x960000 end_va = 0x960fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000960000" filename = "" Region: id = 490 start_va = 0x970000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000970000" filename = "" Region: id = 491 start_va = 0x9f0000 end_va = 0xa0bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "firewallapi.dll.mui" filename = "\\Windows\\System32\\en-US\\FirewallAPI.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\firewallapi.dll.mui") Region: id = 492 start_va = 0xa10000 end_va = 0xa15fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netcfgx.dll.mui" filename = "\\Windows\\System32\\en-US\\netcfgx.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netcfgx.dll.mui") Region: id = 493 start_va = 0xa20000 end_va = 0xa20fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a20000" filename = "" Region: id = 494 start_va = 0xa30000 end_va = 0xaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 495 start_va = 0xac0000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 496 start_va = 0xb40000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 497 start_va = 0xbc0000 end_va = 0xbd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 498 start_va = 0xbe0000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 499 start_va = 0xbf0000 end_va = 0xc6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bf0000" filename = "" Region: id = 500 start_va = 0xc70000 end_va = 0xf3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 501 start_va = 0xf40000 end_va = 0xfbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 502 start_va = 0xfc0000 end_va = 0xfc7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fc0000" filename = "" Region: id = 503 start_va = 0xfd0000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 504 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 505 start_va = 0x1060000 end_va = 0x10c5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db") Region: id = 506 start_va = 0x10d0000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 507 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 508 start_va = 0x11d0000 end_va = 0x11dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011d0000" filename = "" Region: id = 509 start_va = 0x11e0000 end_va = 0x125ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000011e0000" filename = "" Region: id = 510 start_va = 0x1260000 end_va = 0x12dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001260000" filename = "" Region: id = 511 start_va = 0x12e0000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012e0000" filename = "" Region: id = 512 start_va = 0x12f0000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 513 start_va = 0x1300000 end_va = 0x1300fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001300000" filename = "" Region: id = 514 start_va = 0x1310000 end_va = 0x1311fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001310000" filename = "" Region: id = 515 start_va = 0x1320000 end_va = 0x139ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001320000" filename = "" Region: id = 516 start_va = 0x13a0000 end_va = 0x13a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013a0000" filename = "" Region: id = 517 start_va = 0x13b0000 end_va = 0x13bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 518 start_va = 0x13c0000 end_va = 0x13c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013c0000" filename = "" Region: id = 519 start_va = 0x13d0000 end_va = 0x13dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 520 start_va = 0x13e0000 end_va = 0x13effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013e0000" filename = "" Region: id = 521 start_va = 0x13f0000 end_va = 0x146ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 522 start_va = 0x1470000 end_va = 0x1477fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001470000" filename = "" Region: id = 523 start_va = 0x1480000 end_va = 0x14fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001480000" filename = "" Region: id = 524 start_va = 0x1500000 end_va = 0x157ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001500000" filename = "" Region: id = 525 start_va = 0x1580000 end_va = 0x158ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 526 start_va = 0x1590000 end_va = 0x160ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001590000" filename = "" Region: id = 527 start_va = 0x1610000 end_va = 0x161ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 528 start_va = 0x1620000 end_va = 0x169ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001620000" filename = "" Region: id = 529 start_va = 0x16a0000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016a0000" filename = "" Region: id = 530 start_va = 0x16b0000 end_va = 0x172ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016b0000" filename = "" Region: id = 531 start_va = 0x1730000 end_va = 0x173ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 532 start_va = 0x1740000 end_va = 0x174ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001740000" filename = "" Region: id = 533 start_va = 0x1750000 end_va = 0x17cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001750000" filename = "" Region: id = 534 start_va = 0x1850000 end_va = 0x18cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001850000" filename = "" Region: id = 535 start_va = 0x18d0000 end_va = 0x18d7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018d0000" filename = "" Region: id = 536 start_va = 0x18e0000 end_va = 0x18effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000018e0000" filename = "" Region: id = 537 start_va = 0x1900000 end_va = 0x197ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 538 start_va = 0x19b0000 end_va = 0x1a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000019b0000" filename = "" Region: id = 539 start_va = 0x1a80000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a80000" filename = "" Region: id = 540 start_va = 0x1b00000 end_va = 0x1bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b00000" filename = "" Region: id = 541 start_va = 0x1c00000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c00000" filename = "" Region: id = 542 start_va = 0x1d20000 end_va = 0x1d9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d20000" filename = "" Region: id = 543 start_va = 0x1db0000 end_va = 0x1e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001db0000" filename = "" Region: id = 544 start_va = 0x1e50000 end_va = 0x1ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e50000" filename = "" Region: id = 545 start_va = 0x1f00000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f00000" filename = "" Region: id = 546 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 547 start_va = 0x2080000 end_va = 0x208ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002080000" filename = "" Region: id = 548 start_va = 0x2090000 end_va = 0x209ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002090000" filename = "" Region: id = 549 start_va = 0x20a0000 end_va = 0x20affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020a0000" filename = "" Region: id = 550 start_va = 0x20b0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020b0000" filename = "" Region: id = 551 start_va = 0x20c0000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020c0000" filename = "" Region: id = 552 start_va = 0x20d0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000020d0000" filename = "" Region: id = 553 start_va = 0x20f0000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020f0000" filename = "" Region: id = 554 start_va = 0x2110000 end_va = 0x218ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002110000" filename = "" Region: id = 555 start_va = 0x2190000 end_va = 0x228ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 556 start_va = 0x22d0000 end_va = 0x234ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022d0000" filename = "" Region: id = 557 start_va = 0x2410000 end_va = 0x248ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002410000" filename = "" Region: id = 558 start_va = 0x24a0000 end_va = 0x251ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024a0000" filename = "" Region: id = 559 start_va = 0x2560000 end_va = 0x25dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 560 start_va = 0x25f0000 end_va = 0x266ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000025f0000" filename = "" Region: id = 561 start_va = 0x2680000 end_va = 0x277ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002680000" filename = "" Region: id = 562 start_va = 0x27d0000 end_va = 0x284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027d0000" filename = "" Region: id = 563 start_va = 0x28f0000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000028f0000" filename = "" Region: id = 564 start_va = 0x2900000 end_va = 0x290ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002900000" filename = "" Region: id = 565 start_va = 0x2910000 end_va = 0x291ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002910000" filename = "" Region: id = 566 start_va = 0x2920000 end_va = 0x292ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002920000" filename = "" Region: id = 567 start_va = 0x2930000 end_va = 0x293ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002930000" filename = "" Region: id = 568 start_va = 0x2940000 end_va = 0x294ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002940000" filename = "" Region: id = 569 start_va = 0x2960000 end_va = 0x29dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002960000" filename = "" Region: id = 570 start_va = 0x29e0000 end_va = 0x29effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029e0000" filename = "" Region: id = 571 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 572 start_va = 0x2a70000 end_va = 0x2aeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a70000" filename = "" Region: id = 573 start_va = 0x2b40000 end_va = 0x2bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b40000" filename = "" Region: id = 574 start_va = 0x2bd0000 end_va = 0x2bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002bd0000" filename = "" Region: id = 575 start_va = 0x2ca0000 end_va = 0x2d1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ca0000" filename = "" Region: id = 576 start_va = 0x2d40000 end_va = 0x2dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 577 start_va = 0x2e40000 end_va = 0x2e7ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e40000" filename = "" Region: id = 578 start_va = 0x2e80000 end_va = 0x2ebffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002e80000" filename = "" Region: id = 579 start_va = 0x2ee0000 end_va = 0x2fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002ee0000" filename = "" Region: id = 580 start_va = 0x2fe0000 end_va = 0x31dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002fe0000" filename = "" Region: id = 581 start_va = 0x3210000 end_va = 0x328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003210000" filename = "" Region: id = 582 start_va = 0x3290000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 583 start_va = 0x3340000 end_va = 0x33bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003340000" filename = "" Region: id = 584 start_va = 0x3490000 end_va = 0x350ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003490000" filename = "" Region: id = 585 start_va = 0x35a0000 end_va = 0x361ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000035a0000" filename = "" Region: id = 586 start_va = 0x3660000 end_va = 0x36dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003660000" filename = "" Region: id = 587 start_va = 0x3710000 end_va = 0x378ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003710000" filename = "" Region: id = 588 start_va = 0x37d0000 end_va = 0x384ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000037d0000" filename = "" Region: id = 589 start_va = 0x38c0000 end_va = 0x393ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000038c0000" filename = "" Region: id = 590 start_va = 0x3940000 end_va = 0x3d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003940000" filename = "" Region: id = 591 start_va = 0x3d40000 end_va = 0x3dfffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 592 start_va = 0x3e00000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 593 start_va = 0x3ec0000 end_va = 0x3f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ec0000" filename = "" Region: id = 594 start_va = 0x3f70000 end_va = 0x3feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f70000" filename = "" Region: id = 595 start_va = 0x3ff0000 end_va = 0x40effff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003ff0000" filename = "" Region: id = 596 start_va = 0x4110000 end_va = 0x418ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004110000" filename = "" Region: id = 597 start_va = 0x41c0000 end_va = 0x423ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000041c0000" filename = "" Region: id = 598 start_va = 0x4270000 end_va = 0x42effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004270000" filename = "" Region: id = 599 start_va = 0x4310000 end_va = 0x438ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004310000" filename = "" Region: id = 600 start_va = 0x4390000 end_va = 0x458ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004390000" filename = "" Region: id = 601 start_va = 0x4600000 end_va = 0x467ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 602 start_va = 0x4680000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004680000" filename = "" Region: id = 603 start_va = 0x4710000 end_va = 0x478ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004710000" filename = "" Region: id = 604 start_va = 0x47c0000 end_va = 0x483ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 605 start_va = 0x48c0000 end_va = 0x493ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048c0000" filename = "" Region: id = 606 start_va = 0x4940000 end_va = 0x49bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004940000" filename = "" Region: id = 607 start_va = 0x49d0000 end_va = 0x4a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000049d0000" filename = "" Region: id = 608 start_va = 0x4ac0000 end_va = 0x4acffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ac0000" filename = "" Region: id = 609 start_va = 0x4ad0000 end_va = 0x4bcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ad0000" filename = "" Region: id = 610 start_va = 0x4bd0000 end_va = 0x4ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004bd0000" filename = "" Region: id = 611 start_va = 0x4cd0000 end_va = 0x4dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cd0000" filename = "" Region: id = 612 start_va = 0x4dd0000 end_va = 0x4ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dd0000" filename = "" Region: id = 613 start_va = 0x4f40000 end_va = 0x4fbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 614 start_va = 0x4ff0000 end_va = 0x506ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 615 start_va = 0x5070000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005070000" filename = "" Region: id = 616 start_va = 0x5170000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 617 start_va = 0x5270000 end_va = 0x626ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 618 start_va = 0x6280000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006280000" filename = "" Region: id = 619 start_va = 0x63a0000 end_va = 0x641ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000063a0000" filename = "" Region: id = 620 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 621 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 622 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 623 start_va = 0x76ee0000 end_va = 0x76ee6fff monitored = 0 entry_point = 0x76ee106c region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 624 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 625 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 626 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 627 start_va = 0xffa90000 end_va = 0xffa9afff monitored = 0 entry_point = 0xffa9246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 628 start_va = 0x7fef1b30000 end_va = 0x7fef1b3efff monitored = 0 entry_point = 0x7fef1b39a48 region_type = mapped_file name = "mspatcha.dll" filename = "\\Windows\\System32\\mspatcha.dll" (normalized: "c:\\windows\\system32\\mspatcha.dll") Region: id = 629 start_va = 0x7fef1b40000 end_va = 0x7fef1b5afff monitored = 0 entry_point = 0x7fef1b41198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 630 start_va = 0x7fef1bd0000 end_va = 0x7fef1e22fff monitored = 0 entry_point = 0x7fef1bd236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 631 start_va = 0x7fef2770000 end_va = 0x7fef27b4fff monitored = 0 entry_point = 0x7fef27a3644 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 632 start_va = 0x7fef27c0000 end_va = 0x7fef27d1fff monitored = 0 entry_point = 0x7fef27c90bc region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 633 start_va = 0x7fef4240000 end_va = 0x7fef44b9fff monitored = 0 entry_point = 0x7fef4272200 region_type = mapped_file name = "esent.dll" filename = "\\Windows\\System32\\esent.dll" (normalized: "c:\\windows\\system32\\esent.dll") Region: id = 634 start_va = 0x7fef4710000 end_va = 0x7fef472bfff monitored = 0 entry_point = 0x7fef47111a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 635 start_va = 0x7fef4730000 end_va = 0x7fef4791fff monitored = 0 entry_point = 0x7fef4731198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 636 start_va = 0x7fef47a0000 end_va = 0x7fef47d9fff monitored = 0 entry_point = 0x7fef47a1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 637 start_va = 0x7fef4e70000 end_va = 0x7fef4ee0fff monitored = 0 entry_point = 0x7fef4eaecc4 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\System32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv") Region: id = 638 start_va = 0x7fef5ef0000 end_va = 0x7fef5fc1fff monitored = 0 entry_point = 0x7fef5f81a10 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 639 start_va = 0x7fef6830000 end_va = 0x7fef691dfff monitored = 0 entry_point = 0x7fef68312a0 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 640 start_va = 0x7fef69c0000 end_va = 0x7fef69dcfff monitored = 0 entry_point = 0x7fef69c2f18 region_type = mapped_file name = "mmcss.dll" filename = "\\Windows\\System32\\mmcss.dll" (normalized: "c:\\windows\\system32\\mmcss.dll") Region: id = 641 start_va = 0x7fef6bf0000 end_va = 0x7fef6c31fff monitored = 0 entry_point = 0x7fef6c20048 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 642 start_va = 0x7fef6c40000 end_va = 0x7fef6c59fff monitored = 0 entry_point = 0x7fef6c51ae4 region_type = mapped_file name = "rascfg.dll" filename = "\\Windows\\System32\\rascfg.dll" (normalized: "c:\\windows\\system32\\rascfg.dll") Region: id = 643 start_va = 0x7fef6c80000 end_va = 0x7fef6c8efff monitored = 0 entry_point = 0x7fef6c86894 region_type = mapped_file name = "ndiscapcfg.dll" filename = "\\Windows\\System32\\ndiscapCfg.dll" (normalized: "c:\\windows\\system32\\ndiscapcfg.dll") Region: id = 644 start_va = 0x7fef8790000 end_va = 0x7fef879bfff monitored = 0 entry_point = 0x7fef879602c region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 645 start_va = 0x7fef8b90000 end_va = 0x7fef8b97fff monitored = 0 entry_point = 0x7fef8b91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 646 start_va = 0x7fef8ca0000 end_va = 0x7fef8d10fff monitored = 0 entry_point = 0x7fef8ce51d0 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 647 start_va = 0x7fef8d20000 end_va = 0x7fef8d31fff monitored = 0 entry_point = 0x7fef8d289d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 648 start_va = 0x7fef8d40000 end_va = 0x7fef8df4fff monitored = 0 entry_point = 0x7fef8dbcf80 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 649 start_va = 0x7fef8e00000 end_va = 0x7fef8e18fff monitored = 0 entry_point = 0x7fef8e01104 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 650 start_va = 0x7fef8e20000 end_va = 0x7fef8e6ffff monitored = 0 entry_point = 0x7fef8e21190 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 651 start_va = 0x7fef8e70000 end_va = 0x7fef8e77fff monitored = 0 entry_point = 0x7fef8e71020 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 652 start_va = 0x7fef8e80000 end_va = 0x7fef8ed9fff monitored = 0 entry_point = 0x7fef8ebdde0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 653 start_va = 0x7fef8ee0000 end_va = 0x7fef8f00fff monitored = 0 entry_point = 0x7fef8ef03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 654 start_va = 0x7fef8f10000 end_va = 0x7fef8f83fff monitored = 0 entry_point = 0x7fef8f166f0 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 655 start_va = 0x7fef8f90000 end_va = 0x7fef8ffafff monitored = 0 entry_point = 0x7fef8fd4344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 656 start_va = 0x7fef9000000 end_va = 0x7fef9012fff monitored = 0 entry_point = 0x7fef9001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 657 start_va = 0x7fef9020000 end_va = 0x7fef9081fff monitored = 0 entry_point = 0x7fef905bd80 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 658 start_va = 0x7fef9090000 end_va = 0x7fef91bbfff monitored = 0 entry_point = 0x7fef9140ef0 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 659 start_va = 0x7fef91c0000 end_va = 0x7fef91d9fff monitored = 0 entry_point = 0x7fef91d3fbc region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 660 start_va = 0x7fef91e0000 end_va = 0x7fef9263fff monitored = 0 entry_point = 0x7fef9231118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 661 start_va = 0x7fef9270000 end_va = 0x7fef9294fff monitored = 0 entry_point = 0x7fef9288c54 region_type = mapped_file name = "browser.dll" filename = "\\Windows\\System32\\browser.dll" (normalized: "c:\\windows\\system32\\browser.dll") Region: id = 662 start_va = 0x7fef92a0000 end_va = 0x7fef92dcfff monitored = 0 entry_point = 0x7fef92a1070 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 663 start_va = 0x7fef92e0000 end_va = 0x7fef92edfff monitored = 0 entry_point = 0x7fef92e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 664 start_va = 0x7fef92f0000 end_va = 0x7fef9316fff monitored = 0 entry_point = 0x7fef92f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 665 start_va = 0x7fef9320000 end_va = 0x7fef93f2fff monitored = 0 entry_point = 0x7fef9398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 666 start_va = 0x7fef9440000 end_va = 0x7fef9486fff monitored = 0 entry_point = 0x7fef9441040 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 667 start_va = 0x7fef9490000 end_va = 0x7fef94d1fff monitored = 0 entry_point = 0x7fef94917e4 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 668 start_va = 0x7fef94e0000 end_va = 0x7fef9571fff monitored = 0 entry_point = 0x7fef95551ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 669 start_va = 0x7fef9580000 end_va = 0x7fef95f6fff monitored = 0 entry_point = 0x7fef95be7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 670 start_va = 0x7fef9600000 end_va = 0x7fef9639fff monitored = 0 entry_point = 0x7fef961d020 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 671 start_va = 0x7fef9810000 end_va = 0x7fef9819fff monitored = 0 entry_point = 0x7fef9813994 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 672 start_va = 0x7fef9910000 end_va = 0x7fef9920fff monitored = 0 entry_point = 0x7fef9919e7c region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 673 start_va = 0x7fef9930000 end_va = 0x7fef9993fff monitored = 0 entry_point = 0x7fef9931254 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 674 start_va = 0x7fef99a0000 end_va = 0x7fef9a10fff monitored = 0 entry_point = 0x7fef99a1010 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 675 start_va = 0x7fef9ab0000 end_va = 0x7fef9ac6fff monitored = 0 entry_point = 0x7fef9ab1060 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 676 start_va = 0x7fef9ad0000 end_va = 0x7fef9c7ffff monitored = 0 entry_point = 0x7fef9ad1010 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 677 start_va = 0x7fef9f40000 end_va = 0x7fef9f48fff monitored = 0 entry_point = 0x7fef9f411a0 region_type = mapped_file name = "tschannel.dll" filename = "\\Windows\\System32\\TSChannel.dll" (normalized: "c:\\windows\\system32\\tschannel.dll") Region: id = 678 start_va = 0x7fefa170000 end_va = 0x7fefa1e6fff monitored = 0 entry_point = 0x7fefa17afd0 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 679 start_va = 0x7fefa290000 end_va = 0x7fefa299fff monitored = 0 entry_point = 0x7fefa29260c region_type = mapped_file name = "ktmw32.dll" filename = "\\Windows\\System32\\ktmw32.dll" (normalized: "c:\\windows\\system32\\ktmw32.dll") Region: id = 680 start_va = 0x7fefa2a0000 end_va = 0x7fefa3b1fff monitored = 0 entry_point = 0x7fefa2bf354 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 681 start_va = 0x7fefa3c0000 end_va = 0x7fefa3cefff monitored = 0 entry_point = 0x7fefa3c7e80 region_type = mapped_file name = "wiarpc.dll" filename = "\\Windows\\System32\\wiarpc.dll" (normalized: "c:\\windows\\system32\\wiarpc.dll") Region: id = 682 start_va = 0x7fefa3d0000 end_va = 0x7fefa3d8fff monitored = 0 entry_point = 0x7fefa3d3668 region_type = mapped_file name = "fvecerts.dll" filename = "\\Windows\\System32\\fvecerts.dll" (normalized: "c:\\windows\\system32\\fvecerts.dll") Region: id = 683 start_va = 0x7fefa3e0000 end_va = 0x7fefa3e8fff monitored = 0 entry_point = 0x7fefa3e1020 region_type = mapped_file name = "tbs.dll" filename = "\\Windows\\System32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll") Region: id = 684 start_va = 0x7fefa3f0000 end_va = 0x7fefa445fff monitored = 0 entry_point = 0x7fefa3f1040 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 685 start_va = 0x7fefa450000 end_va = 0x7fefa4adfff monitored = 0 entry_point = 0x7fefa459024 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 686 start_va = 0x7fefa4b0000 end_va = 0x7fefa4c7fff monitored = 0 entry_point = 0x7fefa4b1bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 687 start_va = 0x7fefa4d0000 end_va = 0x7fefa4e0fff monitored = 0 entry_point = 0x7fefa4d16ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 688 start_va = 0x7fefa520000 end_va = 0x7fefa572fff monitored = 0 entry_point = 0x7fefa522b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 689 start_va = 0x7fefa580000 end_va = 0x7fefa594fff monitored = 0 entry_point = 0x7fefa581020 region_type = mapped_file name = "appinfo.dll" filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll") Region: id = 690 start_va = 0x7fefa730000 end_va = 0x7fefa73afff monitored = 0 entry_point = 0x7fefa731198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 691 start_va = 0x7fefa740000 end_va = 0x7fefa766fff monitored = 0 entry_point = 0x7fefa7498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 692 start_va = 0x7fefa770000 end_va = 0x7fefa783fff monitored = 0 entry_point = 0x7fefa773e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 693 start_va = 0x7fefa7a0000 end_va = 0x7fefa806fff monitored = 0 entry_point = 0x7fefa7b6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 694 start_va = 0x7fefa810000 end_va = 0x7fefa81afff monitored = 0 entry_point = 0x7fefa814f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 695 start_va = 0x7fefa820000 end_va = 0x7fefa82bfff monitored = 0 entry_point = 0x7fefa8215d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 696 start_va = 0x7fefa830000 end_va = 0x7fefa83ffff monitored = 0 entry_point = 0x7fefa83835c region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 697 start_va = 0x7fefa840000 end_va = 0x7fefa858fff monitored = 0 entry_point = 0x7fefa8411a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 698 start_va = 0x7fefa860000 end_va = 0x7fefa896fff monitored = 0 entry_point = 0x7fefa868424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 699 start_va = 0x7fefa8e0000 end_va = 0x7fefa8f4fff monitored = 0 entry_point = 0x7fefa8e60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 700 start_va = 0x7fefa900000 end_va = 0x7fefa9c1fff monitored = 0 entry_point = 0x7fefa90101c region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 701 start_va = 0x7fefabe0000 end_va = 0x7fefabf6fff monitored = 0 entry_point = 0x7fefabe9d50 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 702 start_va = 0x7fefac00000 end_va = 0x7fefac08fff monitored = 0 entry_point = 0x7fefac01010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 703 start_va = 0x7fefacf0000 end_va = 0x7fefad1cfff monitored = 0 entry_point = 0x7fefacf1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 704 start_va = 0x7fefad20000 end_va = 0x7fefad30fff monitored = 0 entry_point = 0x7fefad214c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 705 start_va = 0x7fefae70000 end_va = 0x7fefae83fff monitored = 0 entry_point = 0x7fefae716b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 706 start_va = 0x7fefae90000 end_va = 0x7fefaea4fff monitored = 0 entry_point = 0x7fefae91050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 707 start_va = 0x7fefaeb0000 end_va = 0x7fefaebbfff monitored = 0 entry_point = 0x7fefaeb18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 708 start_va = 0x7fefaec0000 end_va = 0x7fefaed5fff monitored = 0 entry_point = 0x7fefaec11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 709 start_va = 0x7fefaff0000 end_va = 0x7fefb000fff monitored = 0 entry_point = 0x7fefaff1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 710 start_va = 0x7fefb150000 end_va = 0x7fefb184fff monitored = 0 entry_point = 0x7fefb151064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 711 start_va = 0x7fefb5c0000 end_va = 0x7fefb615fff monitored = 0 entry_point = 0x7fefb5cbbc0 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 712 start_va = 0x7fefb620000 end_va = 0x7fefb74bfff monitored = 0 entry_point = 0x7fefb6294bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 713 start_va = 0x7fefb750000 end_va = 0x7fefb76cfff monitored = 0 entry_point = 0x7fefb751ef4 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 714 start_va = 0x7fefb7a0000 end_va = 0x7fefb993fff monitored = 0 entry_point = 0x7fefb92c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 715 start_va = 0x7fefbe30000 end_va = 0x7fefbe3bfff monitored = 0 entry_point = 0x7fefbe31064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 716 start_va = 0x7fefbe40000 end_va = 0x7fefbefafff monitored = 0 entry_point = 0x7fefbe46de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 717 start_va = 0x7fefbf00000 end_va = 0x7fefbf06fff monitored = 0 entry_point = 0x7fefbf014b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 718 start_va = 0x7fefbff0000 end_va = 0x7fefc00afff monitored = 0 entry_point = 0x7fefbff2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 719 start_va = 0x7fefc010000 end_va = 0x7fefc02dfff monitored = 0 entry_point = 0x7fefc0113b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 720 start_va = 0x7fefc030000 end_va = 0x7fefc041fff monitored = 0 entry_point = 0x7fefc031060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 721 start_va = 0x7fefc050000 end_va = 0x7fefc06efff monitored = 0 entry_point = 0x7fefc055c68 region_type = mapped_file name = "spinf.dll" filename = "\\Windows\\System32\\SPInf.dll" (normalized: "c:\\windows\\system32\\spinf.dll") Region: id = 722 start_va = 0x7fefc120000 end_va = 0x7fefc158fff monitored = 0 entry_point = 0x7fefc12c0f0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 723 start_va = 0x7fefc160000 end_va = 0x7fefc169fff monitored = 0 entry_point = 0x7fefc163cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 724 start_va = 0x7fefc170000 end_va = 0x7fefc17cfff monitored = 0 entry_point = 0x7fefc171348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 725 start_va = 0x7fefc260000 end_va = 0x7fefc2a6fff monitored = 0 entry_point = 0x7fefc261064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 726 start_va = 0x7fefc350000 end_va = 0x7fefc37ffff monitored = 0 entry_point = 0x7fefc35194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 727 start_va = 0x7fefc380000 end_va = 0x7fefc3dafff monitored = 0 entry_point = 0x7fefc386940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 728 start_va = 0x7fefc4f0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4f142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 729 start_va = 0x7fefc500000 end_va = 0x7fefc554fff monitored = 0 entry_point = 0x7fefc501054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 730 start_va = 0x7fefc560000 end_va = 0x7fefc577fff monitored = 0 entry_point = 0x7fefc563b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 731 start_va = 0x7fefc670000 end_va = 0x7fefc6a1fff monitored = 0 entry_point = 0x7fefc67144c region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 732 start_va = 0x7fefc6b0000 end_va = 0x7fefc6b7fff monitored = 0 entry_point = 0x7fefc6b2a6c region_type = mapped_file name = "wmsgapi.dll" filename = "\\Windows\\System32\\wmsgapi.dll" (normalized: "c:\\windows\\system32\\wmsgapi.dll") Region: id = 733 start_va = 0x7fefc6c0000 end_va = 0x7fefc6c9fff monitored = 0 entry_point = 0x7fefc6c3b40 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 734 start_va = 0x7fefc6d0000 end_va = 0x7fefc6f1fff monitored = 0 entry_point = 0x7fefc6d5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 735 start_va = 0x7fefc750000 end_va = 0x7fefc77efff monitored = 0 entry_point = 0x7fefc751064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 736 start_va = 0x7fefc790000 end_va = 0x7fefc7fcfff monitored = 0 entry_point = 0x7fefc791010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 737 start_va = 0x7fefc800000 end_va = 0x7fefc813fff monitored = 0 entry_point = 0x7fefc804160 region_type = mapped_file name = "cryptdll.dll" filename = "\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll") Region: id = 738 start_va = 0x7fefca60000 end_va = 0x7fefca82fff monitored = 0 entry_point = 0x7fefca61198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 739 start_va = 0x7fefcb00000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcb01030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 740 start_va = 0x7fefcb30000 end_va = 0x7fefcb54fff monitored = 0 entry_point = 0x7fefcb39658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 741 start_va = 0x7fefcb60000 end_va = 0x7fefcb6efff monitored = 0 entry_point = 0x7fefcb61010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 742 start_va = 0x7fefcb70000 end_va = 0x7fefcc00fff monitored = 0 entry_point = 0x7fefcb71440 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 743 start_va = 0x7fefcc10000 end_va = 0x7fefcc4cfff monitored = 0 entry_point = 0x7fefcc118f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 744 start_va = 0x7fefcc50000 end_va = 0x7fefcc63fff monitored = 0 entry_point = 0x7fefcc510e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 745 start_va = 0x7fefcc70000 end_va = 0x7fefcc7efff monitored = 0 entry_point = 0x7fefcc719b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 746 start_va = 0x7fefcd10000 end_va = 0x7fefcd1efff monitored = 0 entry_point = 0x7fefcd11020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 747 start_va = 0x7fefcd20000 end_va = 0x7fefcd8bfff monitored = 0 entry_point = 0x7fefcd22780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 748 start_va = 0x7fefcd90000 end_va = 0x7fefcefcfff monitored = 0 entry_point = 0x7fefcd910b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 749 start_va = 0x7fefcf00000 end_va = 0x7fefcf35fff monitored = 0 entry_point = 0x7fefcf01474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 750 start_va = 0x7fefcf40000 end_va = 0x7fefcf59fff monitored = 0 entry_point = 0x7fefcf41558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 751 start_va = 0x7fefd000000 end_va = 0x7fefd03afff monitored = 0 entry_point = 0x7fefd001324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 752 start_va = 0x7fefd420000 end_va = 0x7fefd486fff monitored = 0 entry_point = 0x7fefd42b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 753 start_va = 0x7fefd490000 end_va = 0x7fefd4dcfff monitored = 0 entry_point = 0x7fefd491070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 754 start_va = 0x7fefd4e0000 end_va = 0x7fefd6e2fff monitored = 0 entry_point = 0x7fefd503330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 755 start_va = 0x7fefd6f0000 end_va = 0x7fefe477fff monitored = 0 entry_point = 0x7fefd76cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 756 start_va = 0x7fefe480000 end_va = 0x7fefe656fff monitored = 0 entry_point = 0x7fefe481010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 757 start_va = 0x7fefe680000 end_va = 0x7fefe7acfff monitored = 0 entry_point = 0x7fefe6ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 758 start_va = 0x7fefe7b0000 end_va = 0x7fefe88afff monitored = 0 entry_point = 0x7fefe7d0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 759 start_va = 0x7fefe890000 end_va = 0x7fefe900fff monitored = 0 entry_point = 0x7fefe8a1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 760 start_va = 0x7fefe910000 end_va = 0x7fefe9d8fff monitored = 0 entry_point = 0x7fefe98a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 761 start_va = 0x7fefea60000 end_va = 0x7fefeab1fff monitored = 0 entry_point = 0x7fefea610d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 762 start_va = 0x7fefeb60000 end_va = 0x7fefeb6dfff monitored = 0 entry_point = 0x7fefeb61080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 763 start_va = 0x7fefeb70000 end_va = 0x7fefec46fff monitored = 0 entry_point = 0x7fefeb73274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 764 start_va = 0x7fefec50000 end_va = 0x7fefec6efff monitored = 0 entry_point = 0x7fefec560e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 765 start_va = 0x7fefec70000 end_va = 0x7fefed0efff monitored = 0 entry_point = 0x7fefec725a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 766 start_va = 0x7fefed10000 end_va = 0x7fefee18fff monitored = 0 entry_point = 0x7fefed11064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 767 start_va = 0x7fefef50000 end_va = 0x7fefefe8fff monitored = 0 entry_point = 0x7fefef51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 768 start_va = 0x7fefeff0000 end_va = 0x7fefeff7fff monitored = 0 entry_point = 0x7fefeff1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 769 start_va = 0x7feff000000 end_va = 0x7feff02dfff monitored = 0 entry_point = 0x7feff001010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 770 start_va = 0x7feff040000 end_va = 0x7feff040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 771 start_va = 0x7fffff3c000 end_va = 0x7fffff3dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff3c000" filename = "" Region: id = 772 start_va = 0x7fffff3e000 end_va = 0x7fffff3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff3e000" filename = "" Region: id = 773 start_va = 0x7fffff40000 end_va = 0x7fffff41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff40000" filename = "" Region: id = 774 start_va = 0x7fffff42000 end_va = 0x7fffff43fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff42000" filename = "" Region: id = 775 start_va = 0x7fffff44000 end_va = 0x7fffff45fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff44000" filename = "" Region: id = 776 start_va = 0x7fffff46000 end_va = 0x7fffff47fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff46000" filename = "" Region: id = 777 start_va = 0x7fffff48000 end_va = 0x7fffff49fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff48000" filename = "" Region: id = 778 start_va = 0x7fffff4a000 end_va = 0x7fffff4bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4a000" filename = "" Region: id = 779 start_va = 0x7fffff4c000 end_va = 0x7fffff4dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4c000" filename = "" Region: id = 780 start_va = 0x7fffff4e000 end_va = 0x7fffff4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff4e000" filename = "" Region: id = 781 start_va = 0x7fffff50000 end_va = 0x7fffff51fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff50000" filename = "" Region: id = 782 start_va = 0x7fffff52000 end_va = 0x7fffff53fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff52000" filename = "" Region: id = 783 start_va = 0x7fffff54000 end_va = 0x7fffff55fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff54000" filename = "" Region: id = 784 start_va = 0x7fffff56000 end_va = 0x7fffff57fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff56000" filename = "" Region: id = 785 start_va = 0x7fffff58000 end_va = 0x7fffff59fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff58000" filename = "" Region: id = 786 start_va = 0x7fffff5a000 end_va = 0x7fffff5bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5a000" filename = "" Region: id = 787 start_va = 0x7fffff5c000 end_va = 0x7fffff5dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5c000" filename = "" Region: id = 788 start_va = 0x7fffff5e000 end_va = 0x7fffff5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff5e000" filename = "" Region: id = 789 start_va = 0x7fffff60000 end_va = 0x7fffff61fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff60000" filename = "" Region: id = 790 start_va = 0x7fffff62000 end_va = 0x7fffff63fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff62000" filename = "" Region: id = 791 start_va = 0x7fffff64000 end_va = 0x7fffff65fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff64000" filename = "" Region: id = 792 start_va = 0x7fffff66000 end_va = 0x7fffff67fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff66000" filename = "" Region: id = 793 start_va = 0x7fffff68000 end_va = 0x7fffff69fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff68000" filename = "" Region: id = 794 start_va = 0x7fffff6a000 end_va = 0x7fffff6bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6a000" filename = "" Region: id = 795 start_va = 0x7fffff6c000 end_va = 0x7fffff6dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6c000" filename = "" Region: id = 796 start_va = 0x7fffff6e000 end_va = 0x7fffff6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff6e000" filename = "" Region: id = 797 start_va = 0x7fffff70000 end_va = 0x7fffff71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff70000" filename = "" Region: id = 798 start_va = 0x7fffff72000 end_va = 0x7fffff73fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff72000" filename = "" Region: id = 799 start_va = 0x7fffff74000 end_va = 0x7fffff75fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff74000" filename = "" Region: id = 800 start_va = 0x7fffff76000 end_va = 0x7fffff77fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff76000" filename = "" Region: id = 801 start_va = 0x7fffff78000 end_va = 0x7fffff79fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff78000" filename = "" Region: id = 802 start_va = 0x7fffff7a000 end_va = 0x7fffff7bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7a000" filename = "" Region: id = 803 start_va = 0x7fffff7c000 end_va = 0x7fffff7dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7c000" filename = "" Region: id = 804 start_va = 0x7fffff7e000 end_va = 0x7fffff7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff7e000" filename = "" Region: id = 805 start_va = 0x7fffff82000 end_va = 0x7fffff83fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff82000" filename = "" Region: id = 806 start_va = 0x7fffff88000 end_va = 0x7fffff89fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff88000" filename = "" Region: id = 807 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 808 start_va = 0x7fffff90000 end_va = 0x7fffff91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff90000" filename = "" Region: id = 809 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 810 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 811 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 812 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 813 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 814 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 815 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 816 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 817 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 818 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 819 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 820 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 821 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 822 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 823 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 824 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 825 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 826 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 827 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 828 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 829 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2168 start_va = 0x7fef3180000 end_va = 0x7fef3353fff monitored = 0 entry_point = 0x7fef31b6b00 region_type = mapped_file name = "msxml3.dll" filename = "\\Windows\\System32\\msxml3.dll" (normalized: "c:\\windows\\system32\\msxml3.dll") Region: id = 2169 start_va = 0x6420000 end_va = 0x660ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006420000" filename = "" Region: id = 2170 start_va = 0x4ed0000 end_va = 0x4ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ed0000" filename = "" Region: id = 2171 start_va = 0x6420000 end_va = 0x652ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006420000" filename = "" Region: id = 2172 start_va = 0x6590000 end_va = 0x660ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006590000" filename = "" Region: id = 2173 start_va = 0x6610000 end_va = 0x6a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006610000" filename = "" Region: id = 2174 start_va = 0x140000 end_va = 0x140fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml3r.dll" filename = "\\Windows\\System32\\msxml3r.dll" (normalized: "c:\\windows\\system32\\msxml3r.dll") Region: id = 2175 start_va = 0x17d0000 end_va = 0x17effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000017d0000" filename = "" Region: id = 2176 start_va = 0x7fef87e0000 end_va = 0x7fef885bfff monitored = 0 entry_point = 0x7fef87e11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 2177 start_va = 0x6a10000 end_va = 0x6c4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a10000" filename = "" Region: id = 2178 start_va = 0x150000 end_va = 0x152fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wuaueng.dll.mui" filename = "\\Windows\\System32\\en-US\\wuaueng.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wuaueng.dll.mui") Region: id = 2179 start_va = 0xab0000 end_va = 0xabffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2180 start_va = 0x1580000 end_va = 0x158ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2181 start_va = 0x1610000 end_va = 0x161ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2182 start_va = 0xab0000 end_va = 0xabffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2183 start_va = 0x1580000 end_va = 0x158ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2184 start_va = 0x1610000 end_va = 0x161ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2185 start_va = 0x2c20000 end_va = 0x2c9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c20000" filename = "" Region: id = 2186 start_va = 0x31f0000 end_va = 0x326ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000031f0000" filename = "" Region: id = 2187 start_va = 0x3510000 end_va = 0x358ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003510000" filename = "" Region: id = 2188 start_va = 0x4a00000 end_va = 0x4a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 2189 start_va = 0x7fffff8a000 end_va = 0x7fffff8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8a000" filename = "" Region: id = 2190 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2191 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2192 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2193 start_va = 0x2350000 end_va = 0x23f9fff monitored = 0 entry_point = 0x2354104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2194 start_va = 0xab0000 end_va = 0xabcfff monitored = 0 entry_point = 0xaba138 region_type = mapped_file name = "wuauclt.exe" filename = "\\Windows\\System32\\wuauclt.exe" (normalized: "c:\\windows\\system32\\wuauclt.exe") Region: id = 2195 start_va = 0x6c50000 end_va = 0x6e9efff monitored = 0 entry_point = 0x6c5236c region_type = mapped_file name = "wuaueng.dll" filename = "\\Windows\\System32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll") Region: id = 2196 start_va = 0xab0000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ab0000" filename = "" Region: id = 2197 start_va = 0x45e0000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045e0000" filename = "" Region: id = 2198 start_va = 0x7fffff86000 end_va = 0x7fffff87fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff86000" filename = "" Region: id = 2199 start_va = 0xab0000 end_va = 0xab0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 2200 start_va = 0x17f0000 end_va = 0x17fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2201 start_va = 0x1580000 end_va = 0x158ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 2202 start_va = 0x1610000 end_va = 0x161ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "datastore.edb" filename = "\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb" (normalized: "c:\\windows\\softwaredistribution\\datastore\\datastore.edb") Region: id = 3438 start_va = 0x23a0000 end_va = 0x241ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023a0000" filename = "" Region: id = 3439 start_va = 0x2450000 end_va = 0x24cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002450000" filename = "" Region: id = 3440 start_va = 0x24e0000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000024e0000" filename = "" Region: id = 3441 start_va = 0x2590000 end_va = 0x260ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002590000" filename = "" Region: id = 3442 start_va = 0x3270000 end_va = 0x32effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003270000" filename = "" Region: id = 3463 start_va = 0x140000 end_va = 0x142fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3464 start_va = 0x140000 end_va = 0x144fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 3465 start_va = 0xa10000 end_va = 0xa12fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 4348 start_va = 0x140000 end_va = 0x142fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000140000" filename = "" Region: id = 4415 start_va = 0x7fefa7a0000 end_va = 0x7fefa806fff monitored = 0 entry_point = 0x7fefa7b6060 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 4416 start_va = 0x140000 end_va = 0x14ffff monitored = 0 entry_point = 0x143e64 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 4417 start_va = 0xa10000 end_va = 0xa13fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb") Region: id = 4418 start_va = 0x2190000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 4419 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 4423 start_va = 0x7fefad60000 end_va = 0x7fefad9efff monitored = 0 entry_point = 0x7fefad612c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 4601 start_va = 0x2470000 end_va = 0x24effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002470000" filename = "" Region: id = 4602 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4603 start_va = 0x140000 end_va = 0x147fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 4604 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 4605 start_va = 0x140000 end_va = 0x140fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 4615 start_va = 0x7fef8f90000 end_va = 0x7fef8ffafff monitored = 0 entry_point = 0x7fef8fd4344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 4616 start_va = 0x7fef92e0000 end_va = 0x7fef92edfff monitored = 0 entry_point = 0x7fef92e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Thread: id = 11 os_tid = 0xe80 Thread: id = 12 os_tid = 0xe7c Thread: id = 13 os_tid = 0xdf8 Thread: id = 14 os_tid = 0xdf0 Thread: id = 15 os_tid = 0xd8c Thread: id = 16 os_tid = 0xd54 Thread: id = 17 os_tid = 0xd48 Thread: id = 18 os_tid = 0xc74 Thread: id = 19 os_tid = 0xc70 Thread: id = 20 os_tid = 0x8e0 Thread: id = 21 os_tid = 0x824 Thread: id = 22 os_tid = 0x750 Thread: id = 23 os_tid = 0x248 Thread: id = 24 os_tid = 0x650 Thread: id = 25 os_tid = 0x3b8 Thread: id = 26 os_tid = 0x35c Thread: id = 27 os_tid = 0x314 Thread: id = 28 os_tid = 0x3bc Thread: id = 29 os_tid = 0x394 Thread: id = 30 os_tid = 0x464 Thread: id = 31 os_tid = 0x5f0 Thread: id = 32 os_tid = 0x5f8 Thread: id = 33 os_tid = 0x328 Thread: id = 34 os_tid = 0x23c Thread: id = 35 os_tid = 0x238 Thread: id = 36 os_tid = 0x224 Thread: id = 37 os_tid = 0x7d4 Thread: id = 38 os_tid = 0xcc Thread: id = 39 os_tid = 0x398 Thread: id = 40 os_tid = 0x7f4 Thread: id = 41 os_tid = 0x74c Thread: id = 42 os_tid = 0x418 Thread: id = 43 os_tid = 0x2b0 Thread: id = 44 os_tid = 0x6d4 Thread: id = 45 os_tid = 0x6cc Thread: id = 46 os_tid = 0x6c4 Thread: id = 47 os_tid = 0x668 Thread: id = 48 os_tid = 0x664 Thread: id = 49 os_tid = 0x63c Thread: id = 50 os_tid = 0x604 Thread: id = 51 os_tid = 0x600 Thread: id = 52 os_tid = 0x5dc Thread: id = 53 os_tid = 0x5cc Thread: id = 54 os_tid = 0x444 Thread: id = 55 os_tid = 0x440 Thread: id = 56 os_tid = 0x434 Thread: id = 57 os_tid = 0x42c Thread: id = 58 os_tid = 0x420 Thread: id = 59 os_tid = 0x214 Thread: id = 60 os_tid = 0x22c Thread: id = 61 os_tid = 0x3f4 Thread: id = 62 os_tid = 0x3ec Thread: id = 63 os_tid = 0x3e0 Thread: id = 64 os_tid = 0x384 Thread: id = 65 os_tid = 0x37c Thread: id = 66 os_tid = 0x374 Thread: id = 67 os_tid = 0x36c Thread: id = 89 os_tid = 0xf70 Thread: id = 90 os_tid = 0xf74 Thread: id = 91 os_tid = 0xf78 Thread: id = 92 os_tid = 0xf7c Thread: id = 93 os_tid = 0xf84 Thread: id = 100 os_tid = 0xfbc Thread: id = 101 os_tid = 0xfc0 Thread: id = 148 os_tid = 0xae4 Thread: id = 149 os_tid = 0xae8 Thread: id = 150 os_tid = 0xaec Thread: id = 151 os_tid = 0xaf0 Thread: id = 152 os_tid = 0xb28 Thread: id = 153 os_tid = 0xb4c Thread: id = 170 os_tid = 0xd5c Thread: id = 189 os_tid = 0xd6c Thread: id = 190 os_tid = 0xda4 Thread: id = 191 os_tid = 0xdd4 Process: id = "3" image_name = "noise.exe" filename = "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe" page_root = "0x3daef000" os_pid = "0xf24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xedc" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe\" " cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1863 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1864 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1865 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 1866 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 1867 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 1868 start_va = 0x190000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 1869 start_va = 0x1e0000 end_va = 0x2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1870 start_va = 0x10b0000 end_va = 0x1151fff monitored = 1 entry_point = 0x114ddbe region_type = mapped_file name = "noise.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe") Region: id = 1871 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1872 start_va = 0x76f00000 end_va = 0x7707ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1873 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 1874 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 1875 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 1876 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 1877 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 1878 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1879 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1880 start_va = 0x70000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 1881 start_va = 0x73690000 end_va = 0x736cefff monitored = 0 entry_point = 0x736be088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1882 start_va = 0x73630000 end_va = 0x7368bfff monitored = 0 entry_point = 0x7366f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1883 start_va = 0x73620000 end_va = 0x73627fff monitored = 0 entry_point = 0x736220f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1884 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1885 start_va = 0x752b0000 end_va = 0x753bffff monitored = 0 entry_point = 0x752c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1886 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1887 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076b00000" filename = "" Region: id = 1888 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1889 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076c20000" filename = "" Region: id = 1890 start_va = 0x2e0000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1891 start_va = 0x73500000 end_va = 0x73549fff monitored = 1 entry_point = 0x73502e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1892 start_va = 0x752b0000 end_va = 0x753bffff monitored = 0 entry_point = 0x752c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1896 start_va = 0x753c0000 end_va = 0x75406fff monitored = 0 entry_point = 0x753c74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1897 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1898 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 1899 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 1900 start_va = 0x440000 end_va = 0x4a6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1901 start_va = 0x4b0000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1902 start_va = 0x560000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1903 start_va = 0x76a60000 end_va = 0x76afffff monitored = 0 entry_point = 0x76a749e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1904 start_va = 0x75410000 end_va = 0x754bbfff monitored = 0 entry_point = 0x7541a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1905 start_va = 0x759a0000 end_va = 0x759b8fff monitored = 0 entry_point = 0x759a4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1906 start_va = 0x76970000 end_va = 0x76a5ffff monitored = 0 entry_point = 0x76980569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1907 start_va = 0x74a50000 end_va = 0x74aaffff monitored = 0 entry_point = 0x74a6a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1908 start_va = 0x74a40000 end_va = 0x74a4bfff monitored = 0 entry_point = 0x74a410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1909 start_va = 0x6c0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006c0000" filename = "" Region: id = 1910 start_va = 0x733b0000 end_va = 0x7343cfff monitored = 1 entry_point = 0x733c2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1911 start_va = 0x734f0000 end_va = 0x734f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 1912 start_va = 0x751c0000 end_va = 0x75216fff monitored = 0 entry_point = 0x751d9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1913 start_va = 0x75220000 end_va = 0x752affff monitored = 0 entry_point = 0x75236343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1914 start_va = 0x76860000 end_va = 0x7695ffff monitored = 0 entry_point = 0x7687b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1915 start_va = 0x759c0000 end_va = 0x759c9fff monitored = 0 entry_point = 0x759c36a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 1916 start_va = 0x74d40000 end_va = 0x74ddcfff monitored = 0 entry_point = 0x74d73fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 1917 start_va = 0x6c0000 end_va = 0x847fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006c0000" filename = "" Region: id = 1918 start_va = 0x8a0000 end_va = 0x8affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 1919 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1920 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1921 start_va = 0x75550000 end_va = 0x755affff monitored = 0 entry_point = 0x7556158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1922 start_va = 0x74c40000 end_va = 0x74d0bfff monitored = 0 entry_point = 0x74c4168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 1923 start_va = 0x8b0000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008b0000" filename = "" Region: id = 1924 start_va = 0x1160000 end_va = 0x255ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000001160000" filename = "" Region: id = 1925 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1926 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1927 start_va = 0x4b0000 end_va = 0x54cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "noise.exe2ea3b30a3af669be588442dc0648865f80195665d2b2.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe2ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe2ea3b30a3af669be588442dc0648865f80195665d2b2.exe") Region: id = 1928 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1929 start_va = 0x4b0000 end_va = 0x54cfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "noise.exe2ea3b30a3af669be588442dc0648865f80195665d2b2.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe2ea3b30a3af669be588442dc0648865f80195665d2b2.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe2ea3b30a3af669be588442dc0648865f80195665d2b2.exe") Region: id = 1930 start_va = 0x733a0000 end_va = 0x733a8fff monitored = 0 entry_point = 0x733a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1931 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1932 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1933 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1934 start_va = 0x73600000 end_va = 0x73613fff monitored = 0 entry_point = 0x7360ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 1935 start_va = 0x73550000 end_va = 0x735fafff monitored = 0 entry_point = 0x735e5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 1936 start_va = 0x70000 end_va = 0x70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000070000" filename = "" Region: id = 1937 start_va = 0xd0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 1938 start_va = 0x80000 end_va = 0x8ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000080000" filename = "" Region: id = 1939 start_va = 0x90000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000090000" filename = "" Region: id = 1940 start_va = 0xa0000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1941 start_va = 0xb0000 end_va = 0xbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 1942 start_va = 0xc0000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 1943 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 1944 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 1945 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 1946 start_va = 0x560000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 1947 start_va = 0x680000 end_va = 0x6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000680000" filename = "" Region: id = 1948 start_va = 0xa40000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 1949 start_va = 0xaa0000 end_va = 0xadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 1950 start_va = 0xbc0000 end_va = 0xbfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000bc0000" filename = "" Region: id = 1951 start_va = 0xcc0000 end_va = 0xdbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1952 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 1953 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1954 start_va = 0x2560000 end_va = 0x455ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002560000" filename = "" Region: id = 1955 start_va = 0x4b0000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1956 start_va = 0x640000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000640000" filename = "" Region: id = 1957 start_va = 0xf20000 end_va = 0x101ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 1958 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 1959 start_va = 0x570000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 1960 start_va = 0x600000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1961 start_va = 0x4670000 end_va = 0x476ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004670000" filename = "" Region: id = 1962 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 1963 start_va = 0x4770000 end_va = 0x4a3efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1964 start_va = 0x70360000 end_va = 0x7176afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 1965 start_va = 0x75740000 end_va = 0x7589bfff monitored = 0 entry_point = 0x7578ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1966 start_va = 0x73a10000 end_va = 0x73a8ffff monitored = 0 entry_point = 0x73a237c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1967 start_va = 0xdc0000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 1968 start_va = 0xae0000 end_va = 0xbbefff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ae0000" filename = "" Region: id = 1969 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 1970 start_va = 0x74a20000 end_va = 0x74a22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 1971 start_va = 0x74990000 end_va = 0x74a18fff monitored = 1 entry_point = 0x74991130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1972 start_va = 0x75130000 end_va = 0x751befff monitored = 0 entry_point = 0x75133fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1973 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1974 start_va = 0x6eea0000 end_va = 0x6f8f4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 1975 start_va = 0x6fb40000 end_va = 0x70357fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 1976 start_va = 0x6f950000 end_va = 0x6fb31fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 1977 start_va = 0x6ecf0000 end_va = 0x6ee92fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 1978 start_va = 0x6de80000 end_va = 0x6ece5fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 1979 start_va = 0x2e0000 end_va = 0x2effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002e0000" filename = "" Region: id = 1980 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 1981 start_va = 0x2f0000 end_va = 0x2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002f0000" filename = "" Region: id = 1982 start_va = 0x2e0000 end_va = 0x2f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002e0000" filename = "" Region: id = 1983 start_va = 0x6dd70000 end_va = 0x6de74fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 1984 start_va = 0x300000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000300000" filename = "" Region: id = 1985 start_va = 0x6d5f0000 end_va = 0x6dd63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 1986 start_va = 0x74950000 end_va = 0x74962fff monitored = 1 entry_point = 0x7495d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 1987 start_va = 0x4a40000 end_va = 0x4d11fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 1988 start_va = 0x75be0000 end_va = 0x76829fff monitored = 0 entry_point = 0x75c61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1989 start_va = 0x310000 end_va = 0x310fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 1990 start_va = 0x748d0000 end_va = 0x748dafff monitored = 0 entry_point = 0x748d1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1991 start_va = 0x4d20000 end_va = 0x4edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d20000" filename = "" Region: id = 1992 start_va = 0x74970000 end_va = 0x74986fff monitored = 0 entry_point = 0x749735fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1993 start_va = 0x738e0000 end_va = 0x738f6fff monitored = 0 entry_point = 0x738e3573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1994 start_va = 0x5b0000 end_va = 0x5ebfff monitored = 0 entry_point = 0x5b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1995 start_va = 0x5b0000 end_va = 0x5ebfff monitored = 0 entry_point = 0x5b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1996 start_va = 0x5b0000 end_va = 0x5ebfff monitored = 0 entry_point = 0x5b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1997 start_va = 0x5b0000 end_va = 0x5ebfff monitored = 0 entry_point = 0x5b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1998 start_va = 0x5b0000 end_va = 0x5ebfff monitored = 0 entry_point = 0x5b128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1999 start_va = 0x738a0000 end_va = 0x738dafff monitored = 0 entry_point = 0x738a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2000 start_va = 0x75950000 end_va = 0x75954fff monitored = 0 entry_point = 0x75951438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2001 start_va = 0x73990000 end_va = 0x739e1fff monitored = 0 entry_point = 0x739914be region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2002 start_va = 0x73970000 end_va = 0x73984fff monitored = 0 entry_point = 0x739712de region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2003 start_va = 0x75960000 end_va = 0x75994fff monitored = 0 entry_point = 0x7596145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2004 start_va = 0x76960000 end_va = 0x76965fff monitored = 0 entry_point = 0x76961782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2005 start_va = 0x73960000 end_va = 0x7396cfff monitored = 0 entry_point = 0x73961326 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2006 start_va = 0x747e0000 end_va = 0x7481bfff monitored = 0 entry_point = 0x747e145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2007 start_va = 0x747d0000 end_va = 0x747d4fff monitored = 0 entry_point = 0x747d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 2008 start_va = 0x747c0000 end_va = 0x747c5fff monitored = 0 entry_point = 0x747c1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 2009 start_va = 0xc00000 end_va = 0xcbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2010 start_va = 0xe10000 end_va = 0xe4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e10000" filename = "" Region: id = 2011 start_va = 0xee0000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 2012 start_va = 0x4d40000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d40000" filename = "" Region: id = 2013 start_va = 0x4ea0000 end_va = 0x4edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 2014 start_va = 0x6d590000 end_va = 0x6d5e7fff monitored = 0 entry_point = 0x6d5913b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 2015 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2016 start_va = 0x6f900000 end_va = 0x6f94efff monitored = 0 entry_point = 0x6f901452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 2017 start_va = 0x45d0000 end_va = 0x460ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000045d0000" filename = "" Region: id = 2018 start_va = 0x5060000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005060000" filename = "" Region: id = 2019 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2020 start_va = 0x74930000 end_va = 0x74937fff monitored = 0 entry_point = 0x749334d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 2021 start_va = 0x74830000 end_va = 0x7484bfff monitored = 0 entry_point = 0x7483a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2022 start_va = 0x74820000 end_va = 0x74826fff monitored = 0 entry_point = 0x7482128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2023 start_va = 0x74940000 end_va = 0x7494cfff monitored = 0 entry_point = 0x74942012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 2024 start_va = 0x4620000 end_va = 0x465ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004620000" filename = "" Region: id = 2025 start_va = 0x4f20000 end_va = 0x501ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f20000" filename = "" Region: id = 2026 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2027 start_va = 0x6d550000 end_va = 0x6d561fff monitored = 0 entry_point = 0x6d553271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 2028 start_va = 0x5160000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2029 start_va = 0xe50000 end_va = 0xeb1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2030 start_va = 0x4570000 end_va = 0x45affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004570000" filename = "" Region: id = 2031 start_va = 0x5360000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 2032 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2033 start_va = 0x747a0000 end_va = 0x747adfff monitored = 0 entry_point = 0x747a1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2034 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2035 start_va = 0x52e0000 end_va = 0x531ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 2036 start_va = 0x54a0000 end_va = 0x559ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000054a0000" filename = "" Region: id = 2037 start_va = 0x7ef9e000 end_va = 0x7efa0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9e000" filename = "" Region: id = 2038 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2039 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2040 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2041 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2042 start_va = 0x320000 end_va = 0x326fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2043 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2044 start_va = 0x320000 end_va = 0x326fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2045 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2046 start_va = 0x320000 end_va = 0x326fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2047 start_va = 0x74850000 end_va = 0x74893fff monitored = 0 entry_point = 0x748663f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2048 start_va = 0x55a0000 end_va = 0x569ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 2049 start_va = 0x747b0000 end_va = 0x747b5fff monitored = 0 entry_point = 0x747b14b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2050 start_va = 0x6d510000 end_va = 0x6d547fff monitored = 0 entry_point = 0x6d51990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2051 start_va = 0x1020000 end_va = 0x10affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2052 start_va = 0x6d580000 end_va = 0x6d587fff monitored = 0 entry_point = 0x6d5810e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2053 start_va = 0x6d4d0000 end_va = 0x6d50efff monitored = 0 entry_point = 0x6d4d2351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 2054 start_va = 0x74ab0000 end_va = 0x74bd0fff monitored = 0 entry_point = 0x74ab158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2055 start_va = 0x76ed0000 end_va = 0x76edbfff monitored = 0 entry_point = 0x76ed238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2056 start_va = 0x6d490000 end_va = 0x6d4c7fff monitored = 0 entry_point = 0x6d491489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 2057 start_va = 0x6d450000 end_va = 0x6d48cfff monitored = 0 entry_point = 0x6d4510f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 2058 start_va = 0x55d0000 end_va = 0x560ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055d0000" filename = "" Region: id = 2059 start_va = 0x5660000 end_va = 0x569ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005660000" filename = "" Region: id = 2060 start_va = 0x5720000 end_va = 0x581ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005720000" filename = "" Region: id = 2061 start_va = 0x6d430000 end_va = 0x6d446fff monitored = 0 entry_point = 0x6d431c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 2062 start_va = 0x7ef9b000 end_va = 0x7ef9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef9b000" filename = "" Region: id = 2063 start_va = 0x5820000 end_va = 0x591ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005820000" filename = "" Region: id = 2064 start_va = 0x5920000 end_va = 0x5b1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005920000" filename = "" Region: id = 2065 start_va = 0x6d410000 end_va = 0x6d425fff monitored = 0 entry_point = 0x6d412061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 2066 start_va = 0x320000 end_va = 0x329fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 2067 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 2068 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 2069 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2070 start_va = 0x5b0000 end_va = 0x5d9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 2071 start_va = 0x330000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000330000" filename = "" Region: id = 2072 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2073 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2074 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2075 start_va = 0x5e0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 2076 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2077 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2078 start_va = 0x56d0000 end_va = 0x570ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056d0000" filename = "" Region: id = 2079 start_va = 0x5be0000 end_va = 0x5cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005be0000" filename = "" Region: id = 2080 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Region: id = 2081 start_va = 0x5ce0000 end_va = 0x6cdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ce0000" filename = "" Region: id = 2082 start_va = 0x6ce0000 end_va = 0x6e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006ce0000" filename = "" Region: id = 2083 start_va = 0x6e30000 end_va = 0x7e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e30000" filename = "" Region: id = 2084 start_va = 0x7e30000 end_va = 0x80bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e30000" filename = "" Region: id = 2085 start_va = 0x5e0000 end_va = 0x5f2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005e0000" filename = "" Region: id = 2086 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2087 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 2088 start_va = 0x80c0000 end_va = 0x90bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080c0000" filename = "" Region: id = 2089 start_va = 0x90c0000 end_va = 0xa0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090c0000" filename = "" Region: id = 2090 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2091 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2092 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2093 start_va = 0xa50000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 2094 start_va = 0xa140000 end_va = 0xa23ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a140000" filename = "" Region: id = 2095 start_va = 0x7ef95000 end_va = 0x7ef97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef95000" filename = "" Region: id = 2096 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2097 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2098 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2099 start_va = 0x5280000 end_va = 0x52bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 2100 start_va = 0xa280000 end_va = 0xa37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a280000" filename = "" Region: id = 2101 start_va = 0x7ef92000 end_va = 0x7ef94fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef92000" filename = "" Region: id = 2102 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2103 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2104 start_va = 0x4b0000 end_va = 0x531fff monitored = 0 entry_point = 0x4b19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2105 start_va = 0x4b0000 end_va = 0x531fff monitored = 0 entry_point = 0x4b19a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2106 start_va = 0x6d380000 end_va = 0x6d403fff monitored = 0 entry_point = 0x6d3819a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 2107 start_va = 0x4b0000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2108 start_va = 0x6d1f0000 end_va = 0x6d37ffff monitored = 0 entry_point = 0x6d28d026 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll") Region: id = 2109 start_va = 0x5ce0000 end_va = 0x5e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ce0000" filename = "" Region: id = 2110 start_va = 0x4b0000 end_va = 0x4cbfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "gdipfontcachev1.dat" filename = "\\Users\\kEecfMwgj\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\gdipfontcachev1.dat") Region: id = 2111 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 2112 start_va = 0x4e50000 end_va = 0x4e8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 2113 start_va = 0x5ea0000 end_va = 0x5f9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ea0000" filename = "" Region: id = 2114 start_va = 0x7ef8f000 end_va = 0x7ef91fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8f000" filename = "" Region: id = 2115 start_va = 0x5ce0000 end_va = 0x5ddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ce0000" filename = "" Region: id = 2116 start_va = 0x5e90000 end_va = 0x5e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e90000" filename = "" Region: id = 2117 start_va = 0x5b20000 end_va = 0x5bcafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 2118 start_va = 0x5b20000 end_va = 0x5bcafff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tahoma.ttf" filename = "\\Windows\\Fonts\\tahoma.ttf" (normalized: "c:\\windows\\fonts\\tahoma.ttf") Region: id = 2119 start_va = 0xa380000 end_va = 0xb828fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 2120 start_va = 0xa380000 end_va = 0xb828fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msjh.ttf" filename = "\\Windows\\Fonts\\msjh.ttf" (normalized: "c:\\windows\\fonts\\msjh.ttf") Region: id = 2121 start_va = 0xa380000 end_va = 0xb842fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 2122 start_va = 0xa380000 end_va = 0xb842fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msyh.ttf" filename = "\\Windows\\Fonts\\msyh.ttf" (normalized: "c:\\windows\\fonts\\msyh.ttf") Region: id = 2123 start_va = 0x5fa0000 end_va = 0x63c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 2124 start_va = 0x5fa0000 end_va = 0x63c2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "malgun.ttf" filename = "\\Windows\\Fonts\\malgun.ttf" (normalized: "c:\\windows\\fonts\\malgun.ttf") Region: id = 2125 start_va = 0x5b20000 end_va = 0x5bbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 2126 start_va = 0x5b20000 end_va = 0x5bbffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "micross.ttf" filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf") Region: id = 2127 start_va = 0x4b0000 end_va = 0x52efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 2128 start_va = 0x4b0000 end_va = 0x52efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 2129 start_va = 0x5fa0000 end_va = 0x619ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fa0000" filename = "" Region: id = 2130 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2131 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2132 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2133 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2134 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2135 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2136 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2137 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2138 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 2139 start_va = 0x6d0f0000 end_va = 0x6d1eafff monitored = 0 entry_point = 0x6d1017e1 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 2140 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2141 start_va = 0x5b20000 end_va = 0x5b9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b20000" filename = "" Region: id = 2142 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2143 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2144 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2145 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2146 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2147 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2148 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2149 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2150 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2151 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2152 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2153 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2154 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2155 start_va = 0x6c320000 end_va = 0x6d0ecfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.web.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll") Region: id = 2156 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2157 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2158 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2159 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2160 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2161 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2162 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2163 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2164 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2165 start_va = 0x5610000 end_va = 0x564ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005610000" filename = "" Region: id = 2166 start_va = 0x5ba0000 end_va = 0x5bdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ba0000" filename = "" Region: id = 2167 start_va = 0x7ef8c000 end_va = 0x7ef8efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef8c000" filename = "" Region: id = 2203 start_va = 0x5320000 end_va = 0x535ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 2204 start_va = 0x5bf0000 end_va = 0x5c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bf0000" filename = "" Region: id = 2205 start_va = 0x5e40000 end_va = 0x5e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e40000" filename = "" Region: id = 2206 start_va = 0x6320000 end_va = 0x641ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006320000" filename = "" Region: id = 2207 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2208 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2209 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2210 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 2211 start_va = 0x4e0000 end_va = 0x4f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 2212 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2213 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2214 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2215 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2216 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2217 start_va = 0x6e30000 end_va = 0x7e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e30000" filename = "" Region: id = 2218 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 2219 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2220 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2221 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2222 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2223 start_va = 0x5c90000 end_va = 0x5ccffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c90000" filename = "" Region: id = 2224 start_va = 0x6470000 end_va = 0x656ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 2225 start_va = 0x7ef86000 end_va = 0x7ef88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef86000" filename = "" Region: id = 2226 start_va = 0x80c0000 end_va = 0x90bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000080c0000" filename = "" Region: id = 2227 start_va = 0x90c0000 end_va = 0xa0bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000090c0000" filename = "" Region: id = 2228 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2229 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2230 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2231 start_va = 0xa380000 end_va = 0xb37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a380000" filename = "" Region: id = 2232 start_va = 0xb380000 end_va = 0xc37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b380000" filename = "" Region: id = 2233 start_va = 0x6570000 end_va = 0x6a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006570000" filename = "" Region: id = 2234 start_va = 0xc380000 end_va = 0xd37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c380000" filename = "" Region: id = 2235 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2236 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2237 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2238 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 2239 start_va = 0x860000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2240 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 2241 start_va = 0x880000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2242 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2243 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2244 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2245 start_va = 0x5e20000 end_va = 0x5e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e20000" filename = "" Region: id = 2246 start_va = 0x61e0000 end_va = 0x62dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000061e0000" filename = "" Region: id = 2247 start_va = 0x7ef89000 end_va = 0x7ef8bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef89000" filename = "" Region: id = 2248 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2249 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2250 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2251 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2252 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2253 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2254 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2255 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2256 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2257 start_va = 0x62e0000 end_va = 0x631ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000062e0000" filename = "" Region: id = 2258 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 2259 start_va = 0x7ef83000 end_va = 0x7ef85fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef83000" filename = "" Region: id = 2260 start_va = 0x850000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 2261 start_va = 0x860000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 2262 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2263 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2264 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2265 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2266 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2267 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2268 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2269 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2270 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2271 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 2289 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2290 start_va = 0x560000 end_va = 0x56ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 2292 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 2293 start_va = 0x5020000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005020000" filename = "" Region: id = 2508 start_va = 0x5320000 end_va = 0x535ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 2509 start_va = 0x6470000 end_va = 0x656ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006470000" filename = "" Region: id = 2510 start_va = 0x7ef98000 end_va = 0x7ef9afff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef98000" filename = "" Thread: id = 73 os_tid = 0xf28 [0101.473] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0102.603] GetACP () returned 0x4e4 [0102.825] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config", nBufferLength=0x105, lpBuffer=0x2de724, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config", lpFilePart=0x0) returned 0x36 [0102.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de420 | out: phkResult=0x2de420*=0x0) returned 0x2 [0102.831] RegCloseKey (hKey=0x80000002) returned 0x0 [0102.906] GetCurrentProcess () returned 0xffffffff [0102.907] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dea5c | out: TokenHandle=0x2dea5c*=0x40) returned 1 [0102.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x2de514, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0102.923] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2dea54 | out: lpFileInformation=0x2dea54*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0102.924] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2de4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0102.926] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2dea5c | out: lpFileInformation=0x2dea5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0102.927] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x2de47c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0102.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2de994) returned 1 [0102.929] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8 [0102.930] GetFileType (hFile=0x1f8) returned 0x1 [0102.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2de990) returned 1 [0102.930] GetFileType (hFile=0x1f8) returned 0x1 [0102.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ddcd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0102.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x2ddd34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0102.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2ddf74) returned 1 [0102.955] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x2de238 | out: lpFileInformation=0x2de238*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0102.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2ddf70) returned 1 [0103.052] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x2de104 | out: pfEnabled=0x2de104) returned 0x0 [0103.118] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de9e0 | out: phkResult=0x2de9e0*=0x0) returned 0x2 [0103.119] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\XML", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de9e0 | out: phkResult=0x2de9e0*=0x0) returned 0x2 [0103.119] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x2dea50 | out: lpFileSizeHigh=0x2dea50*=0x0) returned 0x8c8e [0103.120] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2dea0c, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2dea0c*=0x1000, lpOverlapped=0x0) returned 1 [0103.137] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de8bc, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de8bc*=0x1000, lpOverlapped=0x0) returned 1 [0103.138] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de770, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de770*=0x1000, lpOverlapped=0x0) returned 1 [0103.139] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de770, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de770*=0x1000, lpOverlapped=0x0) returned 1 [0103.140] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de770, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de770*=0x1000, lpOverlapped=0x0) returned 1 [0103.140] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de6a8, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de6a8*=0x1000, lpOverlapped=0x0) returned 1 [0103.145] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de814, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de814*=0x1000, lpOverlapped=0x0) returned 1 [0103.146] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de708, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de708*=0x1000, lpOverlapped=0x0) returned 1 [0103.147] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de708, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de708*=0xc8e, lpOverlapped=0x0) returned 1 [0103.147] ReadFile (in: hFile=0x1f8, lpBuffer=0x25902b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x2de7cc, lpOverlapped=0x0 | out: lpBuffer=0x25902b0*, lpNumberOfBytesRead=0x2de7cc*=0x0, lpOverlapped=0x0) returned 1 [0103.147] CloseHandle (hObject=0x1f8) returned 1 [0103.147] CloseHandle (hObject=0x40) returned 1 [0103.148] GetCurrentProcess () returned 0xffffffff [0103.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2deba8 | out: TokenHandle=0x2deba8*=0x40) returned 1 [0103.149] CloseHandle (hObject=0x40) returned 1 [0103.149] GetCurrentProcess () returned 0xffffffff [0103.149] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2deba8 | out: TokenHandle=0x2deba8*=0x40) returned 1 [0103.150] CloseHandle (hObject=0x40) returned 1 [0103.156] GetCurrentProcess () returned 0xffffffff [0103.156] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dea5c | out: TokenHandle=0x2dea5c*=0x40) returned 1 [0103.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2dea54 | out: lpFileInformation=0x2dea54*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0103.157] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config", nBufferLength=0x105, lpBuffer=0x2de4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config", lpFilePart=0x0) returned 0x36 [0103.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2dea5c | out: lpFileInformation=0x2dea5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0103.158] CloseHandle (hObject=0x40) returned 1 [0103.158] GetCurrentProcess () returned 0xffffffff [0103.158] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2deba8 | out: TokenHandle=0x2deba8*=0x40) returned 1 [0103.159] CloseHandle (hObject=0x40) returned 1 [0103.160] GetCurrentProcess () returned 0xffffffff [0103.160] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2deba8 | out: TokenHandle=0x2deba8*=0x40) returned 1 [0103.160] CloseHandle (hObject=0x40) returned 1 [0103.185] GetCurrentProcess () returned 0xffffffff [0103.186] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9c0 | out: TokenHandle=0x2de9c0*=0x40) returned 1 [0103.208] CloseHandle (hObject=0x40) returned 1 [0103.209] GetCurrentProcess () returned 0xffffffff [0103.209] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9d8 | out: TokenHandle=0x2de9d8*=0x40) returned 1 [0103.210] CloseHandle (hObject=0x40) returned 1 [0103.224] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x40 [0103.225] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1f8 [0103.229] GetCurrentProcess () returned 0xffffffff [0103.230] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9e0 | out: TokenHandle=0x2de9e0*=0x238) returned 1 [0103.233] CloseHandle (hObject=0x238) returned 1 [0103.233] GetCurrentProcess () returned 0xffffffff [0103.233] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9f8 | out: TokenHandle=0x2de9f8*=0x238) returned 1 [0103.234] CloseHandle (hObject=0x238) returned 1 [0103.239] GetCurrentProcess () returned 0xffffffff [0103.239] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9e8 | out: TokenHandle=0x2de9e8*=0x238) returned 1 [0103.245] CloseHandle (hObject=0x238) returned 1 [0103.245] GetCurrentProcess () returned 0xffffffff [0103.245] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dea00 | out: TokenHandle=0x2dea00*=0x238) returned 1 [0103.245] CloseHandle (hObject=0x238) returned 1 [0103.264] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dded4 | out: phkResult=0x2dded4*=0x238) returned 0x0 [0103.265] RegQueryValueExW (in: hKey=0x238, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2ddef4, lpData=0x0, lpcbData=0x2ddef0*=0x0 | out: lpType=0x2ddef4*=0x1, lpData=0x0, lpcbData=0x2ddef0*=0xe) returned 0x0 [0103.266] RegQueryValueExW (in: hKey=0x238, lpValueName="InstallationType", lpReserved=0x0, lpType=0x2ddef4, lpData=0x25b14b8, lpcbData=0x2ddef0*=0xe | out: lpType=0x2ddef4*=0x1, lpData="Client", lpcbData=0x2ddef0*=0xe) returned 0x0 [0103.266] RegCloseKey (hKey=0x238) returned 0x0 [0103.270] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec9c | out: phkResult=0x2dec9c*=0x238) returned 0x0 [0103.270] RegQueryValueExW (in: hKey=0x238, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x2decb8, lpData=0x0, lpcbData=0x2decb4*=0x0 | out: lpType=0x2decb8*=0x0, lpData=0x0, lpcbData=0x2decb4*=0x0) returned 0x2 [0103.270] RegCloseKey (hKey=0x238) returned 0x0 [0103.275] GetCurrentProcessId () returned 0xf24 [0103.280] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x2de53c | out: lpLuid=0x2de53c*(LowPart=0x14, HighPart=0)) returned 1 [0103.284] GetCurrentProcess () returned 0xffffffff [0103.285] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x2de538 | out: TokenHandle=0x2de538*=0x234) returned 1 [0103.285] AdjustTokenPrivileges (in: TokenHandle=0x234, DisableAllPrivileges=0, NewState=0x25b252c*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0103.285] CloseHandle (hObject=0x234) returned 1 [0103.287] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.295] EnumProcessModules (in: hProcess=0x234, lphModule=0x25b2570, cb=0x100, lpcbNeeded=0x2deca8 | out: lphModule=0x25b2570, lpcbNeeded=0x2deca8) returned 1 [0103.297] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25b26b0, cb=0xc | out: lpmodinfo=0x25b26b0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.299] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.299] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.300] CoTaskMemFree (pv=0x3c0078) [0103.301] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.301] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.302] CoTaskMemFree (pv=0x3c0078) [0103.302] CloseHandle (hObject=0x234) returned 1 [0103.303] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.303] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x0) returned 0x2 [0103.304] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.304] RegQueryValueExW (in: hKey=0x234, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.304] RegCloseKey (hKey=0x234) returned 0x0 [0103.304] GetCurrentProcessId () returned 0xf24 [0103.305] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.305] EnumProcessModules (in: hProcess=0x234, lphModule=0x25b5138, cb=0x100, lpcbNeeded=0x2deca8 | out: lphModule=0x25b5138, lpcbNeeded=0x2deca8) returned 1 [0103.306] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25b5278, cb=0xc | out: lpmodinfo=0x25b5278*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.306] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.306] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.306] CoTaskMemFree (pv=0x3c0078) [0103.306] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.306] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.306] CoTaskMemFree (pv=0x3c0078) [0103.306] CloseHandle (hObject=0x234) returned 1 [0103.307] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x0) returned 0x2 [0103.307] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.308] RegQueryValueExW (in: hKey=0x234, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.308] RegCloseKey (hKey=0x234) returned 0x0 [0103.308] GetCurrentProcessId () returned 0xf24 [0103.308] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.308] EnumProcessModules (in: hProcess=0x234, lphModule=0x25b7bd8, cb=0x100, lpcbNeeded=0x2deca8 | out: lphModule=0x25b7bd8, lpcbNeeded=0x2deca8) returned 1 [0103.309] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25b7d18, cb=0xc | out: lpmodinfo=0x25b7d18*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.309] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.309] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.310] CoTaskMemFree (pv=0x3c0078) [0103.310] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.310] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.310] CoTaskMemFree (pv=0x3c0078) [0103.310] CloseHandle (hObject=0x234) returned 1 [0103.310] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x0) returned 0x2 [0103.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.311] RegQueryValueExW (in: hKey=0x234, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.311] RegCloseKey (hKey=0x234) returned 0x0 [0103.312] GetCurrentProcessId () returned 0xf24 [0103.312] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.312] EnumProcessModules (in: hProcess=0x234, lphModule=0x25ba664, cb=0x100, lpcbNeeded=0x2deca8 | out: lphModule=0x25ba664, lpcbNeeded=0x2deca8) returned 1 [0103.313] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25ba7a4, cb=0xc | out: lpmodinfo=0x25ba7a4*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.313] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.313] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.313] CoTaskMemFree (pv=0x3c0078) [0103.313] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.313] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.314] CoTaskMemFree (pv=0x3c0078) [0103.314] CloseHandle (hObject=0x234) returned 1 [0103.314] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.314] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x0) returned 0x2 [0103.315] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.315] RegQueryValueExW (in: hKey=0x234, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.315] RegCloseKey (hKey=0x234) returned 0x0 [0103.315] GetCurrentProcessId () returned 0xf24 [0103.315] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.315] EnumProcessModules (in: hProcess=0x234, lphModule=0x25bd064, cb=0x100, lpcbNeeded=0x2deca8 | out: lphModule=0x25bd064, lpcbNeeded=0x2deca8) returned 1 [0103.316] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25bd1a4, cb=0xc | out: lpmodinfo=0x25bd1a4*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.317] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.317] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.317] CoTaskMemFree (pv=0x3c0078) [0103.317] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.317] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.318] CoTaskMemFree (pv=0x3c0078) [0103.318] CloseHandle (hObject=0x234) returned 1 [0103.318] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.318] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x0) returned 0x2 [0103.319] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.319] RegQueryValueExW (in: hKey=0x234, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.319] RegCloseKey (hKey=0x234) returned 0x0 [0103.319] GetCurrentProcessId () returned 0xf24 [0103.319] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.320] EnumProcessModules (in: hProcess=0x234, lphModule=0x25bfa48, cb=0x100, lpcbNeeded=0x2deca8 | out: lphModule=0x25bfa48, lpcbNeeded=0x2deca8) returned 1 [0103.320] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25bfb88, cb=0xc | out: lpmodinfo=0x25bfb88*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.321] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.321] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.321] CoTaskMemFree (pv=0x3c0078) [0103.321] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.321] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.321] CoTaskMemFree (pv=0x3c0078) [0103.321] CloseHandle (hObject=0x234) returned 1 [0103.322] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.322] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x0) returned 0x2 [0103.323] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.323] RegQueryValueExW (in: hKey=0x234, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.323] RegCloseKey (hKey=0x234) returned 0x0 [0103.331] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.331] RegQueryValueExW (in: hKey=0x234, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.331] RegCloseKey (hKey=0x234) returned 0x0 [0103.332] GetCurrentProcessId () returned 0xf24 [0103.332] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.332] EnumProcessModules (in: hProcess=0x234, lphModule=0x25c33e4, cb=0x100, lpcbNeeded=0x2deca4 | out: lphModule=0x25c33e4, lpcbNeeded=0x2deca4) returned 1 [0103.333] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25c3524, cb=0xc | out: lpmodinfo=0x25c3524*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.334] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.334] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.334] CoTaskMemFree (pv=0x3c0078) [0103.334] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.334] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.334] CoTaskMemFree (pv=0x3c0078) [0103.334] CloseHandle (hObject=0x234) returned 1 [0103.335] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec9c | out: phkResult=0x2dec9c*=0x0) returned 0x2 [0103.335] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec9c | out: phkResult=0x2dec9c*=0x234) returned 0x0 [0103.336] RegQueryValueExW (in: hKey=0x234, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x2decb8, lpData=0x0, lpcbData=0x2decb4*=0x0 | out: lpType=0x2decb8*=0x0, lpData=0x0, lpcbData=0x2decb4*=0x0) returned 0x2 [0103.336] RegCloseKey (hKey=0x234) returned 0x0 [0103.336] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2deca0 | out: phkResult=0x2deca0*=0x234) returned 0x0 [0103.336] RegQueryValueExW (in: hKey=0x234, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x2decbc, lpData=0x0, lpcbData=0x2decb8*=0x0 | out: lpType=0x2decbc*=0x0, lpData=0x0, lpcbData=0x2decb8*=0x0) returned 0x2 [0103.337] RegCloseKey (hKey=0x234) returned 0x0 [0103.337] GetCurrentProcessId () returned 0xf24 [0103.338] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.338] EnumProcessModules (in: hProcess=0x234, lphModule=0x25c61b8, cb=0x100, lpcbNeeded=0x2deca4 | out: lphModule=0x25c61b8, lpcbNeeded=0x2deca4) returned 1 [0103.339] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25c62f8, cb=0xc | out: lpmodinfo=0x25c62f8*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.339] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.339] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.339] CoTaskMemFree (pv=0x3c0078) [0103.339] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.339] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.339] CoTaskMemFree (pv=0x3c0078) [0103.340] CloseHandle (hObject=0x234) returned 1 [0103.340] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.340] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec9c | out: phkResult=0x2dec9c*=0x0) returned 0x2 [0103.340] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec9c | out: phkResult=0x2dec9c*=0x234) returned 0x0 [0103.340] RegQueryValueExW (in: hKey=0x234, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x2decb8, lpData=0x0, lpcbData=0x2decb4*=0x0 | out: lpType=0x2decb8*=0x0, lpData=0x0, lpcbData=0x2decb4*=0x0) returned 0x2 [0103.341] RegCloseKey (hKey=0x234) returned 0x0 [0103.342] GetCurrentProcessId () returned 0xf24 [0103.342] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x234 [0103.342] EnumProcessModules (in: hProcess=0x234, lphModule=0x25c8bb0, cb=0x100, lpcbNeeded=0x2deca4 | out: lphModule=0x25c8bb0, lpcbNeeded=0x2deca4) returned 1 [0103.343] GetModuleInformation (in: hProcess=0x234, hModule=0x10b0000, lpmodinfo=0x25c8cf0, cb=0xc | out: lpmodinfo=0x25c8cf0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0103.343] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.343] GetModuleBaseNameW (in: hProcess=0x234, hModule=0x10b0000, lpBaseName=0x3c0078, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0103.343] CoTaskMemFree (pv=0x3c0078) [0103.343] CoTaskMemAlloc (cb=0x804) returned 0x3c0078 [0103.343] GetModuleFileNameExW (in: hProcess=0x234, hModule=0x10b0000, lpFilename=0x3c0078, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0103.344] CoTaskMemFree (pv=0x3c0078) [0103.344] CloseHandle (hObject=0x234) returned 1 [0103.344] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0103.344] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec9c | out: phkResult=0x2dec9c*=0x0) returned 0x2 [0103.345] QueryPerformanceFrequency (in: lpFrequency=0xb53d8 | out: lpFrequency=0xb53d8*=100000000) returned 1 [0103.346] QueryPerformanceCounter (in: lpPerformanceCount=0x2deda8 | out: lpPerformanceCount=0x2deda8*=1632268629860) returned 1 [0103.351] GetCurrentProcess () returned 0xffffffff [0103.352] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9bc | out: TokenHandle=0x2de9bc*=0x234) returned 1 [0103.355] CloseHandle (hObject=0x234) returned 1 [0103.355] GetCurrentProcess () returned 0xffffffff [0103.355] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de9d4 | out: TokenHandle=0x2de9d4*=0x234) returned 1 [0103.356] CloseHandle (hObject=0x234) returned 1 [0103.360] GetCurrentProcess () returned 0xffffffff [0103.360] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dec8c | out: TokenHandle=0x2dec8c*=0x234) returned 1 [0103.379] CoTaskMemAlloc (cb=0xcc0) returned 0x3c2478 [0103.379] RasEnumConnectionsW (in: param_1=0x3c2478, param_2=0x2dec9c, param_3=0x2deca0 | out: param_1=0x3c2478, param_2=0x2dec9c, param_3=0x2deca0) returned 0x0 [0103.392] CoTaskMemFree (pv=0x3c2478) [0103.399] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x2dea84 | out: lpWSAData=0x2dea84) returned 0 [0103.408] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x280 [0103.418] setsockopt (s=0x280, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0103.418] closesocket (s=0x280) returned 0 [0103.418] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x280 [0103.438] setsockopt (s=0x280, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0103.438] closesocket (s=0x280) returned 0 [0103.438] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x280 [0103.439] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x284 [0103.440] ioctlsocket (in: s=0x280, cmd=-2147195266, argp=0x2deca4 | out: argp=0x2deca4) returned 0 [0103.440] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x288 [0103.441] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x28c [0103.441] ioctlsocket (in: s=0x288, cmd=-2147195266, argp=0x2deca4 | out: argp=0x2deca4) returned 0 [0103.442] WSAIoctl (in: s=0x280, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2dec8c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2dec8c, lpOverlapped=0x0) returned -1 [0103.443] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2de9bc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0103.714] WSAEventSelect (s=0x280, hEventObject=0x284, lNetworkEvents=512) returned 0 [0103.714] WSAIoctl (in: s=0x288, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2dec8c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2dec8c, lpOverlapped=0x0) returned -1 [0103.714] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2de9bc, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0103.714] WSAEventSelect (s=0x288, hEventObject=0x28c, lNetworkEvents=512) returned 0 [0103.715] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x294 [0103.715] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x294, param_3=0x3) returned 0x0 [0103.721] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x2decb8 | out: phkResult=0x2decb8*=0x2ac) returned 0x0 [0103.721] RegOpenKeyExW (in: hKey=0x2ac, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec6c | out: phkResult=0x2dec6c*=0x2b0) returned 0x0 [0103.722] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0103.722] RegNotifyChangeKeyValue (hKey=0x2b0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2b4, fAsynchronous=1) returned 0x0 [0103.723] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec70 | out: phkResult=0x2dec70*=0x2b8) returned 0x0 [0103.724] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2bc [0103.724] RegNotifyChangeKeyValue (hKey=0x2b8, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2bc, fAsynchronous=1) returned 0x0 [0103.724] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dec70 | out: phkResult=0x2dec70*=0x2c0) returned 0x0 [0103.724] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c4 [0103.724] RegNotifyChangeKeyValue (hKey=0x2c0, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x2c4, fAsynchronous=1) returned 0x0 [0103.725] GetCurrentProcess () returned 0xffffffff [0103.725] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dec60 | out: TokenHandle=0x2dec60*=0x2c8) returned 1 [0103.729] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de568 | out: phkResult=0x2de568*=0x2cc) returned 0x0 [0103.729] RegQueryValueExW (in: hKey=0x2cc, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x2de584, lpData=0x0, lpcbData=0x2de580*=0x0 | out: lpType=0x2de584*=0x0, lpData=0x0, lpcbData=0x2de580*=0x0) returned 0x2 [0103.729] RegCloseKey (hKey=0x2cc) returned 0x0 [0103.749] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x3c6ec0 [0103.772] WinHttpSetTimeouts (hInternet=0x3c6ec0, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0103.772] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x2dec6c | out: pProxyConfig=0x2dec6c) returned 1 [0103.801] CloseHandle (hObject=0x234) returned 1 [0103.806] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x2de4c0, nSize=0x90 | out: lpBuffer="") returned 0x0 [0103.806] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x2de4c0, nSize=0x90 | out: lpBuffer="") returned 0x0 [0103.816] EtwEventRegister () returned 0x0 [0103.836] EtwEventRegister () returned 0x0 [0103.861] GetCurrentProcess () returned 0xffffffff [0103.861] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de984 | out: TokenHandle=0x2de984*=0x31c) returned 1 [0103.870] CloseHandle (hObject=0x31c) returned 1 [0103.871] GetCurrentProcess () returned 0xffffffff [0103.871] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de99c | out: TokenHandle=0x2de99c*=0x31c) returned 1 [0103.872] CloseHandle (hObject=0x31c) returned 1 [0103.877] SetEvent (hEvent=0x40) returned 1 [0103.893] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2debc8*=0x294, lpdwindex=0x2de9ec | out: lpdwindex=0x2de9ec) returned 0x80010115 [0103.923] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2deba8*=0x284, lpdwindex=0x2de9cc | out: lpdwindex=0x2de9cc) returned 0x80010115 [0103.923] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2deba8*=0x28c, lpdwindex=0x2de9cc | out: lpdwindex=0x2de9cc) returned 0x80010115 [0103.923] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2debfc*=0x2b4, lpdwindex=0x2dea20 | out: lpdwindex=0x2dea20) returned 0x80010115 [0103.923] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2debfc*=0x2bc, lpdwindex=0x2dea20 | out: lpdwindex=0x2dea20) returned 0x80010115 [0103.924] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x2debfc*=0x2c4, lpdwindex=0x2dea20 | out: lpdwindex=0x2dea20) returned 0x80010115 [0103.929] GetCurrentProcess () returned 0xffffffff [0103.929] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de904 | out: TokenHandle=0x2de904*=0x350) returned 1 [0103.930] CloseHandle (hObject=0x350) returned 1 [0103.931] GetCurrentProcess () returned 0xffffffff [0103.931] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de91c | out: TokenHandle=0x2de91c*=0x350) returned 1 [0103.931] CloseHandle (hObject=0x350) returned 1 [0103.934] GetTimeZoneInformation (in: lpTimeZoneInformation=0x2deacc | out: lpTimeZoneInformation=0x2deacc) returned 0x2 [0103.950] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x2de928 | out: pTimeZoneInformation=0x2de928) returned 0x2 [0103.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dea0c | out: phkResult=0x2dea0c*=0x350) returned 0x0 [0103.953] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x2dea28, lpData=0x0, lpcbData=0x2dea24*=0x0 | out: lpType=0x2dea28*=0x3, lpData=0x0, lpcbData=0x2dea24*=0x2c) returned 0x0 [0103.953] RegQueryValueExW (in: hKey=0x350, lpValueName="TZI", lpReserved=0x0, lpType=0x2dea28, lpData=0x25d5edc, lpcbData=0x2dea24*=0x2c | out: lpType=0x2dea28*=0x3, lpData=0x25d5edc*, lpcbData=0x2dea24*=0x2c) returned 0x0 [0103.954] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x2de860 | out: phkResult=0x2de860*=0x0) returned 0x2 [0103.955] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x2dea00, lpData=0x0, lpcbData=0x2de9fc*=0x0 | out: lpType=0x2dea00*=0x1, lpData=0x0, lpcbData=0x2de9fc*=0x20) returned 0x0 [0103.955] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x2dea00, lpData=0x25d630c, lpcbData=0x2de9fc*=0x20 | out: lpType=0x2dea00*=0x1, lpData="@tzres.dll,-320", lpcbData=0x2de9fc*=0x20) returned 0x0 [0103.955] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x2dea00, lpData=0x0, lpcbData=0x2de9fc*=0x0 | out: lpType=0x2dea00*=0x1, lpData=0x0, lpcbData=0x2de9fc*=0x20) returned 0x0 [0103.955] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x2dea00, lpData=0x25d6364, lpcbData=0x2de9fc*=0x20 | out: lpType=0x2dea00*=0x1, lpData="@tzres.dll,-322", lpcbData=0x2de9fc*=0x20) returned 0x0 [0103.955] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x2dea00, lpData=0x0, lpcbData=0x2de9fc*=0x0 | out: lpType=0x2dea00*=0x1, lpData=0x0, lpcbData=0x2de9fc*=0x20) returned 0x0 [0103.955] RegQueryValueExW (in: hKey=0x350, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x2dea00, lpData=0x25d63bc, lpcbData=0x2de9fc*=0x20 | out: lpType=0x2dea00*=0x1, lpData="@tzres.dll,-321", lpcbData=0x2de9fc*=0x20) returned 0x0 [0103.962] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0103.962] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x3e3da8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0103.963] CoTaskMemFree (pv=0x3e3da8) [0103.963] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0103.963] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x2dea1c, pwszFileMUIPath=0x3e3da8, pcchFileMUIPath=0x2dea20, pululEnumerator=0x2dea14 | out: pwszLanguage=0x0, pcchLanguage=0x2dea1c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x2dea20, pululEnumerator=0x2dea14) returned 1 [0103.966] CoTaskMemFree (pv=0x0) [0103.966] CoTaskMemFree (pv=0x3e3da8) [0103.967] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x320001 [0103.970] CoTaskMemAlloc (cb=0x3ec) returned 0x3e3da8 [0103.970] LoadStringW (in: hInstance=0x320001, uID=0x140, lpBuffer=0x3e3da8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0103.970] CoTaskMemFree (pv=0x3e3da8) [0103.970] FreeLibrary (hLibModule=0x320001) returned 1 [0103.971] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0103.971] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x3e3da8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0103.971] CoTaskMemFree (pv=0x3e3da8) [0103.971] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0103.971] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x2dea1c, pwszFileMUIPath=0x3e3da8, pcchFileMUIPath=0x2dea20, pululEnumerator=0x2dea14 | out: pwszLanguage=0x0, pcchLanguage=0x2dea1c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x2dea20, pululEnumerator=0x2dea14) returned 1 [0103.973] CoTaskMemFree (pv=0x0) [0103.973] CoTaskMemFree (pv=0x3e3da8) [0103.974] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x320001 [0103.977] CoTaskMemAlloc (cb=0x3ec) returned 0x3e3da8 [0103.977] LoadStringW (in: hInstance=0x320001, uID=0x142, lpBuffer=0x3e3da8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0103.977] CoTaskMemFree (pv=0x3e3da8) [0103.977] FreeLibrary (hLibModule=0x320001) returned 1 [0103.978] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0103.978] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x3e3da8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0103.978] CoTaskMemFree (pv=0x3e3da8) [0103.978] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0103.978] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x2dea1c, pwszFileMUIPath=0x3e3da8, pcchFileMUIPath=0x2dea20, pululEnumerator=0x2dea14 | out: pwszLanguage=0x0, pcchLanguage=0x2dea1c, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x2dea20, pululEnumerator=0x2dea14) returned 1 [0103.981] CoTaskMemFree (pv=0x0) [0103.981] CoTaskMemFree (pv=0x3e3da8) [0103.982] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x320001 [0103.985] CoTaskMemAlloc (cb=0x3ec) returned 0x3e3da8 [0103.985] LoadStringW (in: hInstance=0x320001, uID=0x141, lpBuffer=0x3e3da8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0103.985] CoTaskMemFree (pv=0x3e3da8) [0103.985] FreeLibrary (hLibModule=0x320001) returned 1 [0103.986] RegCloseKey (hKey=0x350) returned 0x0 [0103.987] SetEvent (hEvent=0x40) returned 1 [0104.000] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x2dec28 | out: pFixedInfo=0x0, pOutBufLen=0x2dec28) returned 0x6f [0104.026] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x3e3da8 [0104.026] GetNetworkParams (in: pFixedInfo=0x3e3da8, pOutBufLen=0x2dec28 | out: pFixedInfo=0x3e3da8, pOutBufLen=0x2dec28) returned 0x0 [0104.042] LocalFree (hMem=0x3e3da8) returned 0x0 [0104.044] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0104.044] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x3e3da8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0104.045] CoTaskMemFree (pv=0x3e3da8) [0104.045] CoTaskMemAlloc (cb=0x20c) returned 0x3e3da8 [0104.045] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x3e3da8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0104.045] CoTaskMemFree (pv=0x3e3da8) [0104.052] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x364 [0104.053] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x360 [0104.055] GetAddrInfoW (in: pNodeName="www.google.com", pServiceName=0x0, pHints=0x2deb04*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x2deaac | out: ppResult=0x2deaac*=0x3db140*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x3d82a0*(sa_family=2, sin_port=0x0, sin_addr="142.250.186.36"), ai_next=0x0)) returned 0 [0104.110] FreeAddrInfoW (pAddrInfo=0x3db140*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="www.google.com", ai_addr=0x3d82a0*(sa_family=2, sin_port=0x0, sin_addr="142.250.186.36"), ai_next=0x0)) [0104.112] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x36c [0104.112] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x374 [0104.112] ioctlsocket (in: s=0x36c, cmd=-2147195266, argp=0x2deadc | out: argp=0x2deadc) returned 0 [0104.120] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x378 [0104.121] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0104.121] ioctlsocket (in: s=0x378, cmd=-2147195266, argp=0x2deadc | out: argp=0x2deadc) returned 0 [0104.121] WSAIoctl (in: s=0x36c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2deac4, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2deac4, lpOverlapped=0x0) returned -1 [0104.121] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2de7f4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0104.121] WSAEventSelect (s=0x36c, hEventObject=0x374, lNetworkEvents=512) returned 0 [0104.121] WSAIoctl (in: s=0x378, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x2deac4, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x2deac4, lpOverlapped=0x0) returned -1 [0104.121] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x2de7f4, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0104.121] WSAEventSelect (s=0x378, hEventObject=0x37c, lNetworkEvents=512) returned 0 [0104.122] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x2deac0*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x2deac0*=0x7ec) returned 0x6f [0104.141] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x3e95a0 [0104.141] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x3e95a0, SizePointer=0x2deac0*=0x7ec | out: AdapterAddresses=0x3e95a0*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x3e986c, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x3e97e0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x7, [2]=0x7d, [3]=0xd7, [4]=0x58, [5]=0x38, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x3e9718*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x2deac0*=0x7ec) returned 0x0 [0104.158] LocalFree (hMem=0x3e95a0) returned 0x0 [0104.162] WSAConnect (in: s=0x364, name=0x25e1f60*(sa_family=2, sin_port=0x1bb, sin_addr="142.250.186.36"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0104.186] closesocket (s=0x360) returned 0 [0104.210] EnumerateSecurityPackagesW (in: pcPackages=0x2dea30, ppPackageInfo=0x2de9c4 | out: pcPackages=0x2dea30, ppPackageInfo=0x2de9c4) returned 0x0 [0104.215] FreeContextBuffer (in: pvContextBuffer=0x3e65a8 | out: pvContextBuffer=0x3e65a8) returned 0x0 [0104.222] GetCurrentProcess () returned 0xffffffff [0104.223] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2de7ec | out: TokenHandle=0x2de7ec*=0x360) returned 1 [0104.225] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x25e31e8, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x2de840, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x25e4878, ptsExpiry=0x2de7c4 | out: phCredential=0x25e4878, ptsExpiry=0x2de7c4) returned 0x0 [0104.239] CloseHandle (hObject=0x360) returned 1 [0104.242] InitializeSecurityContextW (in: phCredential=0x2de810, phContext=0x0, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e4a14, pfContextAttr=0x25e31ac, ptsExpiry=0x2de808 | out: phNewContext=0x25e4a7c, pOutput=0x25e4a14, pfContextAttr=0x25e31ac, ptsExpiry=0x2de808) returned 0x90312 [0104.243] FreeContextBuffer (in: pvContextBuffer=0x3e6770 | out: pvContextBuffer=0x3e6770) returned 0x0 [0104.246] send (s=0x364, buf=0x25e4a90*, len=152, flags=0) returned 152 [0104.247] recv (in: s=0x364, buf=0x25e4a90, len=5, flags=0 | out: buf=0x25e4a90*) returned 5 [0104.283] recv (in: s=0x364, buf=0x25e4a95, len=87, flags=0 | out: buf=0x25e4a95*) returned 87 [0104.284] InitializeSecurityContextW (in: phCredential=0x2de76c, phContext=0x2de75c, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e4ce8, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e4cfc, pfContextAttr=0x25e31ac, ptsExpiry=0x2de764 | out: phNewContext=0x25e4a7c, pOutput=0x25e4cfc, pfContextAttr=0x25e31ac, ptsExpiry=0x2de764) returned 0x90312 [0104.285] recv (in: s=0x364, buf=0x25e4d8c, len=5, flags=0 | out: buf=0x25e4d8c*) returned 5 [0104.285] recv (in: s=0x364, buf=0x25e4da5, len=3995, flags=0 | out: buf=0x25e4da5*) returned 3995 [0104.286] InitializeSecurityContextW (in: phCredential=0x2de6cc, phContext=0x2de6bc, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e5db0, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e5dc4, pfContextAttr=0x25e31ac, ptsExpiry=0x2de6c4 | out: phNewContext=0x25e4a7c, pOutput=0x25e5dc4, pfContextAttr=0x25e31ac, ptsExpiry=0x2de6c4) returned 0x90312 [0104.288] recv (in: s=0x364, buf=0x25e5e54, len=5, flags=0 | out: buf=0x25e5e54*) returned 5 [0104.288] recv (in: s=0x364, buf=0x25e5e6d, len=148, flags=0 | out: buf=0x25e5e6d*) returned 148 [0104.289] InitializeSecurityContextW (in: phCredential=0x2de62c, phContext=0x2de61c, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e5f74, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e5f88, pfContextAttr=0x25e31ac, ptsExpiry=0x2de624 | out: phNewContext=0x25e4a7c, pOutput=0x25e5f88, pfContextAttr=0x25e31ac, ptsExpiry=0x2de624) returned 0x90312 [0104.289] recv (in: s=0x364, buf=0x25e6024, len=5, flags=0 | out: buf=0x25e6024*) returned 5 [0104.289] recv (in: s=0x364, buf=0x25e603d, len=4, flags=0 | out: buf=0x25e603d*) returned 4 [0104.289] InitializeSecurityContextW (in: phCredential=0x2de58c, phContext=0x2de57c, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e60b4, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e60c8, pfContextAttr=0x25e31ac, ptsExpiry=0x2de584 | out: phNewContext=0x25e4a7c, pOutput=0x25e60c8, pfContextAttr=0x25e31ac, ptsExpiry=0x2de584) returned 0x90312 [0104.301] FreeContextBuffer (in: pvContextBuffer=0x39fb40 | out: pvContextBuffer=0x39fb40) returned 0x0 [0104.301] send (s=0x364, buf=0x25e6144*, len=126, flags=0) returned 126 [0104.301] recv (in: s=0x364, buf=0x25e6144, len=5, flags=0 | out: buf=0x25e6144*) returned 5 [0104.318] recv (in: s=0x364, buf=0x25e6149, len=1, flags=0 | out: buf=0x25e6149*) returned 1 [0104.318] InitializeSecurityContextW (in: phCredential=0x2de4ec, phContext=0x2de4dc, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e6248, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e625c, pfContextAttr=0x25e31ac, ptsExpiry=0x2de4e4 | out: phNewContext=0x25e4a7c, pOutput=0x25e625c, pfContextAttr=0x25e31ac, ptsExpiry=0x2de4e4) returned 0x90312 [0104.319] recv (in: s=0x364, buf=0x25e62ec, len=5, flags=0 | out: buf=0x25e62ec*) returned 5 [0104.319] recv (in: s=0x364, buf=0x25e6305, len=40, flags=0 | out: buf=0x25e6305*) returned 40 [0104.319] InitializeSecurityContextW (in: phCredential=0x2de44c, phContext=0x2de43c, pTargetName=0x25e2060, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x25e63a0, Reserved2=0x0, phNewContext=0x25e4a7c, pOutput=0x25e63b4, pfContextAttr=0x25e31ac, ptsExpiry=0x2de444 | out: phNewContext=0x25e4a7c, pOutput=0x25e63b4, pfContextAttr=0x25e31ac, ptsExpiry=0x2de444) returned 0x0 [0104.335] QueryContextAttributesW (in: phContext=0x25e4a7c, ulAttribute=0x4, pBuffer=0x25e6460 | out: pBuffer=0x25e6460) returned 0x0 [0104.336] QueryContextAttributesW (in: phContext=0x25e4a7c, ulAttribute=0x5a, pBuffer=0x25e64b8 | out: pBuffer=0x25e64b8) returned 0x0 [0104.342] QueryContextAttributesW (in: phContext=0x25e4a7c, ulAttribute=0x53, pBuffer=0x25e6564 | out: pBuffer=0x25e6564) returned 0x0 [0104.351] CertDuplicateCRLContext (pCrlContext=0x3ebfe8) returned 0x3ebfe8 [0104.352] CertDuplicateStore (hCertStore=0x3aeab8) returned 0x3aeab8 [0104.352] CertEnumCertificatesInStore (hCertStore=0x3aeab8, pPrevCertContext=0x0) returned 0x3ec088 [0104.353] CertDuplicateCRLContext (pCrlContext=0x3ec088) returned 0x3ec088 [0104.354] CertEnumCertificatesInStore (hCertStore=0x3aeab8, pPrevCertContext=0x3ec088) returned 0x3ec038 [0104.354] CertDuplicateCRLContext (pCrlContext=0x3ec038) returned 0x3ec038 [0104.354] CertEnumCertificatesInStore (hCertStore=0x3aeab8, pPrevCertContext=0x3ec038) returned 0x3ebfe8 [0104.355] CertDuplicateCRLContext (pCrlContext=0x3ebfe8) returned 0x3ebfe8 [0104.355] CertEnumCertificatesInStore (hCertStore=0x3aeab8, pPrevCertContext=0x3ebfe8) returned 0x0 [0104.355] CertCloseStore (hCertStore=0x3aeab8, dwFlags=0x0) returned 1 [0104.355] CertFreeCRLContext (pCrlContext=0x3ebfe8) returned 1 [0104.375] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x3a5570 [0104.376] CertAddCRLLinkToStore (in: hCertStore=0x3a5570, pCrlContext=0x3ec088, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0104.377] CertAddCRLLinkToStore (in: hCertStore=0x3a5570, pCrlContext=0x3ec038, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0104.391] CertAddCRLLinkToStore (in: hCertStore=0x3a5570, pCrlContext=0x3ebfe8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0104.400] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3bdad8 [0104.410] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x3ebfe8, pTime=0x2de458, hAdditionalStore=0x3a5570, pChainPara=0x2de398, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x2de38c | out: ppChainContext=0x2de38c) returned 1 [0104.840] LocalFree (hMem=0x3bdad8) returned 0x0 [0104.842] CertDuplicateCertificateChain (pChainContext=0x58f8808) returned 0x58f8808 [0104.844] CertDuplicateCRLContext (pCrlContext=0x3ebfe8) returned 0x3ebfe8 [0104.844] CertDuplicateCRLContext (pCrlContext=0x591ca38) returned 0x591ca38 [0104.845] CertDuplicateCRLContext (pCrlContext=0x591cad8) returned 0x591cad8 [0104.845] CertDuplicateCRLContext (pCrlContext=0x591cb28) returned 0x591cb28 [0104.846] CertFreeCertificateChain (pChainContext=0x58f8808) [0104.846] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x58f8808, pPolicyPara=0x2de538, pPolicyStatus=0x2de524 | out: pPolicyStatus=0x2de524) returned 1 [0104.847] SetLastError (dwErrCode=0x0) [0104.850] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x58f8808, pPolicyPara=0x2de598, pPolicyStatus=0x2de54c | out: pPolicyStatus=0x2de54c) returned 1 [0104.853] CertFreeCertificateChain (pChainContext=0x58f8808) [0104.853] CertFreeCRLContext (pCrlContext=0x3ebfe8) returned 1 [0104.859] CoTaskMemAlloc (cb=0x20c) returned 0x59307e0 [0104.859] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x59307e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0104.859] CoTaskMemFree (pv=0x59307e0) [0104.859] CoTaskMemAlloc (cb=0x20c) returned 0x59307e0 [0104.859] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x59307e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0104.859] CoTaskMemFree (pv=0x59307e0) [0104.859] CoTaskMemAlloc (cb=0x20c) returned 0x59307e0 [0104.859] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x59307e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0104.859] CoTaskMemFree (pv=0x59307e0) [0104.859] CoTaskMemAlloc (cb=0x20c) returned 0x59307e0 [0104.859] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x59307e0, nSize=0x104 | out: lpBuffer="") returned 0x0 [0104.859] CoTaskMemFree (pv=0x59307e0) [0104.861] EncryptMessage (in: phContext=0x25e4a7c, fQOP=0x0, pMessage=0x25ee84c, MessageSeqNo=0x0 | out: pMessage=0x25ee84c) returned 0x0 [0104.863] send (s=0x364, buf=0x25ed324*, len=93, flags=0) returned 93 [0104.868] setsockopt (s=0x364, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0104.871] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.939] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.941] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x25fec4c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x25fec4c, pfQOP=0x0) returned 0x0 [0104.973] GetCurrentProcess () returned 0xffffffff [0104.973] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dea04 | out: TokenHandle=0x2dea04*=0x554) returned 1 [0104.974] CloseHandle (hObject=0x554) returned 1 [0104.974] GetCurrentProcess () returned 0xffffffff [0104.975] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x2dea1c | out: TokenHandle=0x2dea1c*=0x554) returned 1 [0104.976] CloseHandle (hObject=0x554) returned 1 [0104.977] setsockopt (s=0x364, level=65535, optname=4102, optval="ô\x01", optlen=4) returned 0 [0104.977] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded9c | out: lpPerformanceCount=0x2ded9c*=1632431799083) returned 1 [0104.977] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632431813130) returned 1 [0104.978] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.978] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.979] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26033dc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26033dc, pfQOP=0x0) returned 0x0 [0104.979] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632431955813) returned 1 [0104.979] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.979] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.979] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26034fc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26034fc, pfQOP=0x0) returned 0x0 [0104.979] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432014157) returned 1 [0104.979] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.980] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.980] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x260361c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260361c, pfQOP=0x0) returned 0x0 [0104.980] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432042532) returned 1 [0104.980] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.980] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.980] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x260373c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260373c, pfQOP=0x0) returned 0x0 [0104.980] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432070630) returned 1 [0104.980] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.980] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.980] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x260385c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260385c, pfQOP=0x0) returned 0x0 [0104.980] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432120231) returned 1 [0104.981] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.981] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.981] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x260397c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x260397c, pfQOP=0x0) returned 0x0 [0104.981] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432148895) returned 1 [0104.981] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.981] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.981] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2603a9c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2603a9c, pfQOP=0x0) returned 0x0 [0104.981] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432176307) returned 1 [0104.981] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.981] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.981] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2603bbc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2603bbc, pfQOP=0x0) returned 0x0 [0104.981] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432203173) returned 1 [0104.981] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.981] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.982] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2603cdc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2603cdc, pfQOP=0x0) returned 0x0 [0104.982] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432229366) returned 1 [0104.982] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.982] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.982] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2603dfc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2603dfc, pfQOP=0x0) returned 0x0 [0104.982] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432256268) returned 1 [0104.982] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.982] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.982] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2603f1c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2603f1c, pfQOP=0x0) returned 0x0 [0104.982] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432282241) returned 1 [0104.982] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.982] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.982] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604048, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604048, pfQOP=0x0) returned 0x0 [0104.983] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432327914) returned 1 [0104.983] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.983] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.983] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604168, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604168, pfQOP=0x0) returned 0x0 [0104.983] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432354585) returned 1 [0104.983] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.983] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.983] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604288, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604288, pfQOP=0x0) returned 0x0 [0104.983] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432381836) returned 1 [0104.983] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.983] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.983] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26043a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26043a8, pfQOP=0x0) returned 0x0 [0104.983] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432407642) returned 1 [0104.983] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.983] recv (in: s=0x364, buf=0x25fab91, len=842, flags=0 | out: buf=0x25fab91*) returned 842 [0104.984] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26044c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26044c8, pfQOP=0x0) returned 0x0 [0104.984] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432434146) returned 1 [0104.984] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.984] recv (in: s=0x364, buf=0x25fab91, len=256, flags=0 | out: buf=0x25fab91*) returned 256 [0104.984] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26045e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26045e8, pfQOP=0x0) returned 0x0 [0104.984] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432476446) returned 1 [0104.984] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.984] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.984] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604708, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604708, pfQOP=0x0) returned 0x0 [0104.984] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432507689) returned 1 [0104.984] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.984] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.985] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604828, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604828, pfQOP=0x0) returned 0x0 [0104.985] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432534950) returned 1 [0104.985] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.985] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.985] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604948, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604948, pfQOP=0x0) returned 0x0 [0104.985] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432562442) returned 1 [0104.985] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.985] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.985] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604a68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604a68, pfQOP=0x0) returned 0x0 [0104.985] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432589832) returned 1 [0104.985] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.985] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.985] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604b88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604b88, pfQOP=0x0) returned 0x0 [0104.985] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432616456) returned 1 [0104.986] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.986] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.986] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604ca8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604ca8, pfQOP=0x0) returned 0x0 [0104.986] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432643812) returned 1 [0104.986] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.986] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.986] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604dc8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604dc8, pfQOP=0x0) returned 0x0 [0104.986] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432671117) returned 1 [0104.986] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.986] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.986] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2604ee8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2604ee8, pfQOP=0x0) returned 0x0 [0104.986] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432698858) returned 1 [0104.987] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.987] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.987] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605008, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605008, pfQOP=0x0) returned 0x0 [0104.987] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432817809) returned 1 [0104.988] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.988] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.988] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605128, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605128, pfQOP=0x0) returned 0x0 [0104.988] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432844617) returned 1 [0104.988] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.988] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.988] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605248, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605248, pfQOP=0x0) returned 0x0 [0104.988] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432871090) returned 1 [0104.988] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.988] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.988] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605368, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605368, pfQOP=0x0) returned 0x0 [0104.988] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432898715) returned 1 [0104.988] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.988] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.988] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605488, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605488, pfQOP=0x0) returned 0x0 [0104.989] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432925737) returned 1 [0104.989] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.989] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.989] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26055a8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26055a8, pfQOP=0x0) returned 0x0 [0104.989] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432953847) returned 1 [0104.989] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.989] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.989] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26056c8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26056c8, pfQOP=0x0) returned 0x0 [0104.989] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632432982195) returned 1 [0104.989] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.989] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.989] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x26057e8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x26057e8, pfQOP=0x0) returned 0x0 [0104.989] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632433009586) returned 1 [0104.989] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.990] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.990] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605908, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605908, pfQOP=0x0) returned 0x0 [0104.990] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632433038375) returned 1 [0104.990] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.990] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.990] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605a28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605a28, pfQOP=0x0) returned 0x0 [0104.990] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632433065970) returned 1 [0104.990] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.990] recv (in: s=0x364, buf=0x25fab91, len=1425, flags=0 | out: buf=0x25fab91*) returned 1425 [0104.990] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605b48, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605b48, pfQOP=0x0) returned 0x0 [0104.990] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632433092484) returned 1 [0104.990] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.990] recv (in: s=0x364, buf=0x25fab91, len=229, flags=0 | out: buf=0x25fab91*) returned 229 [0104.990] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605c68, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605c68, pfQOP=0x0) returned 0x0 [0104.990] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded64 | out: lpPerformanceCount=0x2ded64*=1632433119019) returned 1 [0104.991] recv (in: s=0x364, buf=0x25fab8c, len=5, flags=0 | out: buf=0x25fab8c*) returned 5 [0104.991] recv (in: s=0x364, buf=0x25fab91, len=29, flags=0 | out: buf=0x25fab91*) returned 29 [0104.991] DecryptMessage (in: phContext=0x25e4a7c, pMessage=0x2605d88, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2605d88, pfQOP=0x0) returned 0x0 [0104.991] SetEvent (hEvent=0x40) returned 1 [0104.991] QueryPerformanceCounter (in: lpPerformanceCount=0x2ded88 | out: lpPerformanceCount=0x2ded88*=1632433207641) returned 1 [0104.994] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de8b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0104.994] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2de8c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0105.895] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x29400, lpName=0x0) returned 0x554 [0105.895] memcpy (in: _Dst=0x5b0000, _Src=0x3592960, _Size=0x29400 | out: _Dst=0x5b0000) returned 0x5b0000 [0105.897] CloseHandle (hObject=0x554) returned 1 [0106.678] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x12600, lpName=0x0) returned 0x55c [0106.679] memcpy (in: _Dst=0x5e0000, _Src=0x25d8df4, _Size=0x12600 | out: _Dst=0x5e0000) returned 0x5e0000 [0106.680] CloseHandle (hObject=0x55c) returned 1 [0107.412] CoTaskMemAlloc (cb=0x20c) returned 0x58f6328 [0107.412] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x58f6328, nSize=0x104 | out: lpBuffer="") returned 0x0 [0107.412] CoTaskMemFree (pv=0x58f6328) [0107.519] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cb [0107.520] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ca [0107.531] GetSystemMetrics (nIndex=75) returned 1 [0107.534] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0107.546] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x752b0000 [0107.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x2ddfb4, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectory", lpUsedDefaultChar=0x0) returned 15 [0107.547] GetProcAddress (hModule=0x752b0000, lpProcName="AddDllDirectory") returned 0x753d1e91 [0107.547] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6d380000 [0107.563] AdjustWindowRectEx (in: lpRect=0x2de11c, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x2de11c) returned 1 [0107.566] GetCurrentProcess () returned 0xffffffff [0107.566] GetCurrentThread () returned 0xfffffffe [0107.566] GetCurrentProcess () returned 0xffffffff [0107.566] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x2de034, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2de034*=0x59c) returned 1 [0107.569] GetCurrentThreadId () returned 0xf28 [0107.578] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000 [0107.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x2dde4c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\nnÙqº{Dþwqäæ-", lpUsedDefaultChar=0x0) returned 14 [0107.579] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd [0107.579] GetStockObject (i=5) returned 0x1900015 [0107.582] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0107.584] CoTaskMemAlloc (cb=0x5a) returned 0x58d38a8 [0107.584] RegisterClassW (lpWndClass=0x2dde3c) returned 0xc076 [0107.585] CoTaskMemFree (pv=0x58d38a8) [0107.585] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0107.585] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x10b0000, lpParam=0x0) returned 0x50182 [0107.588] SetWindowLongW (hWnd=0x50182, nIndex=-4, dwNewLong=1995646429) returned 82446310 [0107.589] GetWindowLongW (hWnd=0x50182, nIndex=-4) returned 1995646429 [0107.590] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x2dd750 | out: phkResult=0x2dd750*=0x5a0) returned 0x0 [0107.591] RegQueryValueExW (in: hKey=0x5a0, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x2dd770, lpData=0x0, lpcbData=0x2dd76c*=0x0 | out: lpType=0x2dd770*=0x0, lpData=0x0, lpcbData=0x2dd76c*=0x0) returned 0x2 [0107.591] RegQueryValueExW (in: hKey=0x5a0, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x2dd770, lpData=0x0, lpcbData=0x2dd76c*=0x0 | out: lpType=0x2dd770*=0x0, lpData=0x0, lpcbData=0x2dd76c*=0x0) returned 0x2 [0107.591] RegCloseKey (hKey=0x5a0) returned 0x0 [0107.592] SetWindowLongW (hWnd=0x50182, nIndex=-4, dwNewLong=82446350) returned 1995646429 [0107.592] GetWindowLongW (hWnd=0x50182, nIndex=-4) returned 82446350 [0107.592] GetWindowLongW (hWnd=0x50182, nIndex=-16) returned 113311744 [0107.592] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc12d [0107.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x50182, Msg=0x24, wParam=0x0, lParam=0x2dda28) returned 0x0 [0107.593] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc073 [0107.593] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x50182, Msg=0x81, wParam=0x0, lParam=0x2dda1c) returned 0x1 [0107.594] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x50182, Msg=0x83, wParam=0x0, lParam=0x2dda08) returned 0x0 [0107.594] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x50182, Msg=0x1, wParam=0x0, lParam=0x2dda1c) returned 0x0 [0107.594] GetClientRect (in: hWnd=0x50182, lpRect=0x2dd784 | out: lpRect=0x2dd784) returned 1 [0107.594] GetWindowRect (in: hWnd=0x50182, lpRect=0x2dd784 | out: lpRect=0x2dd784) returned 1 [0107.596] GetParent (hWnd=0x50182) returned 0x0 [0107.596] GetSystemMetrics (nIndex=59) returned 1460 [0107.596] GetSystemMetrics (nIndex=60) returned 920 [0107.596] GetSystemMetrics (nIndex=34) returned 132 [0107.596] GetSystemMetrics (nIndex=35) returned 38 [0107.597] AdjustWindowRectEx (in: lpRect=0x2de058, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x2de058) returned 1 [0107.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3d92980, Length=0x20000, ResultLength=0x2de128 | out: SystemInformation=0x3d92980, ResultLength=0x2de128*=0xe350) returned 0x0 [0107.742] GetSystemDefaultLCID () returned 0x409 [0107.742] GetStockObject (i=17) returned 0x18a0025 [0107.744] GetObjectW (in: h=0x18a0025, c=92, pv=0x2ddf08 | out: pv=0x2ddf08) returned 92 [0107.746] GetDC (hWnd=0x0) returned 0x170106ba [0107.823] GdiplusStartup (in: token=0xb7870, input=0x2dd4d0, output=0x2dd520 | out: token=0xb7870, output=0x2dd520) returned 0x0 [0107.829] CoTaskMemAlloc (cb=0x5c) returned 0x58d38a8 [0107.829] GdipCreateFontFromLogfontW (hdc=0x170106ba, logfont=0x58d38a8, font=0x2ddfd0) returned 0x0 [0107.969] CoTaskMemFree (pv=0x58d38a8) [0107.970] CoTaskMemAlloc (cb=0x5c) returned 0x58d38a8 [0107.970] CoTaskMemFree (pv=0x58d38a8) [0107.971] CoTaskMemAlloc (cb=0x5c) returned 0x58d38a8 [0107.971] CoTaskMemFree (pv=0x58d38a8) [0107.972] GdipGetFontUnit (font=0x5e92230, unit=0x2ddf98) returned 0x0 [0107.972] GdipGetFontSize (font=0x5e92230, size=0x2ddf9c) returned 0x0 [0107.972] GdipGetFontStyle (font=0x5e92230, style=0x2ddf94) returned 0x0 [0107.972] GdipGetFamily (font=0x5e92230, family=0x2ddf90) returned 0x0 [0107.973] GdipGetFontSize (font=0x5e92230, size=0x25eb76c) returned 0x0 [0107.973] ReleaseDC (hWnd=0x0, hDC=0x170106ba) returned 1 [0107.974] GetDC (hWnd=0x0) returned 0x4010b22 [0107.974] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2ddfac) returned 0x0 [0107.976] GdipGetDpiY (graphics=0x5dc9170, dpi=0x25eb848) returned 0x0 [0107.976] GdipGetFontHeight (font=0x5e92230, graphics=0x5dc9170, height=0x2ddfa4) returned 0x0 [0107.976] GdipGetEmHeight (family=0x5e9f358, style=0, EmHeight=0x2ddfac) returned 0x0 [0107.977] GdipGetLineSpacing (family=0x5e9f358, style=0, LineSpacing=0x2ddfac) returned 0x0 [0107.977] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.977] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.979] GdipCreateFont (fontFamily=0x5e9f358, emSize=0x41040000, style=0, unit=0x3, font=0x25eb864) returned 0x0 [0107.979] GdipGetFontSize (font=0x5d40960, size=0x25eb868) returned 0x0 [0107.979] GdipDeleteFont (font=0x5e92230) returned 0x0 [0107.979] GetDC (hWnd=0x0) returned 0x4010b22 [0107.979] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.980] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.980] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.980] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.980] GetSystemMetrics (nIndex=5) returned 1 [0107.980] GetSystemMetrics (nIndex=6) returned 1 [0107.981] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.981] GetSystemMetrics (nIndex=5) returned 1 [0107.981] GetSystemMetrics (nIndex=6) returned 1 [0107.983] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.984] GetCurrentThreadId () returned 0xf28 [0107.984] GetCurrentThreadId () returned 0xf28 [0107.986] GetDC (hWnd=0x0) returned 0x4010b22 [0107.987] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.987] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.987] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.987] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.987] GetSystemMetrics (nIndex=5) returned 1 [0107.987] GetSystemMetrics (nIndex=6) returned 1 [0107.987] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.987] GetSystemMetrics (nIndex=5) returned 1 [0107.987] GetSystemMetrics (nIndex=6) returned 1 [0107.987] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.987] GetCurrentThreadId () returned 0xf28 [0107.987] GetCurrentThreadId () returned 0xf28 [0107.988] GetDC (hWnd=0x0) returned 0x4010b22 [0107.988] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.988] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.988] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.988] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.988] GetSystemMetrics (nIndex=5) returned 1 [0107.988] GetSystemMetrics (nIndex=6) returned 1 [0107.988] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.988] GetSystemMetrics (nIndex=5) returned 1 [0107.988] GetSystemMetrics (nIndex=6) returned 1 [0107.988] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.988] GetCurrentThreadId () returned 0xf28 [0107.988] GetCurrentThreadId () returned 0xf28 [0107.989] GetDC (hWnd=0x0) returned 0x4010b22 [0107.989] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.989] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.989] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.989] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.989] GetSystemMetrics (nIndex=5) returned 1 [0107.989] GetSystemMetrics (nIndex=6) returned 1 [0107.989] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.989] GetSystemMetrics (nIndex=5) returned 1 [0107.989] GetSystemMetrics (nIndex=6) returned 1 [0107.989] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.989] GetCurrentThreadId () returned 0xf28 [0107.990] GetCurrentThreadId () returned 0xf28 [0107.990] GetDC (hWnd=0x0) returned 0x4010b22 [0107.990] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.990] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.990] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.990] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.990] GetSystemMetrics (nIndex=5) returned 1 [0107.990] GetSystemMetrics (nIndex=6) returned 1 [0107.990] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.990] GetSystemMetrics (nIndex=5) returned 1 [0107.990] GetSystemMetrics (nIndex=6) returned 1 [0107.991] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.991] GetCurrentThreadId () returned 0xf28 [0107.991] GetCurrentThreadId () returned 0xf28 [0107.991] GetDC (hWnd=0x0) returned 0x4010b22 [0107.991] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.991] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.991] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.991] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.991] GetSystemMetrics (nIndex=5) returned 1 [0107.991] GetSystemMetrics (nIndex=6) returned 1 [0107.992] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.992] GetSystemMetrics (nIndex=5) returned 1 [0107.992] GetSystemMetrics (nIndex=6) returned 1 [0107.992] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.992] GetCurrentThreadId () returned 0xf28 [0107.992] GetCurrentThreadId () returned 0xf28 [0107.992] GetDC (hWnd=0x0) returned 0x4010b22 [0107.992] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.992] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.992] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.993] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.993] GetSystemMetrics (nIndex=5) returned 1 [0107.993] GetSystemMetrics (nIndex=6) returned 1 [0107.993] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.993] GetSystemMetrics (nIndex=5) returned 1 [0107.993] GetSystemMetrics (nIndex=6) returned 1 [0107.993] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.993] GetCurrentThreadId () returned 0xf28 [0107.993] GetCurrentThreadId () returned 0xf28 [0107.993] GetDC (hWnd=0x0) returned 0x4010b22 [0107.993] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.994] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.994] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.994] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.994] GetSystemMetrics (nIndex=5) returned 1 [0107.994] GetSystemMetrics (nIndex=6) returned 1 [0107.994] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.994] GetSystemMetrics (nIndex=5) returned 1 [0107.994] GetSystemMetrics (nIndex=6) returned 1 [0107.994] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.994] GetCurrentThreadId () returned 0xf28 [0107.994] GetCurrentThreadId () returned 0xf28 [0107.994] GetDC (hWnd=0x0) returned 0x4010b22 [0107.994] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.995] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.995] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.995] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.995] GetSystemMetrics (nIndex=5) returned 1 [0107.995] GetSystemMetrics (nIndex=6) returned 1 [0107.995] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.995] GetSystemMetrics (nIndex=5) returned 1 [0107.995] GetSystemMetrics (nIndex=6) returned 1 [0107.995] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.995] GetCurrentThreadId () returned 0xf28 [0107.995] GetCurrentThreadId () returned 0xf28 [0107.995] GetDC (hWnd=0x0) returned 0x4010b22 [0107.995] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.996] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.996] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.996] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.996] GetSystemMetrics (nIndex=5) returned 1 [0107.996] GetSystemMetrics (nIndex=6) returned 1 [0107.996] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.996] GetSystemMetrics (nIndex=5) returned 1 [0107.996] GetSystemMetrics (nIndex=6) returned 1 [0107.996] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.996] GetCurrentThreadId () returned 0xf28 [0107.996] GetCurrentThreadId () returned 0xf28 [0107.996] GetDC (hWnd=0x0) returned 0x4010b22 [0107.997] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.997] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.997] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.997] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.997] GetSystemMetrics (nIndex=5) returned 1 [0107.997] GetSystemMetrics (nIndex=6) returned 1 [0107.997] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.997] GetSystemMetrics (nIndex=5) returned 1 [0107.997] GetSystemMetrics (nIndex=6) returned 1 [0107.997] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.997] GetCurrentThreadId () returned 0xf28 [0107.997] GetCurrentThreadId () returned 0xf28 [0107.998] GetDC (hWnd=0x0) returned 0x4010b22 [0107.998] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.998] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.998] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.998] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.998] GetSystemMetrics (nIndex=5) returned 1 [0107.998] GetSystemMetrics (nIndex=6) returned 1 [0107.998] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.998] GetSystemMetrics (nIndex=5) returned 1 [0107.998] GetSystemMetrics (nIndex=6) returned 1 [0107.998] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.998] GetCurrentThreadId () returned 0xf28 [0107.998] GetCurrentThreadId () returned 0xf28 [0107.999] GetDC (hWnd=0x0) returned 0x4010b22 [0107.999] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0107.999] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0107.999] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0107.999] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0107.999] GetSystemMetrics (nIndex=5) returned 1 [0107.999] GetSystemMetrics (nIndex=6) returned 1 [0107.999] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0107.999] GetSystemMetrics (nIndex=5) returned 1 [0107.999] GetSystemMetrics (nIndex=6) returned 1 [0107.999] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0107.999] GetCurrentThreadId () returned 0xf28 [0107.999] GetCurrentThreadId () returned 0xf28 [0108.000] GetDC (hWnd=0x0) returned 0x4010b22 [0108.000] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.000] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.000] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.000] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.000] GetSystemMetrics (nIndex=5) returned 1 [0108.000] GetSystemMetrics (nIndex=6) returned 1 [0108.000] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.000] GetSystemMetrics (nIndex=5) returned 1 [0108.000] GetSystemMetrics (nIndex=6) returned 1 [0108.000] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.001] GetCurrentThreadId () returned 0xf28 [0108.001] GetCurrentThreadId () returned 0xf28 [0108.001] GetDC (hWnd=0x0) returned 0x4010b22 [0108.001] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.001] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.001] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.001] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.001] GetSystemMetrics (nIndex=5) returned 1 [0108.001] GetSystemMetrics (nIndex=6) returned 1 [0108.001] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.001] GetSystemMetrics (nIndex=5) returned 1 [0108.002] GetSystemMetrics (nIndex=6) returned 1 [0108.002] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.002] GetCurrentThreadId () returned 0xf28 [0108.002] GetCurrentThreadId () returned 0xf28 [0108.002] GetDC (hWnd=0x0) returned 0x4010b22 [0108.002] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.002] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.002] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.002] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.002] GetSystemMetrics (nIndex=5) returned 1 [0108.003] GetSystemMetrics (nIndex=6) returned 1 [0108.003] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.003] GetSystemMetrics (nIndex=5) returned 1 [0108.003] GetSystemMetrics (nIndex=6) returned 1 [0108.003] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.003] GetCurrentThreadId () returned 0xf28 [0108.003] GetCurrentThreadId () returned 0xf28 [0108.003] GetDC (hWnd=0x0) returned 0x4010b22 [0108.003] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.003] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.003] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.004] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.004] GetSystemMetrics (nIndex=5) returned 1 [0108.004] GetSystemMetrics (nIndex=6) returned 1 [0108.004] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.004] GetSystemMetrics (nIndex=5) returned 1 [0108.004] GetSystemMetrics (nIndex=6) returned 1 [0108.004] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.004] GetCurrentThreadId () returned 0xf28 [0108.004] GetCurrentThreadId () returned 0xf28 [0108.004] GetDC (hWnd=0x0) returned 0x4010b22 [0108.004] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.005] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.005] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.005] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.005] GetSystemMetrics (nIndex=5) returned 1 [0108.005] GetSystemMetrics (nIndex=6) returned 1 [0108.005] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.005] GetSystemMetrics (nIndex=5) returned 1 [0108.005] GetSystemMetrics (nIndex=6) returned 1 [0108.005] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.005] GetCurrentThreadId () returned 0xf28 [0108.005] GetCurrentThreadId () returned 0xf28 [0108.005] GetDC (hWnd=0x0) returned 0x4010b22 [0108.006] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.006] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.006] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.006] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.006] GetSystemMetrics (nIndex=5) returned 1 [0108.006] GetSystemMetrics (nIndex=6) returned 1 [0108.006] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.006] GetSystemMetrics (nIndex=5) returned 1 [0108.006] GetSystemMetrics (nIndex=6) returned 1 [0108.006] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.006] GetCurrentThreadId () returned 0xf28 [0108.006] GetCurrentThreadId () returned 0xf28 [0108.007] GetDC (hWnd=0x0) returned 0x4010b22 [0108.007] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.007] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.007] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.007] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.007] GetSystemMetrics (nIndex=5) returned 1 [0108.007] GetSystemMetrics (nIndex=6) returned 1 [0108.007] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.007] GetSystemMetrics (nIndex=5) returned 1 [0108.007] GetSystemMetrics (nIndex=6) returned 1 [0108.007] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.007] GetCurrentThreadId () returned 0xf28 [0108.007] GetCurrentThreadId () returned 0xf28 [0108.008] GetDC (hWnd=0x0) returned 0x4010b22 [0108.008] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.008] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.008] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.008] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.008] GetSystemMetrics (nIndex=5) returned 1 [0108.008] GetSystemMetrics (nIndex=6) returned 1 [0108.008] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.008] GetSystemMetrics (nIndex=5) returned 1 [0108.008] GetSystemMetrics (nIndex=6) returned 1 [0108.008] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.008] GetCurrentThreadId () returned 0xf28 [0108.008] GetCurrentThreadId () returned 0xf28 [0108.009] GetDC (hWnd=0x0) returned 0x4010b22 [0108.009] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.009] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.009] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.009] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.009] GetSystemMetrics (nIndex=5) returned 1 [0108.009] GetSystemMetrics (nIndex=6) returned 1 [0108.009] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.009] GetSystemMetrics (nIndex=5) returned 1 [0108.009] GetSystemMetrics (nIndex=6) returned 1 [0108.009] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.009] GetCurrentThreadId () returned 0xf28 [0108.009] GetCurrentThreadId () returned 0xf28 [0108.010] GetDC (hWnd=0x0) returned 0x4010b22 [0108.010] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.010] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.010] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.010] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.010] GetSystemMetrics (nIndex=5) returned 1 [0108.010] GetSystemMetrics (nIndex=6) returned 1 [0108.010] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.010] GetSystemMetrics (nIndex=5) returned 1 [0108.010] GetSystemMetrics (nIndex=6) returned 1 [0108.010] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.010] GetCurrentThreadId () returned 0xf28 [0108.010] GetCurrentThreadId () returned 0xf28 [0108.011] GetDC (hWnd=0x0) returned 0x4010b22 [0108.011] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.011] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.011] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.011] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.011] GetSystemMetrics (nIndex=5) returned 1 [0108.011] GetSystemMetrics (nIndex=6) returned 1 [0108.011] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.011] GetSystemMetrics (nIndex=5) returned 1 [0108.011] GetSystemMetrics (nIndex=6) returned 1 [0108.011] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.011] GetCurrentThreadId () returned 0xf28 [0108.011] GetCurrentThreadId () returned 0xf28 [0108.012] GetDC (hWnd=0x0) returned 0x4010b22 [0108.012] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.012] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.012] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.012] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.012] GetSystemMetrics (nIndex=5) returned 1 [0108.012] GetSystemMetrics (nIndex=6) returned 1 [0108.012] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.012] GetSystemMetrics (nIndex=5) returned 1 [0108.012] GetSystemMetrics (nIndex=6) returned 1 [0108.013] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.013] GetCurrentThreadId () returned 0xf28 [0108.013] GetCurrentThreadId () returned 0xf28 [0108.017] GetDC (hWnd=0x0) returned 0x4010b22 [0108.017] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.017] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.017] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.017] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.018] GetSystemMetrics (nIndex=5) returned 1 [0108.018] GetSystemMetrics (nIndex=6) returned 1 [0108.018] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.018] GetSystemMetrics (nIndex=5) returned 1 [0108.018] GetSystemMetrics (nIndex=6) returned 1 [0108.018] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.018] GetCurrentThreadId () returned 0xf28 [0108.018] GetCurrentThreadId () returned 0xf28 [0108.018] GetDC (hWnd=0x0) returned 0x4010b22 [0108.019] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.019] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.019] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.019] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.019] GetSystemMetrics (nIndex=5) returned 1 [0108.019] GetSystemMetrics (nIndex=6) returned 1 [0108.019] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.019] GetSystemMetrics (nIndex=5) returned 1 [0108.019] GetSystemMetrics (nIndex=6) returned 1 [0108.019] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.019] GetCurrentThreadId () returned 0xf28 [0108.019] GetCurrentThreadId () returned 0xf28 [0108.020] GetDC (hWnd=0x0) returned 0x4010b22 [0108.020] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.020] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.020] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.020] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.020] GetSystemMetrics (nIndex=5) returned 1 [0108.020] GetSystemMetrics (nIndex=6) returned 1 [0108.020] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.020] GetSystemMetrics (nIndex=5) returned 1 [0108.020] GetSystemMetrics (nIndex=6) returned 1 [0108.020] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.020] GetCurrentThreadId () returned 0xf28 [0108.020] GetCurrentThreadId () returned 0xf28 [0108.021] GetDC (hWnd=0x0) returned 0x4010b22 [0108.021] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.021] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.021] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.021] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.021] GetSystemMetrics (nIndex=5) returned 1 [0108.021] GetSystemMetrics (nIndex=6) returned 1 [0108.021] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.021] GetSystemMetrics (nIndex=5) returned 1 [0108.021] GetSystemMetrics (nIndex=6) returned 1 [0108.021] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.021] GetCurrentThreadId () returned 0xf28 [0108.021] GetCurrentThreadId () returned 0xf28 [0108.022] GetDC (hWnd=0x0) returned 0x4010b22 [0108.022] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.022] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.022] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.022] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.022] GetSystemMetrics (nIndex=5) returned 1 [0108.022] GetSystemMetrics (nIndex=6) returned 1 [0108.022] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.022] GetSystemMetrics (nIndex=5) returned 1 [0108.022] GetSystemMetrics (nIndex=6) returned 1 [0108.022] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.022] GetCurrentThreadId () returned 0xf28 [0108.022] GetCurrentThreadId () returned 0xf28 [0108.023] GetDC (hWnd=0x0) returned 0x4010b22 [0108.023] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.023] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.023] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.023] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.023] GetSystemMetrics (nIndex=5) returned 1 [0108.023] GetSystemMetrics (nIndex=6) returned 1 [0108.023] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.023] GetSystemMetrics (nIndex=5) returned 1 [0108.023] GetSystemMetrics (nIndex=6) returned 1 [0108.023] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.024] GetCurrentThreadId () returned 0xf28 [0108.024] GetCurrentThreadId () returned 0xf28 [0108.024] GetDC (hWnd=0x0) returned 0x4010b22 [0108.024] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.024] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.024] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.024] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.024] GetSystemMetrics (nIndex=5) returned 1 [0108.024] GetSystemMetrics (nIndex=6) returned 1 [0108.025] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.025] GetSystemMetrics (nIndex=5) returned 1 [0108.025] GetSystemMetrics (nIndex=6) returned 1 [0108.025] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.025] GetCurrentThreadId () returned 0xf28 [0108.025] GetCurrentThreadId () returned 0xf28 [0108.025] GetDC (hWnd=0x0) returned 0x4010b22 [0108.025] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.025] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.026] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.026] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.026] GetSystemMetrics (nIndex=5) returned 1 [0108.026] GetSystemMetrics (nIndex=6) returned 1 [0108.026] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.026] GetSystemMetrics (nIndex=5) returned 1 [0108.026] GetSystemMetrics (nIndex=6) returned 1 [0108.026] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.026] GetCurrentThreadId () returned 0xf28 [0108.026] GetCurrentThreadId () returned 0xf28 [0108.026] GetDC (hWnd=0x0) returned 0x4010b22 [0108.026] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.027] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.027] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.027] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.027] GetSystemMetrics (nIndex=5) returned 1 [0108.027] GetSystemMetrics (nIndex=6) returned 1 [0108.027] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.027] GetSystemMetrics (nIndex=5) returned 1 [0108.027] GetSystemMetrics (nIndex=6) returned 1 [0108.027] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.027] GetCurrentThreadId () returned 0xf28 [0108.027] GetCurrentThreadId () returned 0xf28 [0108.027] GetDC (hWnd=0x0) returned 0x4010b22 [0108.027] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.028] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.028] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.028] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.028] GetSystemMetrics (nIndex=5) returned 1 [0108.028] GetSystemMetrics (nIndex=6) returned 1 [0108.028] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.028] GetSystemMetrics (nIndex=5) returned 1 [0108.028] GetSystemMetrics (nIndex=6) returned 1 [0108.028] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.028] GetCurrentThreadId () returned 0xf28 [0108.028] GetCurrentThreadId () returned 0xf28 [0108.029] GetDC (hWnd=0x0) returned 0x4010b22 [0108.029] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.029] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.029] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.029] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.029] GetSystemMetrics (nIndex=5) returned 1 [0108.029] GetSystemMetrics (nIndex=6) returned 1 [0108.029] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.029] GetSystemMetrics (nIndex=5) returned 1 [0108.030] GetSystemMetrics (nIndex=6) returned 1 [0108.030] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.030] GetCurrentThreadId () returned 0xf28 [0108.030] GetCurrentThreadId () returned 0xf28 [0108.030] GetDC (hWnd=0x0) returned 0x4010b22 [0108.030] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.030] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.030] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.030] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.031] GetSystemMetrics (nIndex=5) returned 1 [0108.031] GetSystemMetrics (nIndex=6) returned 1 [0108.031] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.031] GetSystemMetrics (nIndex=5) returned 1 [0108.031] GetSystemMetrics (nIndex=6) returned 1 [0108.031] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.031] GetCurrentThreadId () returned 0xf28 [0108.031] GetCurrentThreadId () returned 0xf28 [0108.031] GetDC (hWnd=0x0) returned 0x4010b22 [0108.031] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.031] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.031] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.032] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.032] GetSystemMetrics (nIndex=5) returned 1 [0108.032] GetSystemMetrics (nIndex=6) returned 1 [0108.032] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.032] GetSystemMetrics (nIndex=5) returned 1 [0108.032] GetSystemMetrics (nIndex=6) returned 1 [0108.032] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.032] GetCurrentThreadId () returned 0xf28 [0108.032] GetCurrentThreadId () returned 0xf28 [0108.032] GetDC (hWnd=0x0) returned 0x4010b22 [0108.032] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.033] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.033] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.033] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.033] GetSystemMetrics (nIndex=5) returned 1 [0108.033] GetSystemMetrics (nIndex=6) returned 1 [0108.033] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.033] GetSystemMetrics (nIndex=5) returned 1 [0108.033] GetSystemMetrics (nIndex=6) returned 1 [0108.033] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.033] GetCurrentThreadId () returned 0xf28 [0108.033] GetCurrentThreadId () returned 0xf28 [0108.033] GetDC (hWnd=0x0) returned 0x4010b22 [0108.034] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.034] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.034] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.034] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.034] GetSystemMetrics (nIndex=5) returned 1 [0108.034] GetSystemMetrics (nIndex=6) returned 1 [0108.034] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.034] GetSystemMetrics (nIndex=5) returned 1 [0108.034] GetSystemMetrics (nIndex=6) returned 1 [0108.034] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.034] GetCurrentThreadId () returned 0xf28 [0108.034] GetCurrentThreadId () returned 0xf28 [0108.035] GetDC (hWnd=0x0) returned 0x4010b22 [0108.035] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.035] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.035] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.035] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.035] GetSystemMetrics (nIndex=5) returned 1 [0108.035] GetSystemMetrics (nIndex=6) returned 1 [0108.035] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.035] GetSystemMetrics (nIndex=5) returned 1 [0108.035] GetSystemMetrics (nIndex=6) returned 1 [0108.035] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.035] GetCurrentThreadId () returned 0xf28 [0108.035] GetCurrentThreadId () returned 0xf28 [0108.036] GetDC (hWnd=0x0) returned 0x4010b22 [0108.036] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.036] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.036] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.036] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.036] GetSystemMetrics (nIndex=5) returned 1 [0108.036] GetSystemMetrics (nIndex=6) returned 1 [0108.036] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.036] GetSystemMetrics (nIndex=5) returned 1 [0108.036] GetSystemMetrics (nIndex=6) returned 1 [0108.036] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.036] GetCurrentThreadId () returned 0xf28 [0108.036] GetCurrentThreadId () returned 0xf28 [0108.037] GetDC (hWnd=0x0) returned 0x4010b22 [0108.037] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.037] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.037] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.037] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.037] GetSystemMetrics (nIndex=5) returned 1 [0108.037] GetSystemMetrics (nIndex=6) returned 1 [0108.037] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.037] GetSystemMetrics (nIndex=5) returned 1 [0108.038] GetSystemMetrics (nIndex=6) returned 1 [0108.038] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.038] GetCurrentThreadId () returned 0xf28 [0108.038] GetCurrentThreadId () returned 0xf28 [0108.038] GetDC (hWnd=0x0) returned 0x4010b22 [0108.038] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.038] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.039] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.039] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.039] GetSystemMetrics (nIndex=5) returned 1 [0108.039] GetSystemMetrics (nIndex=6) returned 1 [0108.039] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.039] GetSystemMetrics (nIndex=5) returned 1 [0108.039] GetSystemMetrics (nIndex=6) returned 1 [0108.039] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.039] GetCurrentThreadId () returned 0xf28 [0108.039] GetCurrentThreadId () returned 0xf28 [0108.039] GetDC (hWnd=0x0) returned 0x4010b22 [0108.039] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.040] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.040] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.040] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.040] GetSystemMetrics (nIndex=5) returned 1 [0108.040] GetSystemMetrics (nIndex=6) returned 1 [0108.040] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.040] GetSystemMetrics (nIndex=5) returned 1 [0108.040] GetSystemMetrics (nIndex=6) returned 1 [0108.040] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.040] GetCurrentThreadId () returned 0xf28 [0108.040] GetCurrentThreadId () returned 0xf28 [0108.041] GetDC (hWnd=0x0) returned 0x4010b22 [0108.041] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.041] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.041] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.041] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.041] GetSystemMetrics (nIndex=5) returned 1 [0108.041] GetSystemMetrics (nIndex=6) returned 1 [0108.041] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.041] GetSystemMetrics (nIndex=5) returned 1 [0108.041] GetSystemMetrics (nIndex=6) returned 1 [0108.041] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.041] GetCurrentThreadId () returned 0xf28 [0108.041] GetCurrentThreadId () returned 0xf28 [0108.042] GetDC (hWnd=0x0) returned 0x4010b22 [0108.042] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.042] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.042] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.042] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.042] GetSystemMetrics (nIndex=5) returned 1 [0108.043] GetSystemMetrics (nIndex=6) returned 1 [0108.043] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.043] GetSystemMetrics (nIndex=5) returned 1 [0108.043] GetSystemMetrics (nIndex=6) returned 1 [0108.043] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.043] GetCurrentThreadId () returned 0xf28 [0108.043] GetCurrentThreadId () returned 0xf28 [0108.043] GetDC (hWnd=0x0) returned 0x4010b22 [0108.043] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.043] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.043] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.043] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.044] GetSystemMetrics (nIndex=5) returned 1 [0108.044] GetSystemMetrics (nIndex=6) returned 1 [0108.044] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.044] GetSystemMetrics (nIndex=5) returned 1 [0108.044] GetSystemMetrics (nIndex=6) returned 1 [0108.044] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.044] GetCurrentThreadId () returned 0xf28 [0108.044] GetCurrentThreadId () returned 0xf28 [0108.044] GetDC (hWnd=0x0) returned 0x4010b22 [0108.044] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.044] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.044] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.044] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.044] GetSystemMetrics (nIndex=5) returned 1 [0108.044] GetSystemMetrics (nIndex=6) returned 1 [0108.044] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.044] GetSystemMetrics (nIndex=5) returned 1 [0108.044] GetSystemMetrics (nIndex=6) returned 1 [0108.044] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.044] GetCurrentThreadId () returned 0xf28 [0108.044] GetCurrentThreadId () returned 0xf28 [0108.044] GetDC (hWnd=0x0) returned 0x4010b22 [0108.045] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.045] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.045] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.045] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.045] GetSystemMetrics (nIndex=5) returned 1 [0108.045] GetSystemMetrics (nIndex=6) returned 1 [0108.045] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.045] GetSystemMetrics (nIndex=5) returned 1 [0108.045] GetSystemMetrics (nIndex=6) returned 1 [0108.045] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.045] GetCurrentThreadId () returned 0xf28 [0108.045] GetCurrentThreadId () returned 0xf28 [0108.045] GetDC (hWnd=0x0) returned 0x4010b22 [0108.045] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.045] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.045] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.045] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.045] GetSystemMetrics (nIndex=5) returned 1 [0108.045] GetSystemMetrics (nIndex=6) returned 1 [0108.045] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.045] GetSystemMetrics (nIndex=5) returned 1 [0108.045] GetSystemMetrics (nIndex=6) returned 1 [0108.045] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.045] GetCurrentThreadId () returned 0xf28 [0108.045] GetCurrentThreadId () returned 0xf28 [0108.045] GetDC (hWnd=0x0) returned 0x4010b22 [0108.045] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.045] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.046] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.046] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.046] GetSystemMetrics (nIndex=5) returned 1 [0108.046] GetSystemMetrics (nIndex=6) returned 1 [0108.046] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.046] GetSystemMetrics (nIndex=5) returned 1 [0108.046] GetSystemMetrics (nIndex=6) returned 1 [0108.046] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.046] GetCurrentThreadId () returned 0xf28 [0108.046] GetCurrentThreadId () returned 0xf28 [0108.046] GetDC (hWnd=0x0) returned 0x4010b22 [0108.046] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.046] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.046] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.046] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.046] GetSystemMetrics (nIndex=5) returned 1 [0108.046] GetSystemMetrics (nIndex=6) returned 1 [0108.046] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.046] GetSystemMetrics (nIndex=5) returned 1 [0108.046] GetSystemMetrics (nIndex=6) returned 1 [0108.046] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.046] GetCurrentThreadId () returned 0xf28 [0108.046] GetCurrentThreadId () returned 0xf28 [0108.046] GetDC (hWnd=0x0) returned 0x4010b22 [0108.046] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.046] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.046] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.047] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.047] GetSystemMetrics (nIndex=5) returned 1 [0108.047] GetSystemMetrics (nIndex=6) returned 1 [0108.047] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.047] GetSystemMetrics (nIndex=5) returned 1 [0108.047] GetSystemMetrics (nIndex=6) returned 1 [0108.047] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.047] GetCurrentThreadId () returned 0xf28 [0108.047] GetCurrentThreadId () returned 0xf28 [0108.047] GetDC (hWnd=0x0) returned 0x4010b22 [0108.047] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.047] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.047] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.047] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.047] GetSystemMetrics (nIndex=5) returned 1 [0108.047] GetSystemMetrics (nIndex=6) returned 1 [0108.047] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.047] GetSystemMetrics (nIndex=5) returned 1 [0108.047] GetSystemMetrics (nIndex=6) returned 1 [0108.047] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.047] GetCurrentThreadId () returned 0xf28 [0108.047] GetCurrentThreadId () returned 0xf28 [0108.047] GetDC (hWnd=0x0) returned 0x4010b22 [0108.047] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.047] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.047] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.047] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.047] GetSystemMetrics (nIndex=5) returned 1 [0108.048] GetSystemMetrics (nIndex=6) returned 1 [0108.048] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.048] GetSystemMetrics (nIndex=5) returned 1 [0108.048] GetSystemMetrics (nIndex=6) returned 1 [0108.048] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.048] GetCurrentThreadId () returned 0xf28 [0108.048] GetCurrentThreadId () returned 0xf28 [0108.048] GetDC (hWnd=0x0) returned 0x4010b22 [0108.048] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.048] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.048] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.048] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.048] GetSystemMetrics (nIndex=5) returned 1 [0108.048] GetSystemMetrics (nIndex=6) returned 1 [0108.048] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.048] GetSystemMetrics (nIndex=5) returned 1 [0108.048] GetSystemMetrics (nIndex=6) returned 1 [0108.048] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.048] GetCurrentThreadId () returned 0xf28 [0108.048] GetCurrentThreadId () returned 0xf28 [0108.048] GetDC (hWnd=0x0) returned 0x4010b22 [0108.048] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.048] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.048] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.048] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.049] GetSystemMetrics (nIndex=5) returned 1 [0108.049] GetSystemMetrics (nIndex=6) returned 1 [0108.049] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.049] GetSystemMetrics (nIndex=5) returned 1 [0108.049] GetSystemMetrics (nIndex=6) returned 1 [0108.049] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.049] GetCurrentThreadId () returned 0xf28 [0108.049] GetCurrentThreadId () returned 0xf28 [0108.049] GetDC (hWnd=0x0) returned 0x4010b22 [0108.049] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.049] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.049] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.049] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.049] GetSystemMetrics (nIndex=5) returned 1 [0108.049] GetSystemMetrics (nIndex=6) returned 1 [0108.049] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.049] GetSystemMetrics (nIndex=5) returned 1 [0108.049] GetSystemMetrics (nIndex=6) returned 1 [0108.049] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.049] GetCurrentThreadId () returned 0xf28 [0108.049] GetCurrentThreadId () returned 0xf28 [0108.049] GetDC (hWnd=0x0) returned 0x4010b22 [0108.049] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.050] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.050] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.050] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.050] GetSystemMetrics (nIndex=5) returned 1 [0108.050] GetSystemMetrics (nIndex=6) returned 1 [0108.050] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.050] GetSystemMetrics (nIndex=5) returned 1 [0108.050] GetSystemMetrics (nIndex=6) returned 1 [0108.050] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.050] GetCurrentThreadId () returned 0xf28 [0108.050] GetCurrentThreadId () returned 0xf28 [0108.050] GetDC (hWnd=0x0) returned 0x4010b22 [0108.050] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.050] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.050] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.050] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.050] GetSystemMetrics (nIndex=5) returned 1 [0108.050] GetSystemMetrics (nIndex=6) returned 1 [0108.050] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.050] GetSystemMetrics (nIndex=5) returned 1 [0108.050] GetSystemMetrics (nIndex=6) returned 1 [0108.050] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.050] GetCurrentThreadId () returned 0xf28 [0108.050] GetCurrentThreadId () returned 0xf28 [0108.050] GetDC (hWnd=0x0) returned 0x4010b22 [0108.050] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.051] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.051] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.051] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.051] GetSystemMetrics (nIndex=5) returned 1 [0108.051] GetSystemMetrics (nIndex=6) returned 1 [0108.051] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.051] GetSystemMetrics (nIndex=5) returned 1 [0108.051] GetSystemMetrics (nIndex=6) returned 1 [0108.051] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.051] GetCurrentThreadId () returned 0xf28 [0108.051] GetCurrentThreadId () returned 0xf28 [0108.051] GetDC (hWnd=0x0) returned 0x4010b22 [0108.051] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.051] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.051] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.051] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.051] GetSystemMetrics (nIndex=5) returned 1 [0108.051] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.051] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.051] GetCurrentThreadId () returned 0xf28 [0108.051] GetCurrentThreadId () returned 0xf28 [0108.052] GetDC (hWnd=0x0) returned 0x4010b22 [0108.052] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.052] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.052] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.052] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.052] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.052] GetCurrentThreadId () returned 0xf28 [0108.052] GetCurrentThreadId () returned 0xf28 [0108.053] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.053] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.053] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.053] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.053] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.053] GetCurrentThreadId () returned 0xf28 [0108.053] GetCurrentThreadId () returned 0xf28 [0108.053] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.053] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.053] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.053] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.053] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.053] GetCurrentThreadId () returned 0xf28 [0108.053] GetCurrentThreadId () returned 0xf28 [0108.054] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.054] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.054] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.054] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.054] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.054] GetCurrentThreadId () returned 0xf28 [0108.054] GetCurrentThreadId () returned 0xf28 [0108.054] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.054] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.054] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.054] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.054] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.054] GetCurrentThreadId () returned 0xf28 [0108.054] GetCurrentThreadId () returned 0xf28 [0108.054] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.054] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.054] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.054] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.054] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.055] GetCurrentThreadId () returned 0xf28 [0108.055] GetCurrentThreadId () returned 0xf28 [0108.055] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.055] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.055] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.055] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.055] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.055] GetCurrentThreadId () returned 0xf28 [0108.055] GetCurrentThreadId () returned 0xf28 [0108.055] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.055] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.055] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.055] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.055] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.056] GetCurrentThreadId () returned 0xf28 [0108.056] GetCurrentThreadId () returned 0xf28 [0108.056] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.056] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.056] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.056] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.056] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.056] GetCurrentThreadId () returned 0xf28 [0108.056] GetCurrentThreadId () returned 0xf28 [0108.056] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.056] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.056] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.056] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.057] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.057] GetCurrentThreadId () returned 0xf28 [0108.057] GetCurrentThreadId () returned 0xf28 [0108.057] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.057] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.057] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.057] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.057] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.057] GetCurrentThreadId () returned 0xf28 [0108.057] GetCurrentThreadId () returned 0xf28 [0108.057] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.057] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.057] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.057] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.058] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.058] GetCurrentThreadId () returned 0xf28 [0108.058] GetCurrentThreadId () returned 0xf28 [0108.058] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.058] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.058] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.058] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.058] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.058] GetCurrentThreadId () returned 0xf28 [0108.058] GetCurrentThreadId () returned 0xf28 [0108.058] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.058] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.059] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.059] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.059] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.059] GetCurrentThreadId () returned 0xf28 [0108.059] GetCurrentThreadId () returned 0xf28 [0108.059] GetDC (hWnd=0x0) returned 0x4010b22 [0108.059] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.059] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.059] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.059] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.059] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.059] GetCurrentThreadId () returned 0xf28 [0108.059] GetCurrentThreadId () returned 0xf28 [0108.060] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.060] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.060] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.060] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.060] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.060] GetCurrentThreadId () returned 0xf28 [0108.060] GetCurrentThreadId () returned 0xf28 [0108.060] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.060] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.060] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.060] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.060] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.060] GetCurrentThreadId () returned 0xf28 [0108.060] GetCurrentThreadId () returned 0xf28 [0108.060] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.060] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.060] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.060] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.061] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.061] GetCurrentThreadId () returned 0xf28 [0108.061] GetCurrentThreadId () returned 0xf28 [0108.061] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.061] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.061] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.061] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.061] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.061] GetCurrentThreadId () returned 0xf28 [0108.061] GetCurrentThreadId () returned 0xf28 [0108.061] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.061] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.061] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.061] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.061] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.061] GetCurrentThreadId () returned 0xf28 [0108.061] GetCurrentThreadId () returned 0xf28 [0108.061] GetDC (hWnd=0x0) returned 0x4010b22 [0108.061] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.061] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.061] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.062] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.062] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.062] GetCurrentThreadId () returned 0xf28 [0108.062] GetCurrentThreadId () returned 0xf28 [0108.062] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.062] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.062] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.062] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.062] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.062] GetCurrentThreadId () returned 0xf28 [0108.062] GetCurrentThreadId () returned 0xf28 [0108.062] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.062] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.062] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.062] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.062] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.062] GetCurrentThreadId () returned 0xf28 [0108.062] GetCurrentThreadId () returned 0xf28 [0108.062] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.062] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.062] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.063] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.063] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.063] GetCurrentThreadId () returned 0xf28 [0108.063] GetCurrentThreadId () returned 0xf28 [0108.063] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.063] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.063] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.063] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.063] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.063] GetCurrentThreadId () returned 0xf28 [0108.063] GetCurrentThreadId () returned 0xf28 [0108.063] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.063] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.063] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.063] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.063] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.063] GetCurrentThreadId () returned 0xf28 [0108.063] GetCurrentThreadId () returned 0xf28 [0108.063] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.063] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.063] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.064] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.064] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.064] GetCurrentThreadId () returned 0xf28 [0108.064] GetCurrentThreadId () returned 0xf28 [0108.064] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.064] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.064] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.064] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.064] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.064] GetCurrentThreadId () returned 0xf28 [0108.064] GetCurrentThreadId () returned 0xf28 [0108.064] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.064] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.064] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.064] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.064] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.064] GetCurrentThreadId () returned 0xf28 [0108.064] GetCurrentThreadId () returned 0xf28 [0108.064] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.064] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.064] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.065] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.065] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.065] GetCurrentThreadId () returned 0xf28 [0108.065] GetCurrentThreadId () returned 0xf28 [0108.065] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de020) returned 0x0 [0108.065] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de018) returned 0x0 [0108.065] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.065] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de148) returned 1 [0108.065] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2de0ac) returned 1 [0108.065] GetCurrentThreadId () returned 0xf28 [0108.065] GetCurrentThreadId () returned 0xf28 [0108.066] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.067] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.067] GetProcessWindowStation () returned 0x60 [0108.068] GetUserObjectInformationA (in: hObj=0x60, nIndex=1, pvInfo=0x261cb04, nLength=0xc, lpnLengthNeeded=0x2ddf88 | out: pvInfo=0x261cb04, lpnLengthNeeded=0x2ddf88) returned 1 [0108.070] SetConsoleCtrlHandler (HandlerRoutine=0x4ea0836, Add=1) returned 1 [0108.070] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0108.071] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0108.071] GetClassInfoW (in: hInstance=0x10b0000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWndClass=0x261cb68 | out: lpWndClass=0x261cb68) returned 0 [0108.073] CoTaskMemAlloc (cb=0x56) returned 0x58c0230 [0108.073] RegisterClassW (lpWndClass=0x2dded8) returned 0xc1cd [0108.073] CoTaskMemFree (pv=0x58c0230) [0108.074] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.1a0e24.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x10b0000, lpParam=0x0) returned 0x9004e [0108.074] NtdllDefWindowProc_W () returned 0x1 [0108.093] NtdllDefWindowProc_W () returned 0x0 [0108.093] NtdllDefWindowProc_W () returned 0x0 [0108.093] NtdllDefWindowProc_W () returned 0x0 [0108.093] NtdllDefWindowProc_W () returned 0x0 [0108.095] GetSysColor (nIndex=10) returned 0xb4b4b4 [0108.095] GetSysColor (nIndex=2) returned 0xd1b499 [0108.095] GetSysColor (nIndex=9) returned 0x0 [0108.096] GetSysColor (nIndex=12) returned 0xababab [0108.096] GetSysColor (nIndex=15) returned 0xf0f0f0 [0108.096] GetSysColor (nIndex=20) returned 0xffffff [0108.096] GetSysColor (nIndex=16) returned 0xa0a0a0 [0108.096] GetSysColor (nIndex=15) returned 0xf0f0f0 [0108.096] GetSysColor (nIndex=16) returned 0xa0a0a0 [0108.096] GetSysColor (nIndex=21) returned 0x696969 [0108.096] GetSysColor (nIndex=22) returned 0xe3e3e3 [0108.096] GetSysColor (nIndex=20) returned 0xffffff [0108.096] GetSysColor (nIndex=18) returned 0x0 [0108.096] GetSysColor (nIndex=1) returned 0x0 [0108.096] GetSysColor (nIndex=27) returned 0xead1b9 [0108.096] GetSysColor (nIndex=28) returned 0xf2e4d7 [0108.096] GetSysColor (nIndex=17) returned 0x6d6d6d [0108.096] GetSysColor (nIndex=13) returned 0xff9933 [0108.096] GetSysColor (nIndex=14) returned 0xffffff [0108.096] GetSysColor (nIndex=26) returned 0xcc6600 [0108.096] GetSysColor (nIndex=11) returned 0xfcf7f4 [0108.096] GetSysColor (nIndex=3) returned 0xdbcdbf [0108.096] GetSysColor (nIndex=19) returned 0x544e43 [0108.096] GetSysColor (nIndex=24) returned 0xe1ffff [0108.096] GetSysColor (nIndex=23) returned 0x0 [0108.096] GetSysColor (nIndex=4) returned 0xf0f0f0 [0108.096] GetSysColor (nIndex=30) returned 0xf0f0f0 [0108.096] GetSysColor (nIndex=29) returned 0xff9933 [0108.097] GetSysColor (nIndex=7) returned 0x0 [0108.097] GetSysColor (nIndex=0) returned 0xc8c8c8 [0108.097] GetSysColor (nIndex=5) returned 0xffffff [0108.097] GetSysColor (nIndex=6) returned 0x646464 [0108.097] GetSysColor (nIndex=8) returned 0x0 [0108.097] GetCurrentThreadId () returned 0xf28 [0108.097] GetCurrentThreadId () returned 0xf28 [0108.098] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.098] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.098] GetCurrentThreadId () returned 0xf28 [0108.098] GetCurrentThreadId () returned 0xf28 [0108.099] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.099] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.099] GetCurrentThreadId () returned 0xf28 [0108.100] GetCurrentThreadId () returned 0xf28 [0108.100] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.100] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.100] GetCurrentThreadId () returned 0xf28 [0108.100] GetCurrentThreadId () returned 0xf28 [0108.101] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.101] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.101] GetCurrentThreadId () returned 0xf28 [0108.101] GetCurrentThreadId () returned 0xf28 [0108.101] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.102] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.102] GetCurrentThreadId () returned 0xf28 [0108.102] GetCurrentThreadId () returned 0xf28 [0108.102] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.102] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.102] GetCurrentThreadId () returned 0xf28 [0108.102] GetCurrentThreadId () returned 0xf28 [0108.103] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.103] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.103] GetCurrentThreadId () returned 0xf28 [0108.103] GetCurrentThreadId () returned 0xf28 [0108.103] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.103] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.103] GetCurrentThreadId () returned 0xf28 [0108.103] GetCurrentThreadId () returned 0xf28 [0108.104] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.104] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.104] GetCurrentThreadId () returned 0xf28 [0108.104] GetCurrentThreadId () returned 0xf28 [0108.105] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.105] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.105] GetCurrentThreadId () returned 0xf28 [0108.105] GetCurrentThreadId () returned 0xf28 [0108.105] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.105] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.105] GetCurrentThreadId () returned 0xf28 [0108.105] GetCurrentThreadId () returned 0xf28 [0108.106] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.106] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.106] GetCurrentThreadId () returned 0xf28 [0108.106] GetCurrentThreadId () returned 0xf28 [0108.107] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.107] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.107] GetCurrentThreadId () returned 0xf28 [0108.107] GetCurrentThreadId () returned 0xf28 [0108.107] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.107] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.107] GetCurrentThreadId () returned 0xf28 [0108.107] GetCurrentThreadId () returned 0xf28 [0108.108] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.108] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.108] GetCurrentThreadId () returned 0xf28 [0108.108] GetCurrentThreadId () returned 0xf28 [0108.109] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.109] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.109] GetCurrentThreadId () returned 0xf28 [0108.109] GetCurrentThreadId () returned 0xf28 [0108.109] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.109] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.109] GetCurrentThreadId () returned 0xf28 [0108.109] GetCurrentThreadId () returned 0xf28 [0108.110] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.110] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.110] GetCurrentThreadId () returned 0xf28 [0108.110] GetCurrentThreadId () returned 0xf28 [0108.111] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.111] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.111] GetCurrentThreadId () returned 0xf28 [0108.111] GetCurrentThreadId () returned 0xf28 [0108.111] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.111] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.111] GetCurrentThreadId () returned 0xf28 [0108.111] GetCurrentThreadId () returned 0xf28 [0108.112] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.112] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.112] GetCurrentThreadId () returned 0xf28 [0108.112] GetCurrentThreadId () returned 0xf28 [0108.112] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.112] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.112] GetCurrentThreadId () returned 0xf28 [0108.113] GetCurrentThreadId () returned 0xf28 [0108.113] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.113] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.113] GetCurrentThreadId () returned 0xf28 [0108.113] GetCurrentThreadId () returned 0xf28 [0108.114] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.114] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.114] GetCurrentThreadId () returned 0xf28 [0108.114] GetCurrentThreadId () returned 0xf28 [0108.114] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.114] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.114] GetCurrentThreadId () returned 0xf28 [0108.114] GetCurrentThreadId () returned 0xf28 [0108.115] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.115] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.115] GetCurrentThreadId () returned 0xf28 [0108.115] GetCurrentThreadId () returned 0xf28 [0108.115] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.116] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.116] GetCurrentThreadId () returned 0xf28 [0108.116] GetCurrentThreadId () returned 0xf28 [0108.116] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.116] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.116] GetCurrentThreadId () returned 0xf28 [0108.116] GetCurrentThreadId () returned 0xf28 [0108.117] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.117] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.117] GetCurrentThreadId () returned 0xf28 [0108.117] GetCurrentThreadId () returned 0xf28 [0108.117] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.117] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.117] GetCurrentThreadId () returned 0xf28 [0108.117] GetCurrentThreadId () returned 0xf28 [0108.118] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.118] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.118] GetCurrentThreadId () returned 0xf28 [0108.118] GetCurrentThreadId () returned 0xf28 [0108.119] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.119] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.119] GetCurrentThreadId () returned 0xf28 [0108.119] GetCurrentThreadId () returned 0xf28 [0108.119] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.119] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.119] GetCurrentThreadId () returned 0xf28 [0108.119] GetCurrentThreadId () returned 0xf28 [0108.120] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.120] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.120] GetCurrentThreadId () returned 0xf28 [0108.120] GetCurrentThreadId () returned 0xf28 [0108.121] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.121] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.121] GetCurrentThreadId () returned 0xf28 [0108.121] GetCurrentThreadId () returned 0xf28 [0108.121] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.121] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.121] GetCurrentThreadId () returned 0xf28 [0108.121] GetCurrentThreadId () returned 0xf28 [0108.122] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.122] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.122] GetCurrentThreadId () returned 0xf28 [0108.122] GetCurrentThreadId () returned 0xf28 [0108.123] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.123] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.123] GetCurrentThreadId () returned 0xf28 [0108.123] GetCurrentThreadId () returned 0xf28 [0108.123] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.123] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.123] GetCurrentThreadId () returned 0xf28 [0108.123] GetCurrentThreadId () returned 0xf28 [0108.124] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.124] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.124] GetCurrentThreadId () returned 0xf28 [0108.124] GetCurrentThreadId () returned 0xf28 [0108.125] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.125] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.125] GetCurrentThreadId () returned 0xf28 [0108.125] GetCurrentThreadId () returned 0xf28 [0108.125] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.125] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.125] GetCurrentThreadId () returned 0xf28 [0108.125] GetCurrentThreadId () returned 0xf28 [0108.126] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.126] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.126] GetCurrentThreadId () returned 0xf28 [0108.126] GetCurrentThreadId () returned 0xf28 [0108.127] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.127] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.127] GetCurrentThreadId () returned 0xf28 [0108.127] GetCurrentThreadId () returned 0xf28 [0108.127] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.127] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.127] GetCurrentThreadId () returned 0xf28 [0108.127] GetCurrentThreadId () returned 0xf28 [0108.128] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.128] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.128] GetCurrentThreadId () returned 0xf28 [0108.128] GetCurrentThreadId () returned 0xf28 [0108.128] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.128] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.129] GetCurrentThreadId () returned 0xf28 [0108.129] GetCurrentThreadId () returned 0xf28 [0108.129] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.129] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.129] GetCurrentThreadId () returned 0xf28 [0108.129] GetCurrentThreadId () returned 0xf28 [0108.130] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.130] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.130] GetCurrentThreadId () returned 0xf28 [0108.130] GetCurrentThreadId () returned 0xf28 [0108.130] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.131] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.131] GetCurrentThreadId () returned 0xf28 [0108.131] GetCurrentThreadId () returned 0xf28 [0108.131] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.131] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.131] GetCurrentThreadId () returned 0xf28 [0108.131] GetCurrentThreadId () returned 0xf28 [0108.132] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.132] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.132] GetCurrentThreadId () returned 0xf28 [0108.132] GetCurrentThreadId () returned 0xf28 [0108.132] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.132] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.132] GetCurrentThreadId () returned 0xf28 [0108.132] GetCurrentThreadId () returned 0xf28 [0108.133] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.133] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.133] GetCurrentThreadId () returned 0xf28 [0108.133] GetCurrentThreadId () returned 0xf28 [0108.134] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.134] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.134] GetCurrentThreadId () returned 0xf28 [0108.134] GetCurrentThreadId () returned 0xf28 [0108.134] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.134] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.134] GetCurrentThreadId () returned 0xf28 [0108.134] GetCurrentThreadId () returned 0xf28 [0108.135] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.135] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.135] GetCurrentThreadId () returned 0xf28 [0108.135] GetCurrentThreadId () returned 0xf28 [0108.136] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.136] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.136] GetCurrentThreadId () returned 0xf28 [0108.136] GetCurrentThreadId () returned 0xf28 [0108.136] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.136] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.136] GetCurrentThreadId () returned 0xf28 [0108.136] GetCurrentThreadId () returned 0xf28 [0108.137] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.137] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.137] GetCurrentThreadId () returned 0xf28 [0108.137] GetCurrentThreadId () returned 0xf28 [0108.139] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.139] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.139] GetCurrentThreadId () returned 0xf28 [0108.139] GetCurrentThreadId () returned 0xf28 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] GetCurrentThreadId () returned 0xf28 [0108.140] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.141] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.141] GetCurrentThreadId () returned 0xf28 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.142] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.142] GetCurrentThreadId () returned 0xf28 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] GetCurrentThreadId () returned 0xf28 [0108.143] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] GetCurrentThreadId () returned 0xf28 [0108.144] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.145] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.145] GetCurrentThreadId () returned 0xf28 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.146] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.146] GetCurrentThreadId () returned 0xf28 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] GetCurrentThreadId () returned 0xf28 [0108.147] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.148] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.148] GetCurrentThreadId () returned 0xf28 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.149] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.149] GetCurrentThreadId () returned 0xf28 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.150] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.150] GetCurrentThreadId () returned 0xf28 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de0d8, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0d8) returned 1 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] GetCurrentThreadId () returned 0xf28 [0108.151] AdjustWindowRectEx (in: lpRect=0x2de14c, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de14c) returned 1 [0108.152] AdjustWindowRectEx (in: lpRect=0x2de0ac, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0ac) returned 1 [0108.152] GetCurrentThreadId () returned 0xf28 [0108.152] AdjustWindowRectEx (in: lpRect=0x2de148, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de148) returned 1 [0108.161] GdipCreateSolidFill (color=0xffababab, brush=0x2de074) returned 0x0 [0108.163] GetSystemMetrics (nIndex=3) returned 17 [0108.164] AdjustWindowRectEx (in: lpRect=0x2de0a0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0a0) returned 1 [0108.164] GetSystemMetrics (nIndex=2) returned 17 [0108.164] AdjustWindowRectEx (in: lpRect=0x2de0a0, dwStyle=0x56010001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0a0) returned 1 [0108.165] AdjustWindowRectEx (in: lpRect=0x2de0b0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0b0) returned 1 [0108.166] GdipCreatePen1 (color=0xffa0a0a0, width=0x3f800000, unit=0x0, pen=0x2de0a0) returned 0x0 [0108.167] GetSystemMetrics (nIndex=68) returned 4 [0108.167] GetSystemMetrics (nIndex=69) returned 4 [0108.178] AdjustWindowRectEx (in: lpRect=0x2de02c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de02c) returned 1 [0108.179] GetCurrentThreadId () returned 0xf28 [0108.179] GetCurrentThreadId () returned 0xf28 [0108.180] AdjustWindowRectEx (in: lpRect=0x2de030, dwStyle=0x56000001, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de030) returned 1 [0108.180] GetCurrentThreadId () returned 0xf28 [0108.180] GetCurrentThreadId () returned 0xf28 [0108.181] AdjustWindowRectEx (in: lpRect=0x2de0a0, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2de0a0) returned 1 [0108.194] GetDC (hWnd=0x0) returned 0x4010b22 [0108.194] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de078) returned 0x0 [0108.195] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de070) returned 0x0 [0108.195] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.195] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.196] GetDC (hWnd=0x0) returned 0x4010b22 [0108.196] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de064) returned 0x0 [0108.196] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de05c) returned 0x0 [0108.196] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.196] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.204] GetCurrentThreadId () returned 0xf28 [0108.204] GetCurrentThreadId () returned 0xf28 [0108.204] GetDC (hWnd=0x0) returned 0x4010b22 [0108.204] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.205] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.205] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.205] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.206] GetDC (hWnd=0x0) returned 0x4010b22 [0108.206] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.206] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.206] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.206] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.206] GetDC (hWnd=0x0) returned 0x4010b22 [0108.206] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.207] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.207] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.207] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.207] GetDC (hWnd=0x0) returned 0x4010b22 [0108.207] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.207] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.207] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.207] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.208] GetDC (hWnd=0x0) returned 0x4010b22 [0108.208] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.208] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.208] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.208] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.208] GetDC (hWnd=0x0) returned 0x4010b22 [0108.208] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.209] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.209] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.209] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.209] GetDC (hWnd=0x0) returned 0x4010b22 [0108.209] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.220] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.220] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.220] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.220] GetDC (hWnd=0x0) returned 0x4010b22 [0108.220] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.220] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.220] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.220] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.221] GetDC (hWnd=0x0) returned 0x4010b22 [0108.221] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.221] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.221] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.221] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.222] GetDC (hWnd=0x0) returned 0x4010b22 [0108.222] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.222] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.222] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.222] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.222] GetDC (hWnd=0x0) returned 0x4010b22 [0108.222] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.223] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.223] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.223] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.223] GetDC (hWnd=0x0) returned 0x4010b22 [0108.223] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.223] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.223] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.223] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.224] GetDC (hWnd=0x0) returned 0x4010b22 [0108.224] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.224] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.224] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.224] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.224] GetDC (hWnd=0x0) returned 0x4010b22 [0108.225] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.225] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.225] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.225] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.225] GetDC (hWnd=0x0) returned 0x4010b22 [0108.225] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.225] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.225] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.226] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.226] GetDC (hWnd=0x0) returned 0x4010b22 [0108.226] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.226] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.226] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.226] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.227] GetDC (hWnd=0x0) returned 0x4010b22 [0108.227] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.227] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.227] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.227] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.227] GetDC (hWnd=0x0) returned 0x4010b22 [0108.227] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.227] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.227] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.228] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.228] GetDC (hWnd=0x0) returned 0x4010b22 [0108.228] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.228] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.228] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.228] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.228] GetDC (hWnd=0x0) returned 0x4010b22 [0108.229] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.229] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.229] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.229] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.229] GetDC (hWnd=0x0) returned 0x4010b22 [0108.229] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.229] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.229] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.230] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.230] GetDC (hWnd=0x0) returned 0x4010b22 [0108.230] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.230] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.230] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.230] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.231] GetDC (hWnd=0x0) returned 0x4010b22 [0108.231] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.231] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.231] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.231] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.232] GetDC (hWnd=0x0) returned 0x4010b22 [0108.232] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.232] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.232] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.232] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.232] GetDC (hWnd=0x0) returned 0x4010b22 [0108.232] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.233] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.233] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.233] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.233] GetDC (hWnd=0x0) returned 0x4010b22 [0108.233] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.233] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.233] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.233] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.234] GetDC (hWnd=0x0) returned 0x4010b22 [0108.234] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.234] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.234] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.234] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.234] GetDC (hWnd=0x0) returned 0x4010b22 [0108.234] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.235] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.235] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.235] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.235] GetDC (hWnd=0x0) returned 0x4010b22 [0108.235] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.235] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.235] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.235] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.236] GetDC (hWnd=0x0) returned 0x4010b22 [0108.236] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2de0b8) returned 0x0 [0108.236] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2de0b0) returned 0x0 [0108.236] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.236] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.267] GetDC (hWnd=0x0) returned 0x4010b22 [0108.267] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.267] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.267] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.267] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.291] GetDC (hWnd=0x0) returned 0x4010b22 [0108.291] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.291] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.291] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.291] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.305] GetDC (hWnd=0x0) returned 0x4010b22 [0108.305] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.305] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.305] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.305] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.306] GetDC (hWnd=0x0) returned 0x4010b22 [0108.306] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.306] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.306] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.306] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.306] GetDC (hWnd=0x0) returned 0x4010b22 [0108.306] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.306] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.306] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.307] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.307] GetDC (hWnd=0x0) returned 0x4010b22 [0108.307] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.307] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.307] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.307] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.308] GetDC (hWnd=0x0) returned 0x4010b22 [0108.308] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.308] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.308] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.308] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.308] GetDC (hWnd=0x0) returned 0x4010b22 [0108.308] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.308] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.308] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.309] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.309] GetDC (hWnd=0x0) returned 0x4010b22 [0108.309] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.309] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.309] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.309] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.310] GetDC (hWnd=0x0) returned 0x4010b22 [0108.310] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.310] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.310] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.310] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.310] GetDC (hWnd=0x0) returned 0x4010b22 [0108.310] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.311] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.311] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.311] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.311] GetDC (hWnd=0x0) returned 0x4010b22 [0108.311] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.311] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.311] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.311] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.312] GetDC (hWnd=0x0) returned 0x4010b22 [0108.312] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.312] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.312] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.312] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.312] GetDC (hWnd=0x0) returned 0x4010b22 [0108.312] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.313] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.313] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.313] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.313] GetDC (hWnd=0x0) returned 0x4010b22 [0108.313] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.313] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.313] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.313] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.314] GetDC (hWnd=0x0) returned 0x4010b22 [0108.314] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.314] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.314] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.314] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.314] GetDC (hWnd=0x0) returned 0x4010b22 [0108.314] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.315] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.315] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.315] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.315] GetDC (hWnd=0x0) returned 0x4010b22 [0108.315] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.315] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.316] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.316] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.316] GetDC (hWnd=0x0) returned 0x4010b22 [0108.316] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.316] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.316] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.316] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.317] GetDC (hWnd=0x0) returned 0x4010b22 [0108.317] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.317] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.317] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.317] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.317] GetDC (hWnd=0x0) returned 0x4010b22 [0108.317] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.318] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.318] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.318] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.318] GetDC (hWnd=0x0) returned 0x4010b22 [0108.318] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.318] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.318] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.318] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.319] GetDC (hWnd=0x0) returned 0x4010b22 [0108.319] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.319] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.319] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.319] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.319] GetDC (hWnd=0x0) returned 0x4010b22 [0108.319] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.320] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.320] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.320] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.320] GetDC (hWnd=0x0) returned 0x4010b22 [0108.320] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.320] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.320] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.320] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.321] GetDC (hWnd=0x0) returned 0x4010b22 [0108.321] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.321] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.321] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.321] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.321] GetDC (hWnd=0x0) returned 0x4010b22 [0108.321] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.322] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.322] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.322] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.322] GetDC (hWnd=0x0) returned 0x4010b22 [0108.322] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.322] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.322] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.322] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.323] GetDC (hWnd=0x0) returned 0x4010b22 [0108.323] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.323] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.323] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.323] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.323] GetDC (hWnd=0x0) returned 0x4010b22 [0108.323] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.324] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.324] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.324] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.324] GetDC (hWnd=0x0) returned 0x4010b22 [0108.324] GdipCreateFromHDC (hdc=0x4010b22, graphics=0x2dde54) returned 0x0 [0108.324] GdipGetFontHeight (font=0x5d40960, graphics=0x5dc9170, height=0x2dde4c) returned 0x0 [0108.324] GdipDeleteGraphics (graphics=0x5dc9170) returned 0x0 [0108.324] ReleaseDC (hWnd=0x0, hDC=0x4010b22) returned 1 [0108.334] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0108.358] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe\\:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe\\:zone.identifier")) returned 0 [0108.394] GetCurrentProcessId () returned 0xf24 [0108.394] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x5b4 [0108.394] EnumProcessModules (in: hProcess=0x5b4, lphModule=0x2643da8, cb=0x100, lpcbNeeded=0x2ddcd8 | out: lphModule=0x2643da8, lpcbNeeded=0x2ddcd8) returned 1 [0108.395] EnumProcessModules (in: hProcess=0x5b4, lphModule=0x2643eb4, cb=0x200, lpcbNeeded=0x2ddcd8 | out: lphModule=0x2643eb4, lpcbNeeded=0x2ddcd8) returned 1 [0108.397] GetModuleInformation (in: hProcess=0x5b4, hModule=0x10b0000, lpmodinfo=0x26440f4, cb=0xc | out: lpmodinfo=0x26440f4*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0108.397] CoTaskMemAlloc (cb=0x804) returned 0x595ae78 [0108.397] GetModuleBaseNameW (in: hProcess=0x5b4, hModule=0x10b0000, lpBaseName=0x595ae78, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0108.397] CoTaskMemFree (pv=0x595ae78) [0108.397] CoTaskMemAlloc (cb=0x804) returned 0x595ae78 [0108.397] GetModuleFileNameExW (in: hProcess=0x5b4, hModule=0x10b0000, lpFilename=0x595ae78, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0108.397] CoTaskMemFree (pv=0x595ae78) [0108.398] CloseHandle (hObject=0x5b4) returned 1 [0108.456] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config", nBufferLength=0x105, lpBuffer=0x2dd5e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config", lpFilePart=0x0) returned 0x36 [0108.456] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd830) returned 1 [0108.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x2ddaf4 | out: lpFileInformation=0x2ddaf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0108.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd82c) returned 1 [0108.702] GdipLoadImageFromStream (stream=0x4b0030, image=0x2dd780) returned 0x0 [0108.735] GdipImageForceValidation (image=0x5dc9170) returned 0x0 [0108.746] GdipGetImageType (image=0x5dc9170, type=0x2dd77c) returned 0x0 [0108.747] GdipGetImageRawFormat (image=0x5dc9170, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.757] GdipLoadImageFromStream (stream=0x4b0010, image=0x2dd780) returned 0x0 [0108.758] GdipImageForceValidation (image=0x5ddfab0) returned 0x0 [0108.769] GdipGetImageType (image=0x5ddfab0, type=0x2dd77c) returned 0x0 [0108.769] GdipGetImageRawFormat (image=0x5ddfab0, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.786] GdipLoadImageFromStream (stream=0x4bfff0, image=0x2dd780) returned 0x0 [0108.787] GdipImageForceValidation (image=0x5faf278) returned 0x0 [0108.798] GdipGetImageType (image=0x5faf278, type=0x2dd77c) returned 0x0 [0108.798] GdipGetImageRawFormat (image=0x5faf278, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.812] GdipLoadImageFromStream (stream=0x4bffd0, image=0x2dd780) returned 0x0 [0108.813] GdipImageForceValidation (image=0x5fb5300) returned 0x0 [0108.824] GdipGetImageType (image=0x5fb5300, type=0x2dd77c) returned 0x0 [0108.824] GdipGetImageRawFormat (image=0x5fb5300, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.855] GdipLoadImageFromStream (stream=0x4bffb0, image=0x2dd780) returned 0x0 [0108.857] GdipImageForceValidation (image=0x5fbb3c0) returned 0x0 [0108.868] GdipGetImageType (image=0x5fbb3c0, type=0x2dd77c) returned 0x0 [0108.868] GdipGetImageRawFormat (image=0x5fbb3c0, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.883] GdipLoadImageFromStream (stream=0x4bff90, image=0x2dd780) returned 0x0 [0108.884] GdipImageForceValidation (image=0x5fc1480) returned 0x0 [0108.895] GdipGetImageType (image=0x5fc1480, type=0x2dd77c) returned 0x0 [0108.895] GdipGetImageRawFormat (image=0x5fc1480, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.908] GdipLoadImageFromStream (stream=0x4bff70, image=0x2dd780) returned 0x0 [0108.909] GdipImageForceValidation (image=0x5fc7540) returned 0x0 [0108.917] GdipGetImageType (image=0x5fc7540, type=0x2dd77c) returned 0x0 [0108.917] GdipGetImageRawFormat (image=0x5fc7540, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.930] GdipLoadImageFromStream (stream=0x4bff50, image=0x2dd780) returned 0x0 [0108.931] GdipImageForceValidation (image=0x5fcd600) returned 0x0 [0108.939] GdipGetImageType (image=0x5fcd600, type=0x2dd77c) returned 0x0 [0108.939] GdipGetImageRawFormat (image=0x5fcd600, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.950] GdipLoadImageFromStream (stream=0x4bff30, image=0x2dd780) returned 0x0 [0108.951] GdipImageForceValidation (image=0x5fd36c0) returned 0x0 [0108.959] GdipGetImageType (image=0x5fd36c0, type=0x2dd77c) returned 0x0 [0108.959] GdipGetImageRawFormat (image=0x5fd36c0, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.970] GdipLoadImageFromStream (stream=0x4bff10, image=0x2dd780) returned 0x0 [0108.971] GdipImageForceValidation (image=0x5fd9780) returned 0x0 [0108.980] GdipGetImageType (image=0x5fd9780, type=0x2dd77c) returned 0x0 [0108.980] GdipGetImageRawFormat (image=0x5fd9780, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0108.992] GdipLoadImageFromStream (stream=0x4bfef0, image=0x2dd780) returned 0x0 [0108.993] GdipImageForceValidation (image=0x5fdf808) returned 0x0 [0109.002] GdipGetImageType (image=0x5fdf808, type=0x2dd77c) returned 0x0 [0109.002] GdipGetImageRawFormat (image=0x5fdf808, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.014] GdipLoadImageFromStream (stream=0x4bfed0, image=0x2dd780) returned 0x0 [0109.015] GdipImageForceValidation (image=0x5fe5890) returned 0x0 [0109.023] GdipGetImageType (image=0x5fe5890, type=0x2dd77c) returned 0x0 [0109.023] GdipGetImageRawFormat (image=0x5fe5890, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.034] GdipLoadImageFromStream (stream=0x4bfeb0, image=0x2dd780) returned 0x0 [0109.035] GdipImageForceValidation (image=0x5feb918) returned 0x0 [0109.045] GdipGetImageType (image=0x5feb918, type=0x2dd77c) returned 0x0 [0109.045] GdipGetImageRawFormat (image=0x5feb918, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.056] GdipLoadImageFromStream (stream=0x4bfe90, image=0x2dd780) returned 0x0 [0109.057] GdipImageForceValidation (image=0x5ff19a0) returned 0x0 [0109.067] GdipGetImageType (image=0x5ff19a0, type=0x2dd77c) returned 0x0 [0109.068] GdipGetImageRawFormat (image=0x5ff19a0, format=0x2dd6f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.090] GdipGetImageWidth (image=0x5dc9170, width=0x2ddcb8) returned 0x0 [0109.090] GdipGetImageHeight (image=0x5dc9170, height=0x2ddcb8) returned 0x0 [0109.091] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.092] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5967c70 [0109.092] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5967c70 | out: encoders=0x5967c70) returned 0x0 [0109.096] LocalFree (hMem=0x5967c70) returned 0x0 [0109.103] GdipSaveImageToStream (image=0x5dc9170, stream=0x4bfe70, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.131] GdipCreateBitmapFromStream (stream=0x4bfe50, bitmap=0x2ddcc0) returned 0x0 [0109.133] GdipImageForceValidation (image=0x5ff7a28) returned 0x0 [0109.136] GdipGetImageRawFormat (image=0x5ff7a28, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.140] GdipBitmapLockBits (bitmap=0x5ff7a28, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x2720a58) returned 0x0 [0109.149] GdipBitmapUnlockBits (bitmap=0x5ff7a28, lockedBitmapData=0x2720a58) returned 0x0 [0109.149] GdipGetImageWidth (image=0x5ddfab0, width=0x2ddcb8) returned 0x0 [0109.149] GdipGetImageHeight (image=0x5ddfab0, height=0x2ddcb8) returned 0x0 [0109.149] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.149] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x597b118 [0109.150] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x597b118 | out: encoders=0x597b118) returned 0x0 [0109.150] LocalFree (hMem=0x597b118) returned 0x0 [0109.150] GdipSaveImageToStream (image=0x5ddfab0, stream=0x4bfe30, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.170] GdipCreateBitmapFromStream (stream=0x4bfe10, bitmap=0x2ddcc0) returned 0x0 [0109.172] GdipImageForceValidation (image=0x5fff980) returned 0x0 [0109.173] GdipGetImageRawFormat (image=0x5fff980, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.174] GdipBitmapLockBits (bitmap=0x5fff980, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x273a560) returned 0x0 [0109.182] GdipBitmapUnlockBits (bitmap=0x5fff980, lockedBitmapData=0x273a560) returned 0x0 [0109.182] GdipGetImageWidth (image=0x5faf278, width=0x2ddcb8) returned 0x0 [0109.182] GdipGetImageHeight (image=0x5faf278, height=0x2ddcb8) returned 0x0 [0109.182] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.182] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59910f0 [0109.182] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59910f0 | out: encoders=0x59910f0) returned 0x0 [0109.183] LocalFree (hMem=0x59910f0) returned 0x0 [0109.184] GdipSaveImageToStream (image=0x5faf278, stream=0x4bfdf0, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.203] GdipCreateBitmapFromStream (stream=0x4bfdd0, bitmap=0x2ddcc0) returned 0x0 [0109.205] GdipImageForceValidation (image=0x60058d8) returned 0x0 [0109.206] GdipGetImageRawFormat (image=0x60058d8, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.206] GdipBitmapLockBits (bitmap=0x60058d8, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x2757cc0) returned 0x0 [0109.217] GdipBitmapUnlockBits (bitmap=0x60058d8, lockedBitmapData=0x2757cc0) returned 0x0 [0109.217] GdipGetImageWidth (image=0x5fb5300, width=0x2ddcb8) returned 0x0 [0109.217] GdipGetImageHeight (image=0x5fb5300, height=0x2ddcb8) returned 0x0 [0109.217] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.217] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59a11c0 [0109.218] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59a11c0 | out: encoders=0x59a11c0) returned 0x0 [0109.218] LocalFree (hMem=0x59a11c0) returned 0x0 [0109.219] GdipSaveImageToStream (image=0x5fb5300, stream=0x4bfdb0, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.245] GdipCreateBitmapFromStream (stream=0x4bfd90, bitmap=0x2ddcc0) returned 0x0 [0109.247] GdipImageForceValidation (image=0x600f6e8) returned 0x0 [0109.249] GdipGetImageRawFormat (image=0x600f6e8, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.249] GdipBitmapLockBits (bitmap=0x600f6e8, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x277cb5c) returned 0x0 [0109.257] GdipBitmapUnlockBits (bitmap=0x600f6e8, lockedBitmapData=0x277cb5c) returned 0x0 [0109.257] GdipGetImageWidth (image=0x5fbb3c0, width=0x2ddcb8) returned 0x0 [0109.257] GdipGetImageHeight (image=0x5fbb3c0, height=0x2ddcb8) returned 0x0 [0109.258] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.258] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59b14a0 [0109.258] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59b14a0 | out: encoders=0x59b14a0) returned 0x0 [0109.258] LocalFree (hMem=0x59b14a0) returned 0x0 [0109.259] GdipSaveImageToStream (image=0x5fbb3c0, stream=0x4bfd70, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.286] GdipCreateBitmapFromStream (stream=0x4bfd50, bitmap=0x2ddcc0) returned 0x0 [0109.287] GdipImageForceValidation (image=0x600fa30) returned 0x0 [0109.288] GdipGetImageRawFormat (image=0x600fa30, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.288] GdipBitmapLockBits (bitmap=0x600fa30, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x2792634) returned 0x0 [0109.297] GdipBitmapUnlockBits (bitmap=0x600fa30, lockedBitmapData=0x2792634) returned 0x0 [0109.298] GdipGetImageWidth (image=0x5fc1480, width=0x2ddcb8) returned 0x0 [0109.298] GdipGetImageHeight (image=0x5fc1480, height=0x2ddcb8) returned 0x0 [0109.298] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.298] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59c16f0 [0109.298] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59c16f0 | out: encoders=0x59c16f0) returned 0x0 [0109.299] LocalFree (hMem=0x59c16f0) returned 0x0 [0109.300] GdipSaveImageToStream (image=0x5fc1480, stream=0x4bfd30, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.319] GdipCreateBitmapFromStream (stream=0x4bfd10, bitmap=0x2ddcc0) returned 0x0 [0109.320] GdipImageForceValidation (image=0x600fd78) returned 0x0 [0109.322] GdipGetImageRawFormat (image=0x600fd78, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.322] GdipBitmapLockBits (bitmap=0x600fd78, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x27a8514) returned 0x0 [0109.334] GdipBitmapUnlockBits (bitmap=0x600fd78, lockedBitmapData=0x27a8514) returned 0x0 [0109.334] GdipGetImageWidth (image=0x5fc7540, width=0x2ddcb8) returned 0x0 [0109.334] GdipGetImageHeight (image=0x5fc7540, height=0x2ddcb8) returned 0x0 [0109.334] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.334] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59d1a90 [0109.334] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59d1a90 | out: encoders=0x59d1a90) returned 0x0 [0109.335] LocalFree (hMem=0x59d1a90) returned 0x0 [0109.336] GdipSaveImageToStream (image=0x5fc7540, stream=0x4bfcf0, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.354] GdipCreateBitmapFromStream (stream=0x4bfcd0, bitmap=0x2ddcc0) returned 0x0 [0109.356] GdipImageForceValidation (image=0x60100c0) returned 0x0 [0109.357] GdipGetImageRawFormat (image=0x60100c0, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.357] GdipBitmapLockBits (bitmap=0x60100c0, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x27be2a4) returned 0x0 [0109.366] GdipBitmapUnlockBits (bitmap=0x60100c0, lockedBitmapData=0x27be2a4) returned 0x0 [0109.366] GdipGetImageWidth (image=0x5fcd600, width=0x2ddcb8) returned 0x0 [0109.366] GdipGetImageHeight (image=0x5fcd600, height=0x2ddcb8) returned 0x0 [0109.366] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.366] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59e1dc8 [0109.366] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59e1dc8 | out: encoders=0x59e1dc8) returned 0x0 [0109.368] LocalFree (hMem=0x59e1dc8) returned 0x0 [0109.368] GdipSaveImageToStream (image=0x5fcd600, stream=0x4bfcb0, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.391] GdipCreateBitmapFromStream (stream=0x4bfc90, bitmap=0x2ddcc0) returned 0x0 [0109.392] GdipImageForceValidation (image=0x6010408) returned 0x0 [0109.394] GdipGetImageRawFormat (image=0x6010408, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.394] GdipBitmapLockBits (bitmap=0x6010408, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x27d4040) returned 0x0 [0109.403] GdipBitmapUnlockBits (bitmap=0x6010408, lockedBitmapData=0x27d4040) returned 0x0 [0109.403] GdipGetImageWidth (image=0x5fd36c0, width=0x2ddcb8) returned 0x0 [0109.403] GdipGetImageHeight (image=0x5fd36c0, height=0x2ddcb8) returned 0x0 [0109.403] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.403] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x59f1ed8 [0109.404] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x59f1ed8 | out: encoders=0x59f1ed8) returned 0x0 [0109.404] LocalFree (hMem=0x59f1ed8) returned 0x0 [0109.405] GdipSaveImageToStream (image=0x5fd36c0, stream=0x4bfc70, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.425] GdipCreateBitmapFromStream (stream=0x4bfc50, bitmap=0x2ddcc0) returned 0x0 [0109.426] GdipImageForceValidation (image=0x6010750) returned 0x0 [0109.427] GdipGetImageRawFormat (image=0x6010750, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.427] GdipBitmapLockBits (bitmap=0x6010750, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x27e9ec0) returned 0x0 [0109.438] GdipBitmapUnlockBits (bitmap=0x6010750, lockedBitmapData=0x27e9ec0) returned 0x0 [0109.440] GdipGetImageWidth (image=0x5fd9780, width=0x2ddcb8) returned 0x0 [0109.440] GdipGetImageHeight (image=0x5fd9780, height=0x2ddcb8) returned 0x0 [0109.440] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.440] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5a02038 [0109.441] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5a02038 | out: encoders=0x5a02038) returned 0x0 [0109.472] LocalFree (hMem=0x5a02038) returned 0x0 [0109.473] GdipSaveImageToStream (image=0x5fd9780, stream=0x4bfc30, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.504] GdipCreateBitmapFromStream (stream=0x4bfe70, bitmap=0x2ddcc0) returned 0x0 [0109.505] GdipImageForceValidation (image=0x600f6e8) returned 0x0 [0109.506] GdipGetImageRawFormat (image=0x600f6e8, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.506] GdipBitmapLockBits (bitmap=0x600f6e8, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x26784cc) returned 0x0 [0109.515] GdipBitmapUnlockBits (bitmap=0x600f6e8, lockedBitmapData=0x26784cc) returned 0x0 [0109.515] GdipGetImageWidth (image=0x5fdf808, width=0x2ddcb8) returned 0x0 [0109.515] GdipGetImageHeight (image=0x5fdf808, height=0x2ddcb8) returned 0x0 [0109.515] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.515] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x597b118 [0109.515] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x597b118 | out: encoders=0x597b118) returned 0x0 [0109.516] LocalFree (hMem=0x597b118) returned 0x0 [0109.516] GdipSaveImageToStream (image=0x5fdf808, stream=0x4bfe30, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.546] GdipCreateBitmapFromStream (stream=0x4bfdf0, bitmap=0x2ddcc0) returned 0x0 [0109.547] GdipImageForceValidation (image=0x600fa30) returned 0x0 [0109.548] GdipGetImageRawFormat (image=0x600fa30, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.548] GdipBitmapLockBits (bitmap=0x600fa30, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x268e37c) returned 0x0 [0109.557] GdipBitmapUnlockBits (bitmap=0x600fa30, lockedBitmapData=0x268e37c) returned 0x0 [0109.557] GdipGetImageWidth (image=0x5fe5890, width=0x2ddcb8) returned 0x0 [0109.557] GdipGetImageHeight (image=0x5fe5890, height=0x2ddcb8) returned 0x0 [0109.557] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.557] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x5a11f08 [0109.557] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x5a11f08 | out: encoders=0x5a11f08) returned 0x0 [0109.559] LocalFree (hMem=0x5a11f08) returned 0x0 [0109.559] GdipSaveImageToStream (image=0x5fe5890, stream=0x4bfdb0, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.579] GdipCreateBitmapFromStream (stream=0x4bfd70, bitmap=0x2ddcc0) returned 0x0 [0109.580] GdipImageForceValidation (image=0x600fd78) returned 0x0 [0109.580] GdipGetImageRawFormat (image=0x600fd78, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.580] GdipBitmapLockBits (bitmap=0x600fd78, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x26a4250) returned 0x0 [0109.591] GdipBitmapUnlockBits (bitmap=0x600fd78, lockedBitmapData=0x26a4250) returned 0x0 [0109.591] GdipGetImageWidth (image=0x5feb918, width=0x2ddcb8) returned 0x0 [0109.591] GdipGetImageHeight (image=0x5feb918, height=0x2ddcb8) returned 0x0 [0109.591] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.591] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x597b118 [0109.591] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x597b118 | out: encoders=0x597b118) returned 0x0 [0109.592] LocalFree (hMem=0x597b118) returned 0x0 [0109.593] GdipSaveImageToStream (image=0x5feb918, stream=0x4bfd30, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.610] GdipCreateBitmapFromStream (stream=0x4bfcf0, bitmap=0x2ddcc0) returned 0x0 [0109.611] GdipImageForceValidation (image=0x60100c0) returned 0x0 [0109.612] GdipGetImageRawFormat (image=0x60100c0, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.612] GdipBitmapLockBits (bitmap=0x60100c0, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x26ba124) returned 0x0 [0109.621] GdipBitmapUnlockBits (bitmap=0x60100c0, lockedBitmapData=0x26ba124) returned 0x0 [0109.621] GdipGetImageWidth (image=0x5ff19a0, width=0x2ddcb8) returned 0x0 [0109.621] GdipGetImageHeight (image=0x5ff19a0, height=0x2ddcb8) returned 0x0 [0109.621] GdipGetImageEncodersSize (numEncoders=0x2ddc6c, size=0x2ddc68) returned 0x0 [0109.621] LocalAlloc (uFlags=0x0, uBytes=0x410) returned 0x597b118 [0109.622] GdipGetImageEncoders (in: numEncoders=0x5, size=0x410, encoders=0x597b118 | out: encoders=0x597b118) returned 0x0 [0109.622] LocalFree (hMem=0x597b118) returned 0x0 [0109.623] GdipSaveImageToStream (image=0x5ff19a0, stream=0x4bfcb0, clsidEncoder=0x2ddc7c*(Data1=0x557cf406, Data2=0x1a04, Data3=0x11d3, Data4=([0]=0x9a, [1]=0x73, [2]=0x0, [3]=0x0, [4]=0xf8, [5]=0x1e, [6]=0xf3, [7]=0x2e)), encoderParams=0x0) returned 0x0 [0109.640] GdipCreateBitmapFromStream (stream=0x4bfc70, bitmap=0x2ddcc0) returned 0x0 [0109.641] GdipImageForceValidation (image=0x6010408) returned 0x0 [0109.641] GdipGetImageRawFormat (image=0x6010408, format=0x2ddc34*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0 [0109.641] GdipBitmapLockBits (bitmap=0x6010408, rect=0x2ddc54, flags=0x3, format=0x21808, lockedBitmapData=0x26ce408) returned 0x0 [0109.652] GdipBitmapUnlockBits (bitmap=0x6010408, lockedBitmapData=0x26ce408) returned 0x0 [0109.913] CoTaskMemAlloc (cb=0x20c) returned 0x597b3b8 [0109.913] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x597b3b8 | out: lpBuffer="C:\\Users\\KEECFM~1\\AppData\\Local\\Temp\\") returned 0x25 [0109.914] CoTaskMemFree (pv=0x597b3b8) [0109.914] GetLongPathNameW (in: lpszShortPath="C:\\Users\\KEECFM~1\\", lpszLongPath=0x2dd310, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\kEecfMwgj\\") returned 0x13 [0109.915] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x2dd324, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x26 [0109.964] CoCreateGuid (in: pguid=0x2dd058 | out: pguid=0x2dd058*(Data1=0x5f2e0d57, Data2=0xff6f, Data3=0x48cb, Data4=([0]=0x96, [1]=0x87, [2]=0x5b, [3]=0x3e, [4]=0x77, [5]=0xef, [6]=0xb8, [7]=0xf1))) returned 0x0 [0109.966] CoCreateGuid (in: pguid=0x2dd058 | out: pguid=0x2dd058*(Data1=0xcd2581d5, Data2=0x72c8, Data3=0x4e3e, Data4=([0]=0x87, [1]=0x98, [2]=0xd5, [3]=0x5f, [4]=0x8e, [5]=0xcd, [6]=0x24, [7]=0x3e))) returned 0x0 [0109.967] CoCreateGuid (in: pguid=0x2dd058 | out: pguid=0x2dd058*(Data1=0xf376cd58, Data2=0x5c3f, Data3=0x4acf, Data4=([0]=0xb8, [1]=0x64, [2]=0xe0, [3]=0xf, [4]=0x88, [5]=0x8a, [6]=0xf, [7]=0xe9))) returned 0x0 [0109.969] CoCreateGuid (in: pguid=0x2dd058 | out: pguid=0x2dd058*(Data1=0xafc30c8b, Data2=0xf9e3, Data3=0x4a25, Data4=([0]=0xbf, [1]=0xd5, [2]=0x71, [3]=0xcb, [4]=0x9d, [5]=0x24, [6]=0xd7, [7]=0x24))) returned 0x0 [0110.273] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd27c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.274] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.274] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x2dd234, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0110.274] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd234, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd474) returned 1 [0110.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x2dd738 | out: lpFileInformation=0x2dd738*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00)) returned 1 [0110.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd470) returned 1 [0110.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd710) returned 1 [0110.296] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x2dd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0110.297] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), lpFindFileData=0x2dd4c0 | out: lpFindFileData=0x2dd4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="noise.exe", cAlternateFileName="")) returned 0x5930db0 [0110.299] FindNextFileW (in: hFindFile=0x5930db0, lpFindFileData=0x2dd4c8 | out: lpFindFileData=0x2dd4c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0110.299] FindClose (in: hFindFile=0x5930db0 | out: hFindFile=0x5930db0) returned 1 [0110.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd480) returned 1 [0110.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd6e0) returned 1 [0110.300] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd27c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.300] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd240, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.300] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x2dd234, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0110.300] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd234, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd474) returned 1 [0110.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x2dd738 | out: lpFileInformation=0x2dd738*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00)) returned 1 [0110.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd470) returned 1 [0110.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd710) returned 1 [0110.300] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x2dd1f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0110.301] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), lpFindFileData=0x2dd4c0 | out: lpFindFileData=0x2dd4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00, dwReserved0=0x0, dwReserved1=0x0, cFileName="noise.exe", cAlternateFileName="")) returned 0x5930db0 [0110.301] FindNextFileW (in: hFindFile=0x5930db0, lpFindFileData=0x2dd4c8 | out: lpFindFileData=0x2dd4c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0110.301] FindClose (in: hFindFile=0x5930db0 | out: hFindFile=0x5930db0) returned 1 [0110.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd480) returned 1 [0110.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd6e0) returned 1 [0110.301] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd20c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.301] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd20c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.302] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd4b0) returned 1 [0110.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x2dd774 | out: lpFileInformation=0x2dd774*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00)) returned 1 [0110.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd4ac) returned 1 [0110.302] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd268, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.302] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd4a4) returned 1 [0110.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), fInfoLevelId=0x0, lpFileInformation=0x2dd768 | out: lpFileInformation=0x2dd768*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1eb52100, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x1eb52100, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x37630e00, ftLastWriteTime.dwHighDateTime=0x1d8a89d, nFileSizeHigh=0x0, nFileSizeLow=0x9ca00)) returned 1 [0110.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd4a0) returned 1 [0110.303] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd280, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.303] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", nBufferLength=0x105, lpBuffer=0x2dd270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp", lpFilePart=0x0) returned 0x25 [0110.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd438) returned 1 [0110.303] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp"), fInfoLevelId=0x0, lpFileInformation=0x2dd6fc | out: lpFileInformation=0x2dd6fc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x79698510, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x477dae40, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x477dae40, ftLastWriteTime.dwHighDateTime=0x1d8a8ba, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0110.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd434) returned 1 [0110.304] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd224, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.304] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", nBufferLength=0x105, lpBuffer=0x2dd224, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe", lpFilePart=0x0) returned 0x2f [0110.304] CopyFileW (lpExistingFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), bFailIfExists=0) returned 0 [0110.307] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5ac [0110.308] CloseHandle (hObject=0x5ac) returned 1 [0110.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3d92980, Length=0x20000, ResultLength=0x2dd494 | out: SystemInformation=0x3d92980, ResultLength=0x2dd494*=0xe050) returned 0x0 [0110.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x2dcf04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0110.459] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x2dce7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0110.493] CoTaskMemAlloc (cb=0x20c) returned 0x597b3b8 [0110.493] GetEnvironmentVariableW (in: lpName="COMPLUS_INSTALLROOT", lpBuffer=0x597b3b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0110.493] CoTaskMemFree (pv=0x597b3b8) [0110.493] CoTaskMemAlloc (cb=0x210) returned 0x597b3b8 [0110.493] GetEnvironmentVariableW (in: lpName="COMPLUS_VERSION", lpBuffer=0x597b3b8, nSize=0x106 | out: lpBuffer="") returned 0x0 [0110.493] CoTaskMemFree (pv=0x597b3b8) [0110.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\msbuild.exe", nBufferLength=0x105, lpBuffer=0x2dcf0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\msbuild.exe", lpFilePart=0x0) returned 0x39 [0110.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x2dd14c) returned 1 [0110.494] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\msbuild.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\msbuild.exe"), fInfoLevelId=0x0, lpFileInformation=0x2dd410 | out: lpFileInformation=0x2dd410*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23456500, ftCreationTime.dwHighDateTime=0x1d4e503, ftLastAccessTime.dwLowDateTime=0xc0eef950, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0x3fe38)) returned 1 [0110.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x2dd148) returned 1 [0110.577] EtwEventRegister () returned 0x0 [0110.590] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x36be40*=0xf8, lpdwindex=0x2dd434 | out: lpdwindex=0x2dd434) returned 0x0 [0141.972] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x3bb668*=0x5e0, lpdwindex=0x2dd1f4 | out: lpdwindex=0x2dd1f4) returned 0x0 [0142.032] AdjustWindowRectEx (in: lpRect=0x2dd5f8, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x2dd5f8) returned 1 [0142.032] GetSystemMetrics (nIndex=59) returned 1460 [0142.032] GetSystemMetrics (nIndex=60) returned 920 [0142.032] GetSystemMetrics (nIndex=34) returned 132 [0142.032] GetSystemMetrics (nIndex=35) returned 38 [0142.032] AdjustWindowRectEx (in: lpRect=0x2dd534, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x2dd534) returned 1 [0142.039] GetDC (hWnd=0x0) returned 0x14010789 [0142.040] GdipCreateFromHDC (hdc=0x14010789, graphics=0x2dd4fc) returned 0x0 [0142.041] GdipGetFontHeight (font=0x5d40960, graphics=0x5ff7a28, height=0x2dd4f4) returned 0x0 [0142.041] GdipDeleteGraphics (graphics=0x5ff7a28) returned 0x0 [0142.042] ReleaseDC (hWnd=0x0, hDC=0x14010789) returned 1 [0142.042] GetSystemMetrics (nIndex=5) returned 1 [0142.042] GetSystemMetrics (nIndex=6) returned 1 [0142.042] AdjustWindowRectEx (in: lpRect=0x2dd624, dwStyle=0x560101c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2dd624) returned 1 [0142.042] GetSystemMetrics (nIndex=5) returned 1 [0142.042] GetSystemMetrics (nIndex=6) returned 1 [0142.042] AdjustWindowRectEx (in: lpRect=0x2dd588, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2dd588) returned 1 [0142.043] GetSystemMetrics (nIndex=5) returned 1 [0142.043] GetSystemMetrics (nIndex=6) returned 1 [0142.043] AdjustWindowRectEx (in: lpRect=0x2dd588, dwStyle=0x560100c0, bMenu=0, dwExStyle=0x200 | out: lpRect=0x2dd588) returned 1 [0142.043] AdjustWindowRectEx (in: lpRect=0x2dd624, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2dd624) returned 1 [0142.044] AdjustWindowRectEx (in: lpRect=0x2dd5b4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2dd5b4) returned 1 [0142.047] AdjustWindowRectEx (in: lpRect=0x2dd5b4, dwStyle=0x5601000b, bMenu=0, dwExStyle=0x0 | out: lpRect=0x2dd5b4) returned 1 [0142.047] GetCurrentThreadId () returned 0xf28 [0142.047] GetCurrentThreadId () returned 0xf28 [0142.048] UpdateWindow (hWnd=0x0) returned 0 [0142.218] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11e00, lpName=0x0) returned 0x5e8 [0142.219] memcpy (in: _Dst=0x4e0000, _Src=0x26fddec, _Size=0x11e00 | out: _Dst=0x4e0000) returned 0x4e0000 [0142.219] CloseHandle (hObject=0x5e8) returned 1 [0142.276] GetCurrentThreadId () returned 0xf28 [0142.276] GetCurrentThreadId () returned 0xf28 [0142.343] VirtualProtect (in: lpAddress=0x4e0400, dwSize=0x9600, flNewProtect=0x40, lpflOldProtect=0x2dc23c | out: lpflOldProtect=0x2dc23c*=0x38c568) returned 0 [0142.990] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x800, lpName=0x0) returned 0x5e0 [0142.991] memcpy (in: _Dst=0x510000, _Src=0x266fa70, _Size=0x800 | out: _Dst=0x510000) returned 0x510000 [0142.991] CloseHandle (hObject=0x5e0) returned 1 [0143.739] VirtualProtect (in: lpAddress=0x4e0178, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x0) returned 0 [0143.745] VirtualProtect (in: lpAddress=0x4e01a0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.746] VirtualProtect (in: lpAddress=0x4e01c8, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.748] VirtualProtect (in: lpAddress=0x4e01f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.749] VirtualProtect (in: lpAddress=0x4e0218, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.750] VirtualProtect (in: lpAddress=0x4ea1be, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.751] VirtualProtect (in: lpAddress=0x4ea1b2, dwSize=0xb, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.752] VirtualProtect (in: lpAddress=0x4e9a00, dwSize=0x48, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.754] VirtualProtect (in: lpAddress=0x4ea1cc, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.755] VirtualProtect (in: lpAddress=0x4ea1f0, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.756] VirtualProtect (in: lpAddress=0x4ea1f8, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.757] VirtualProtect (in: lpAddress=0x4ea1fc, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.758] VirtualProtect (in: lpAddress=0x4ea204, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.758] VirtualProtect (in: lpAddress=0x4ea208, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.760] VirtualProtect (in: lpAddress=0x4ea20c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.761] VirtualProtect (in: lpAddress=0x4ea210, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.761] VirtualProtect (in: lpAddress=0x4ea218, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.762] VirtualProtect (in: lpAddress=0x4ea21c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.763] VirtualProtect (in: lpAddress=0x4ea220, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.764] VirtualProtect (in: lpAddress=0x4ea228, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.765] VirtualProtect (in: lpAddress=0x4ea22c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.766] VirtualProtect (in: lpAddress=0x4ea230, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.768] VirtualProtect (in: lpAddress=0x4ea238, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.769] VirtualProtect (in: lpAddress=0x4ea23c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.770] VirtualProtect (in: lpAddress=0x4ea240, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.772] VirtualProtect (in: lpAddress=0x4ea248, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.773] VirtualProtect (in: lpAddress=0x4ea24c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.774] VirtualProtect (in: lpAddress=0x4ea250, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.776] VirtualProtect (in: lpAddress=0x4ea254, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.777] VirtualProtect (in: lpAddress=0x4ea25c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.777] VirtualProtect (in: lpAddress=0x4ea260, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.779] VirtualProtect (in: lpAddress=0x4ea264, dwSize=0x8, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.780] VirtualProtect (in: lpAddress=0x4ea26c, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.781] VirtualProtect (in: lpAddress=0x4ea270, dwSize=0x4, flNewProtect=0x40, lpflOldProtect=0x2dc264 | out: lpflOldProtect=0x2dc264*=0x2838) returned 0 [0143.876] CoTaskMemAlloc (cb=0x210) returned 0x597b118 [0143.876] GetEnvironmentVariableW (in: lpName="COR_ENABLE_PROFILING", lpBuffer=0x597b118, nSize=0x106 | out: lpBuffer="") returned 0x0 [0143.876] CoTaskMemFree (pv=0x597b118) [0144.314] CoCreateGuid (in: pguid=0x2db86c | out: pguid=0x2db86c*(Data1=0xa722842b, Data2=0x1a26, Data3=0x4277, Data4=([0]=0x91, [1]=0xfd, [2]=0xed, [3]=0xc7, [4]=0x99, [5]=0xf7, [6]=0x46, [7]=0x79))) returned 0x0 [0144.328] CoTaskMemAlloc (cb=0x210) returned 0x378658 [0144.328] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x378658 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop") returned 0x1a [0144.328] CoTaskMemFree (pv=0x378658) [0144.467] CreateProcessAsUserW (in: hToken=0x0, lpApplicationName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x2dc704*(cb=0x48, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x267a26c | out: lpCommandLine="\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"", lpProcessInformation=0x267a26c*(hProcess=0x638, hThread=0x634, dwProcessId=0xfac, dwThreadId=0xfb0)) returned 1 [0144.606] GetCurrentProcessId () returned 0xf24 [0144.609] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf24) returned 0x640 [0144.610] EnumProcessModules (in: hProcess=0x640, lphModule=0x268eb44, cb=0x100, lpcbNeeded=0x2dc670 | out: lphModule=0x268eb44, lpcbNeeded=0x2dc670) returned 1 [0144.611] EnumProcessModules (in: hProcess=0x640, lphModule=0x268ec50, cb=0x200, lpcbNeeded=0x2dc670 | out: lphModule=0x268ec50, lpcbNeeded=0x2dc670) returned 1 [0144.613] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x268ee90, cb=0xc | out: lpmodinfo=0x268ee90*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0144.613] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.613] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0144.613] CoTaskMemFree (pv=0x5950bd8) [0144.614] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.614] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0144.614] CoTaskMemFree (pv=0x5950bd8) [0144.614] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x2690fe0, cb=0xc | out: lpmodinfo=0x2690fe0*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0144.614] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.614] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.615] CoTaskMemFree (pv=0x5950bd8) [0144.615] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.615] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0144.615] CoTaskMemFree (pv=0x5950bd8) [0144.615] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x26930f0, cb=0xc | out: lpmodinfo=0x26930f0*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0144.615] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.615] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0144.616] CoTaskMemFree (pv=0x5950bd8) [0144.616] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.616] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0144.616] CoTaskMemFree (pv=0x5950bd8) [0144.616] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x2695208, cb=0xc | out: lpmodinfo=0x2695208*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0144.617] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.617] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0144.617] CoTaskMemFree (pv=0x5950bd8) [0144.617] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.617] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0144.617] CoTaskMemFree (pv=0x5950bd8) [0144.617] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x2697328, cb=0xc | out: lpmodinfo=0x2697328*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0144.618] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.618] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0144.618] CoTaskMemFree (pv=0x5950bd8) [0144.618] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.618] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0144.618] CoTaskMemFree (pv=0x5950bd8) [0144.618] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x269947c, cb=0xc | out: lpmodinfo=0x269947c*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0144.619] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.619] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0144.619] CoTaskMemFree (pv=0x5950bd8) [0144.619] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.619] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0144.620] CoTaskMemFree (pv=0x5950bd8) [0144.620] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x269b59c, cb=0xc | out: lpmodinfo=0x269b59c*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0144.620] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.620] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0144.621] CoTaskMemFree (pv=0x5950bd8) [0144.621] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.621] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0144.621] CoTaskMemFree (pv=0x5950bd8) [0144.621] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x269d6b4, cb=0xc | out: lpmodinfo=0x269d6b4*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0144.622] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.622] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0144.622] CoTaskMemFree (pv=0x5950bd8) [0144.622] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.622] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0144.622] CoTaskMemFree (pv=0x5950bd8) [0144.623] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x269f7d8, cb=0xc | out: lpmodinfo=0x269f7d8*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0144.623] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.623] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0144.623] CoTaskMemFree (pv=0x5950bd8) [0144.623] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.623] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0144.624] CoTaskMemFree (pv=0x5950bd8) [0144.624] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x26a193c, cb=0xc | out: lpmodinfo=0x26a193c*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0144.624] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.624] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0144.625] CoTaskMemFree (pv=0x5950bd8) [0144.625] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.625] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0144.625] CoTaskMemFree (pv=0x5950bd8) [0144.625] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x26a3a54, cb=0xc | out: lpmodinfo=0x26a3a54*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0144.625] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.625] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0144.626] CoTaskMemFree (pv=0x5950bd8) [0144.626] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.626] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0144.627] CoTaskMemFree (pv=0x5950bd8) [0144.627] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x26a5b74, cb=0xc | out: lpmodinfo=0x26a5b74*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0144.627] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.627] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0144.627] CoTaskMemFree (pv=0x5950bd8) [0144.627] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.627] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0144.628] CoTaskMemFree (pv=0x5950bd8) [0144.628] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x26a7cc8, cb=0xc | out: lpmodinfo=0x26a7cc8*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0144.628] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.628] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0144.629] CoTaskMemFree (pv=0x5950bd8) [0144.629] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.629] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0144.629] CoTaskMemFree (pv=0x5950bd8) [0144.629] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x26a9e38, cb=0xc | out: lpmodinfo=0x26a9e38*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0144.630] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.630] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0144.630] CoTaskMemFree (pv=0x5950bd8) [0144.630] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.630] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0144.631] CoTaskMemFree (pv=0x5950bd8) [0144.631] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x26abf50, cb=0xc | out: lpmodinfo=0x26abf50*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0144.631] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.631] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0144.631] CoTaskMemFree (pv=0x5950bd8) [0144.632] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.632] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0144.632] CoTaskMemFree (pv=0x5950bd8) [0144.632] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x26ae060, cb=0xc | out: lpmodinfo=0x26ae060*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0144.632] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.632] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0144.633] CoTaskMemFree (pv=0x5950bd8) [0144.633] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.633] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0144.634] CoTaskMemFree (pv=0x5950bd8) [0144.634] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x26b0178, cb=0xc | out: lpmodinfo=0x26b0178*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0144.634] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.634] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0144.635] CoTaskMemFree (pv=0x5950bd8) [0144.635] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.635] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0144.636] CoTaskMemFree (pv=0x5950bd8) [0144.636] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x26b230c, cb=0xc | out: lpmodinfo=0x26b230c*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0144.636] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.636] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0144.637] CoTaskMemFree (pv=0x5950bd8) [0144.637] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.637] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0144.638] CoTaskMemFree (pv=0x5950bd8) [0144.638] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x26b441c, cb=0xc | out: lpmodinfo=0x26b441c*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0144.638] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.638] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0144.639] CoTaskMemFree (pv=0x5950bd8) [0144.639] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.639] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0144.639] CoTaskMemFree (pv=0x5950bd8) [0144.639] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x26b652c, cb=0xc | out: lpmodinfo=0x26b652c*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0144.640] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.640] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0144.640] CoTaskMemFree (pv=0x5950bd8) [0144.641] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.641] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0144.641] CoTaskMemFree (pv=0x5950bd8) [0144.641] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x26b863c, cb=0xc | out: lpmodinfo=0x26b863c*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0144.642] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.642] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0144.642] CoTaskMemFree (pv=0x5950bd8) [0144.642] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.642] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0144.643] CoTaskMemFree (pv=0x5950bd8) [0144.643] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x26ba754, cb=0xc | out: lpmodinfo=0x26ba754*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0144.643] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.643] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0144.644] CoTaskMemFree (pv=0x5950bd8) [0144.644] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.644] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0144.645] CoTaskMemFree (pv=0x5950bd8) [0144.645] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x26bc890, cb=0xc | out: lpmodinfo=0x26bc890*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0144.645] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.645] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0144.646] CoTaskMemFree (pv=0x5950bd8) [0144.646] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.646] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0144.646] CoTaskMemFree (pv=0x5950bd8) [0144.646] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x26be9e0, cb=0xc | out: lpmodinfo=0x26be9e0*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0144.647] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.647] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0144.648] CoTaskMemFree (pv=0x5950bd8) [0144.648] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.648] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0144.648] CoTaskMemFree (pv=0x5950bd8) [0144.648] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x26c0b20, cb=0xc | out: lpmodinfo=0x26c0b20*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0144.649] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.649] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0144.650] CoTaskMemFree (pv=0x5950bd8) [0144.650] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.650] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0144.650] CoTaskMemFree (pv=0x5950bd8) [0144.650] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x26c2cd4, cb=0xc | out: lpmodinfo=0x26c2cd4*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0144.651] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.651] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0144.651] CoTaskMemFree (pv=0x5950bd8) [0144.651] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.651] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0144.652] CoTaskMemFree (pv=0x5950bd8) [0144.652] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x26c4de4, cb=0xc | out: lpmodinfo=0x26c4de4*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0144.653] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.653] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0144.653] CoTaskMemFree (pv=0x5950bd8) [0144.654] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.654] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0144.654] CoTaskMemFree (pv=0x5950bd8) [0144.654] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x26c6efc, cb=0xc | out: lpmodinfo=0x26c6efc*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0144.655] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.655] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0144.656] CoTaskMemFree (pv=0x5950bd8) [0144.656] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.656] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0144.656] CoTaskMemFree (pv=0x5950bd8) [0144.656] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x26c906c, cb=0xc | out: lpmodinfo=0x26c906c*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0144.657] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.657] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0144.663] CoTaskMemFree (pv=0x5950bd8) [0144.663] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.663] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0144.664] CoTaskMemFree (pv=0x5950bd8) [0144.664] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x26cb1b8, cb=0xc | out: lpmodinfo=0x26cb1b8*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0144.665] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.665] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0144.665] CoTaskMemFree (pv=0x5950bd8) [0144.665] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.665] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0144.666] CoTaskMemFree (pv=0x5950bd8) [0144.666] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x26cd2d8, cb=0xc | out: lpmodinfo=0x26cd2d8*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0144.667] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.667] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0144.668] CoTaskMemFree (pv=0x5950bd8) [0144.668] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.668] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0144.668] CoTaskMemFree (pv=0x5950bd8) [0144.668] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x26cf480, cb=0xc | out: lpmodinfo=0x26cf480*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0144.669] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.669] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0144.670] CoTaskMemFree (pv=0x5950bd8) [0144.670] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.670] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0144.671] CoTaskMemFree (pv=0x5950bd8) [0144.671] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x26d1648, cb=0xc | out: lpmodinfo=0x26d1648*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0144.672] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.672] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0144.672] CoTaskMemFree (pv=0x5950bd8) [0144.672] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.672] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0144.673] CoTaskMemFree (pv=0x5950bd8) [0144.673] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x26d3960, cb=0xc | out: lpmodinfo=0x26d3960*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0144.674] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.674] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0144.675] CoTaskMemFree (pv=0x5950bd8) [0144.675] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.675] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0144.676] CoTaskMemFree (pv=0x5950bd8) [0144.676] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x26d5b38, cb=0xc | out: lpmodinfo=0x26d5b38*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0144.677] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.677] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0144.678] CoTaskMemFree (pv=0x5950bd8) [0144.678] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.678] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0144.679] CoTaskMemFree (pv=0x5950bd8) [0144.679] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x26d7d34, cb=0xc | out: lpmodinfo=0x26d7d34*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0144.679] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.679] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0144.680] CoTaskMemFree (pv=0x5950bd8) [0144.680] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.680] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0144.681] CoTaskMemFree (pv=0x5950bd8) [0144.681] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x26d9f30, cb=0xc | out: lpmodinfo=0x26d9f30*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0144.682] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.682] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0144.683] CoTaskMemFree (pv=0x5950bd8) [0144.683] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.683] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0144.684] CoTaskMemFree (pv=0x5950bd8) [0144.684] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x26dc0f0, cb=0xc | out: lpmodinfo=0x26dc0f0*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0144.685] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.685] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0144.686] CoTaskMemFree (pv=0x5950bd8) [0144.686] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.686] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0144.687] CoTaskMemFree (pv=0x5950bd8) [0144.687] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x26de24c, cb=0xc | out: lpmodinfo=0x26de24c*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0144.688] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.688] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0144.690] CoTaskMemFree (pv=0x5950bd8) [0144.691] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.691] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0144.691] CoTaskMemFree (pv=0x5950bd8) [0144.691] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x26e0364, cb=0xc | out: lpmodinfo=0x26e0364*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0144.692] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.692] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0144.693] CoTaskMemFree (pv=0x5950bd8) [0144.694] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.694] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0144.695] CoTaskMemFree (pv=0x5950bd8) [0144.695] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x26e247c, cb=0xc | out: lpmodinfo=0x26e247c*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0144.696] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.696] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0144.697] CoTaskMemFree (pv=0x5950bd8) [0144.697] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.697] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0144.698] CoTaskMemFree (pv=0x5950bd8) [0144.698] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x26e4594, cb=0xc | out: lpmodinfo=0x26e4594*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0144.699] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.699] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0144.700] CoTaskMemFree (pv=0x5950bd8) [0144.701] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.701] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0144.702] CoTaskMemFree (pv=0x5950bd8) [0144.702] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x26e66ac, cb=0xc | out: lpmodinfo=0x26e66ac*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0144.703] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.703] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0144.704] CoTaskMemFree (pv=0x5950bd8) [0144.704] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.704] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0144.705] CoTaskMemFree (pv=0x5950bd8) [0144.706] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x26e87c4, cb=0xc | out: lpmodinfo=0x26e87c4*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0144.707] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.707] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0144.708] CoTaskMemFree (pv=0x5950bd8) [0144.708] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.708] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0144.709] CoTaskMemFree (pv=0x5950bd8) [0144.709] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x26ea8d4, cb=0xc | out: lpmodinfo=0x26ea8d4*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0144.710] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.710] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0144.712] CoTaskMemFree (pv=0x5950bd8) [0144.712] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.712] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0144.713] CoTaskMemFree (pv=0x5950bd8) [0144.713] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x26ec9f4, cb=0xc | out: lpmodinfo=0x26ec9f4*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0144.714] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.714] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0144.716] CoTaskMemFree (pv=0x5950bd8) [0144.716] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.716] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0144.717] CoTaskMemFree (pv=0x5950bd8) [0144.717] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x26eeb0c, cb=0xc | out: lpmodinfo=0x26eeb0c*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0144.718] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.718] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0144.722] CoTaskMemFree (pv=0x5950bd8) [0144.722] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.722] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0144.723] CoTaskMemFree (pv=0x5950bd8) [0144.723] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x26f0c24, cb=0xc | out: lpmodinfo=0x26f0c24*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0144.724] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.724] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0144.726] CoTaskMemFree (pv=0x5950bd8) [0144.726] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.726] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0144.727] CoTaskMemFree (pv=0x5950bd8) [0144.727] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x26f2d2c, cb=0xc | out: lpmodinfo=0x26f2d2c*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0144.728] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.728] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0144.730] CoTaskMemFree (pv=0x5950bd8) [0144.730] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.730] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0144.731] CoTaskMemFree (pv=0x5950bd8) [0144.731] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x26f4e44, cb=0xc | out: lpmodinfo=0x26f4e44*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0144.732] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.732] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0144.734] CoTaskMemFree (pv=0x5950bd8) [0144.734] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.734] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0144.735] CoTaskMemFree (pv=0x5950bd8) [0144.735] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x26f6f5c, cb=0xc | out: lpmodinfo=0x26f6f5c*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0144.737] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.737] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0144.738] CoTaskMemFree (pv=0x5950bd8) [0144.738] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.738] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0144.740] CoTaskMemFree (pv=0x5950bd8) [0144.740] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x26f907c, cb=0xc | out: lpmodinfo=0x26f907c*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0144.741] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.741] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0144.742] CoTaskMemFree (pv=0x5950bd8) [0144.742] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.742] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0144.744] CoTaskMemFree (pv=0x5950bd8) [0144.744] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x26fb194, cb=0xc | out: lpmodinfo=0x26fb194*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0144.745] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.745] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0144.747] CoTaskMemFree (pv=0x5950bd8) [0144.747] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.747] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0144.748] CoTaskMemFree (pv=0x5950bd8) [0144.748] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x26fd2ac, cb=0xc | out: lpmodinfo=0x26fd2ac*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0144.750] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.750] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0144.751] CoTaskMemFree (pv=0x5950bd8) [0144.751] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.751] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0144.753] CoTaskMemFree (pv=0x5950bd8) [0144.753] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x26ff3bc, cb=0xc | out: lpmodinfo=0x26ff3bc*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0144.754] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.754] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0144.756] CoTaskMemFree (pv=0x5950bd8) [0144.756] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.756] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0144.757] CoTaskMemFree (pv=0x5950bd8) [0144.757] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x27014d4, cb=0xc | out: lpmodinfo=0x27014d4*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0144.759] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.759] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0144.760] CoTaskMemFree (pv=0x5950bd8) [0144.760] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.760] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0144.762] CoTaskMemFree (pv=0x5950bd8) [0144.762] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x27035f4, cb=0xc | out: lpmodinfo=0x27035f4*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0144.763] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.763] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0144.765] CoTaskMemFree (pv=0x5950bd8) [0144.765] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.765] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0144.766] CoTaskMemFree (pv=0x5950bd8) [0144.766] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x270570c, cb=0xc | out: lpmodinfo=0x270570c*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0144.768] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.768] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0144.770] CoTaskMemFree (pv=0x5950bd8) [0144.770] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.770] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0144.771] CoTaskMemFree (pv=0x5950bd8) [0144.771] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x2707838, cb=0xc | out: lpmodinfo=0x2707838*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0144.773] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.773] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0144.774] CoTaskMemFree (pv=0x5950bd8) [0144.774] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.774] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0144.776] CoTaskMemFree (pv=0x5950bd8) [0144.776] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x2709958, cb=0xc | out: lpmodinfo=0x2709958*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0144.777] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.777] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0144.779] CoTaskMemFree (pv=0x5950bd8) [0144.779] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.779] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0144.781] CoTaskMemFree (pv=0x5950bd8) [0144.781] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x270ba80, cb=0xc | out: lpmodinfo=0x270ba80*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0144.791] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.791] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0144.793] CoTaskMemFree (pv=0x5950bd8) [0144.793] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.793] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0144.795] CoTaskMemFree (pv=0x5950bd8) [0144.795] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x270db98, cb=0xc | out: lpmodinfo=0x270db98*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0144.796] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.796] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0144.798] CoTaskMemFree (pv=0x5950bd8) [0144.798] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.798] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0144.800] CoTaskMemFree (pv=0x5950bd8) [0144.800] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x270fcb8, cb=0xc | out: lpmodinfo=0x270fcb8*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0144.801] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.801] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0144.803] CoTaskMemFree (pv=0x5950bd8) [0144.803] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.803] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0144.805] CoTaskMemFree (pv=0x5950bd8) [0144.805] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x2711dd8, cb=0xc | out: lpmodinfo=0x2711dd8*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0144.806] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.806] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0144.808] CoTaskMemFree (pv=0x5950bd8) [0144.808] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.808] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0144.810] CoTaskMemFree (pv=0x5950bd8) [0144.810] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x2713ef0, cb=0xc | out: lpmodinfo=0x2713ef0*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0144.811] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.811] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0144.813] CoTaskMemFree (pv=0x5950bd8) [0144.813] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.813] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0144.816] CoTaskMemFree (pv=0x5950bd8) [0144.816] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x271621c, cb=0xc | out: lpmodinfo=0x271621c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0144.818] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.818] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0144.819] CoTaskMemFree (pv=0x5950bd8) [0144.819] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.819] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0144.821] CoTaskMemFree (pv=0x5950bd8) [0144.821] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x2718334, cb=0xc | out: lpmodinfo=0x2718334*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0144.823] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.823] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0144.824] CoTaskMemFree (pv=0x5950bd8) [0144.825] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.825] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0144.826] CoTaskMemFree (pv=0x5950bd8) [0144.826] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x271a44c, cb=0xc | out: lpmodinfo=0x271a44c*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0144.828] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.828] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0144.829] CoTaskMemFree (pv=0x5950bd8) [0144.830] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.830] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0144.831] CoTaskMemFree (pv=0x5950bd8) [0144.831] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x271c564, cb=0xc | out: lpmodinfo=0x271c564*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0144.833] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.833] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0144.835] CoTaskMemFree (pv=0x5950bd8) [0144.835] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.835] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0144.837] CoTaskMemFree (pv=0x5950bd8) [0144.837] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x271e6a4, cb=0xc | out: lpmodinfo=0x271e6a4*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0144.838] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.838] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0144.840] CoTaskMemFree (pv=0x5950bd8) [0144.840] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.840] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0144.842] CoTaskMemFree (pv=0x5950bd8) [0144.842] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x27207bc, cb=0xc | out: lpmodinfo=0x27207bc*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0144.844] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.844] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0144.846] CoTaskMemFree (pv=0x5950bd8) [0144.846] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.846] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0144.848] CoTaskMemFree (pv=0x5950bd8) [0144.848] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x27228cc, cb=0xc | out: lpmodinfo=0x27228cc*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0144.849] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.849] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0144.851] CoTaskMemFree (pv=0x5950bd8) [0144.851] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.851] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0144.853] CoTaskMemFree (pv=0x5950bd8) [0144.853] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x2724aa0, cb=0xc | out: lpmodinfo=0x2724aa0*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0144.855] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.855] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0144.857] CoTaskMemFree (pv=0x5950bd8) [0144.857] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.857] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0144.859] CoTaskMemFree (pv=0x5950bd8) [0144.859] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x2726c5c, cb=0xc | out: lpmodinfo=0x2726c5c*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0144.861] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.861] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0144.863] CoTaskMemFree (pv=0x5950bd8) [0144.863] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.863] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0144.864] CoTaskMemFree (pv=0x5950bd8) [0144.864] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x2728d8c, cb=0xc | out: lpmodinfo=0x2728d8c*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0144.866] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.866] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0144.868] CoTaskMemFree (pv=0x5950bd8) [0144.868] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0144.868] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0144.870] CoTaskMemFree (pv=0x5950bd8) [0144.870] CloseHandle (hObject=0x640) returned 1 [0144.959] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0144.959] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0144.960] lstrlenA (lpString="ActivateActCtx") returned 14 [0144.960] lstrlenA (lpString="AddAtomA") returned 8 [0144.960] lstrlenA (lpString="AddAtomW") returned 8 [0144.960] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0144.960] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0144.960] lstrlenA (lpString="AddDllDirectory") returned 15 [0144.960] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0144.960] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0144.960] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0144.961] lstrlenA (lpString="AddRefActCtx") returned 12 [0144.961] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0144.961] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0144.961] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0144.961] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0144.961] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0144.961] lstrlenA (lpString="AllocConsole") returned 12 [0144.961] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0144.961] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0144.962] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0144.962] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0144.962] lstrlenA (lpString="AreFileApisANSI") returned 15 [0144.962] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0144.962] lstrlenA (lpString="AttachConsole") returned 13 [0144.962] lstrlenA (lpString="BackupRead") returned 10 [0144.962] lstrlenA (lpString="BackupSeek") returned 10 [0144.962] lstrlenA (lpString="BackupWrite") returned 11 [0144.962] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0144.963] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0144.963] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0144.963] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0144.963] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0144.963] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0144.963] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0144.963] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0144.963] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0144.963] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0144.964] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0144.964] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0144.964] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0144.964] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0144.964] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0144.964] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0144.964] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0144.964] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0144.964] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0144.965] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0144.965] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0144.965] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0144.965] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0144.965] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0144.965] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0144.965] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0144.965] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0144.965] lstrlenA (lpString="Beep") returned 4 [0144.966] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0144.966] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0144.966] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0144.966] lstrlenA (lpString="BuildCommDCBA") returned 13 [0144.966] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0144.966] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0144.966] lstrlenA (lpString="BuildCommDCBW") returned 13 [0144.966] lstrlenA (lpString="CallNamedPipeA") returned 14 [0144.966] lstrlenA (lpString="CallNamedPipeW") returned 14 [0144.967] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0144.967] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0144.967] lstrlenA (lpString="CancelIo") returned 8 [0144.967] lstrlenA (lpString="CancelIoEx") returned 10 [0144.967] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0144.967] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0144.967] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0144.967] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0144.967] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0144.967] lstrlenA (lpString="CheckElevation") returned 14 [0144.968] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0144.968] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0144.968] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0144.968] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0144.968] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0144.968] lstrlenA (lpString="ClearCommBreak") returned 14 [0144.968] lstrlenA (lpString="ClearCommError") returned 14 [0144.968] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0144.968] lstrlenA (lpString="CloseHandle") returned 11 [0144.968] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0144.968] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0144.968] lstrlenA (lpString="CloseThreadpool") returned 15 [0144.969] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0144.969] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0144.969] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0144.969] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0144.969] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0144.969] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0144.969] lstrlenA (lpString="CmdBatNotification") returned 18 [0144.969] lstrlenA (lpString="CommConfigDialogA") returned 17 [0144.969] lstrlenA (lpString="CommConfigDialogW") returned 17 [0144.969] lstrlenA (lpString="CompareCalendarDates") returned 20 [0144.969] lstrlenA (lpString="CompareFileTime") returned 15 [0144.969] lstrlenA (lpString="CompareStringA") returned 14 [0144.970] lstrlenA (lpString="CompareStringEx") returned 15 [0144.970] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0144.970] lstrlenA (lpString="CompareStringW") returned 14 [0144.970] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0144.970] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0144.970] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0144.970] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0144.970] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0144.970] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0144.970] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0144.970] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0144.970] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0144.971] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0144.971] lstrlenA (lpString="CopyContext") returned 11 [0144.971] lstrlenA (lpString="CopyFileA") returned 9 [0144.971] lstrlenA (lpString="CopyFileExA") returned 11 [0144.971] lstrlenA (lpString="CopyFileExW") returned 11 [0144.971] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0144.971] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0144.971] lstrlenA (lpString="CopyFileW") returned 9 [0144.972] lstrlenA (lpString="CopyLZFile") returned 10 [0144.972] lstrlenA (lpString="CreateActCtxA") returned 13 [0144.972] lstrlenA (lpString="CreateActCtxW") returned 13 [0144.972] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0144.972] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0144.972] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0144.972] lstrlenA (lpString="CreateDirectoryA") returned 16 [0144.972] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0144.972] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0144.972] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0144.973] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0144.973] lstrlenA (lpString="CreateDirectoryW") returned 16 [0144.973] lstrlenA (lpString="CreateEventA") returned 12 [0144.973] lstrlenA (lpString="CreateEventExA") returned 14 [0144.973] lstrlenA (lpString="CreateEventExW") returned 14 [0144.973] lstrlenA (lpString="CreateEventW") returned 12 [0144.973] lstrlenA (lpString="CreateFiber") returned 11 [0144.973] lstrlenA (lpString="CreateFiberEx") returned 13 [0144.973] lstrlenA (lpString="CreateFileA") returned 11 [0144.973] lstrlenA (lpString="CreateFileMappingA") returned 18 [0144.973] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0144.973] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0144.973] lstrlenA (lpString="CreateFileMappingW") returned 18 [0144.973] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0144.974] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0144.974] lstrlenA (lpString="CreateFileW") returned 11 [0144.974] lstrlenA (lpString="CreateHardLinkA") returned 15 [0144.974] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0144.974] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0144.974] lstrlenA (lpString="CreateHardLinkW") returned 15 [0144.974] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0144.974] lstrlenA (lpString="CreateJobObjectA") returned 16 [0144.974] lstrlenA (lpString="CreateJobObjectW") returned 16 [0144.974] lstrlenA (lpString="CreateJobSet") returned 12 [0144.974] lstrlenA (lpString="CreateMailslotA") returned 15 [0144.974] lstrlenA (lpString="CreateMailslotW") returned 15 [0144.974] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0144.974] lstrlenA (lpString="CreateMutexA") returned 12 [0144.974] lstrlenA (lpString="CreateMutexExA") returned 14 [0144.974] lstrlenA (lpString="CreateMutexExW") returned 14 [0144.975] lstrlenA (lpString="CreateMutexW") returned 12 [0144.975] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0144.975] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0144.975] lstrlenA (lpString="CreatePipe") returned 10 [0144.975] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0144.975] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0144.975] lstrlenA (lpString="CreateProcessA") returned 14 [0144.975] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0144.975] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0144.975] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0144.975] lstrlenA (lpString="CreateProcessW") returned 14 [0144.975] lstrlenA (lpString="CreateRemoteThread") returned 18 [0144.975] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0144.975] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0144.976] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0144.976] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0144.976] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0144.976] lstrlenA (lpString="CreateSocketHandle") returned 18 [0144.976] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0144.976] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0144.976] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0144.976] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0144.976] lstrlenA (lpString="CreateTapePartition") returned 19 [0144.976] lstrlenA (lpString="CreateThread") returned 12 [0144.976] lstrlenA (lpString="CreateThreadpool") returned 16 [0144.976] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0144.976] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0144.976] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0144.977] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0144.977] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0144.977] lstrlenA (lpString="CreateTimerQueue") returned 16 [0144.977] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0144.977] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0144.977] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0144.977] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0144.977] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0144.977] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0144.977] lstrlenA (lpString="CtrlRoutine") returned 11 [0144.977] lstrlenA (lpString="DeactivateActCtx") returned 16 [0144.977] lstrlenA (lpString="DebugActiveProcess") returned 18 [0144.977] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0144.978] lstrlenA (lpString="DebugBreak") returned 10 [0144.978] lstrlenA (lpString="DebugBreakProcess") returned 17 [0144.978] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0144.978] lstrlenA (lpString="DecodePointer") returned 13 [0144.978] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0144.978] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0144.978] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0144.978] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0144.978] lstrlenA (lpString="DeleteAtom") returned 10 [0144.978] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0144.978] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0144.978] lstrlenA (lpString="DeleteFiber") returned 11 [0144.978] lstrlenA (lpString="DeleteFileA") returned 11 [0144.979] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0144.979] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0144.979] lstrlenA (lpString="DeleteFileW") returned 11 [0144.979] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0144.979] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0144.979] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0144.979] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0144.979] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0144.979] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0144.979] lstrlenA (lpString="DeviceIoControl") returned 15 [0144.979] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0144.979] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0144.979] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0144.979] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0144.980] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0144.980] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0144.980] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0144.980] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0144.980] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0144.980] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0144.980] lstrlenA (lpString="DuplicateHandle") returned 15 [0144.980] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0144.980] lstrlenA (lpString="EncodePointer") returned 13 [0144.980] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0144.980] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0144.980] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0144.980] lstrlenA (lpString="EnterCriticalSection") returned 20 [0144.980] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0144.980] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0144.980] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0144.980] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0144.981] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0144.981] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0144.981] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0144.981] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0144.981] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0144.981] lstrlenA (lpString="EnumDateFormatsW") returned 16 [0145.000] GetThreadContext (in: hThread=0x634, lpContext=0x26871f0 | out: lpContext=0x26871f0*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0xa27286, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0145.080] EnumProcessModules (in: hProcess=0x640, lphModule=0x273c090, cb=0x100, lpcbNeeded=0x2dc64c | out: lphModule=0x273c090, lpcbNeeded=0x2dc64c) returned 1 [0145.082] EnumProcessModules (in: hProcess=0x640, lphModule=0x273c19c, cb=0x200, lpcbNeeded=0x2dc64c | out: lphModule=0x273c19c, lpcbNeeded=0x2dc64c) returned 1 [0145.083] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x273c3dc, cb=0xc | out: lpmodinfo=0x273c3dc*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0145.083] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.083] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0145.083] CoTaskMemFree (pv=0x5950bd8) [0145.084] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.084] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0145.084] CoTaskMemFree (pv=0x5950bd8) [0145.084] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x273e52c, cb=0xc | out: lpmodinfo=0x273e52c*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0145.084] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.084] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0145.084] CoTaskMemFree (pv=0x5950bd8) [0145.084] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.084] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0145.085] CoTaskMemFree (pv=0x5950bd8) [0145.085] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x274063c, cb=0xc | out: lpmodinfo=0x274063c*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0145.085] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.085] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0145.085] CoTaskMemFree (pv=0x5950bd8) [0145.085] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.085] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0145.085] CoTaskMemFree (pv=0x5950bd8) [0145.085] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x2742754, cb=0xc | out: lpmodinfo=0x2742754*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0145.086] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.086] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0145.086] CoTaskMemFree (pv=0x5950bd8) [0145.086] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.086] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0145.086] CoTaskMemFree (pv=0x5950bd8) [0145.086] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x2744874, cb=0xc | out: lpmodinfo=0x2744874*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0145.087] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.087] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0145.087] CoTaskMemFree (pv=0x5950bd8) [0145.087] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.087] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0145.087] CoTaskMemFree (pv=0x5950bd8) [0145.087] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x27469c8, cb=0xc | out: lpmodinfo=0x27469c8*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0145.088] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.088] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0145.088] CoTaskMemFree (pv=0x5950bd8) [0145.088] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.088] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0145.088] CoTaskMemFree (pv=0x5950bd8) [0145.088] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x2748ae8, cb=0xc | out: lpmodinfo=0x2748ae8*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0145.089] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.089] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0145.089] CoTaskMemFree (pv=0x5950bd8) [0145.089] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.089] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0145.090] CoTaskMemFree (pv=0x5950bd8) [0145.090] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x274ac00, cb=0xc | out: lpmodinfo=0x274ac00*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0145.090] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.090] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0145.090] CoTaskMemFree (pv=0x5950bd8) [0145.091] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.091] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0145.091] CoTaskMemFree (pv=0x5950bd8) [0145.091] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x274cd18, cb=0xc | out: lpmodinfo=0x274cd18*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0145.091] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.091] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0145.092] CoTaskMemFree (pv=0x5950bd8) [0145.092] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.092] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0145.092] CoTaskMemFree (pv=0x5950bd8) [0145.092] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x274ee7c, cb=0xc | out: lpmodinfo=0x274ee7c*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0145.093] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.093] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0145.093] CoTaskMemFree (pv=0x5950bd8) [0145.093] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.093] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0145.093] CoTaskMemFree (pv=0x5950bd8) [0145.093] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x2750f94, cb=0xc | out: lpmodinfo=0x2750f94*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0145.094] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.094] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0145.094] CoTaskMemFree (pv=0x5950bd8) [0145.094] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.094] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0145.095] CoTaskMemFree (pv=0x5950bd8) [0145.095] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x27530b4, cb=0xc | out: lpmodinfo=0x27530b4*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0145.095] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.095] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0145.096] CoTaskMemFree (pv=0x5950bd8) [0145.096] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.096] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0145.096] CoTaskMemFree (pv=0x5950bd8) [0145.097] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x2755208, cb=0xc | out: lpmodinfo=0x2755208*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0145.097] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.097] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0145.098] CoTaskMemFree (pv=0x5950bd8) [0145.098] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.098] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0145.098] CoTaskMemFree (pv=0x5950bd8) [0145.098] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x2757378, cb=0xc | out: lpmodinfo=0x2757378*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0145.099] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.099] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0145.099] CoTaskMemFree (pv=0x5950bd8) [0145.099] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.099] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0145.100] CoTaskMemFree (pv=0x5950bd8) [0145.100] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x2759490, cb=0xc | out: lpmodinfo=0x2759490*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0145.101] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.101] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0145.101] CoTaskMemFree (pv=0x5950bd8) [0145.101] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.101] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0145.102] CoTaskMemFree (pv=0x5950bd8) [0145.102] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x275b5a0, cb=0xc | out: lpmodinfo=0x275b5a0*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0145.103] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.103] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0145.103] CoTaskMemFree (pv=0x5950bd8) [0145.103] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.103] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0145.104] CoTaskMemFree (pv=0x5950bd8) [0145.104] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x275d6b8, cb=0xc | out: lpmodinfo=0x275d6b8*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0145.105] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.105] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0145.105] CoTaskMemFree (pv=0x5950bd8) [0145.105] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.105] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0145.106] CoTaskMemFree (pv=0x5950bd8) [0145.106] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x275f858, cb=0xc | out: lpmodinfo=0x275f858*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0145.107] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.107] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0145.107] CoTaskMemFree (pv=0x5950bd8) [0145.107] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.107] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0145.108] CoTaskMemFree (pv=0x5950bd8) [0145.108] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x2761968, cb=0xc | out: lpmodinfo=0x2761968*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0145.108] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.109] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0145.109] CoTaskMemFree (pv=0x5950bd8) [0145.109] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.109] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0145.110] CoTaskMemFree (pv=0x5950bd8) [0145.110] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x2763a78, cb=0xc | out: lpmodinfo=0x2763a78*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0145.110] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.110] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0145.111] CoTaskMemFree (pv=0x5950bd8) [0145.111] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.111] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0145.112] CoTaskMemFree (pv=0x5950bd8) [0145.112] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x2765b88, cb=0xc | out: lpmodinfo=0x2765b88*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0145.112] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.112] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0145.113] CoTaskMemFree (pv=0x5950bd8) [0145.113] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.113] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0145.114] CoTaskMemFree (pv=0x5950bd8) [0145.114] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x2767ca0, cb=0xc | out: lpmodinfo=0x2767ca0*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0145.114] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.114] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0145.115] CoTaskMemFree (pv=0x5950bd8) [0145.115] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.115] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0145.116] CoTaskMemFree (pv=0x5950bd8) [0145.116] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x2769ddc, cb=0xc | out: lpmodinfo=0x2769ddc*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0145.116] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.116] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0145.117] CoTaskMemFree (pv=0x5950bd8) [0145.117] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.117] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0145.118] CoTaskMemFree (pv=0x5950bd8) [0145.118] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x276bf2c, cb=0xc | out: lpmodinfo=0x276bf2c*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0145.119] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.119] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0145.119] CoTaskMemFree (pv=0x5950bd8) [0145.119] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.120] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0145.120] CoTaskMemFree (pv=0x5950bd8) [0145.120] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x276e06c, cb=0xc | out: lpmodinfo=0x276e06c*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0145.121] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.121] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0145.122] CoTaskMemFree (pv=0x5950bd8) [0145.122] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.122] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0145.122] CoTaskMemFree (pv=0x5950bd8) [0145.123] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x2770220, cb=0xc | out: lpmodinfo=0x2770220*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0145.123] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.123] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0145.124] CoTaskMemFree (pv=0x5950bd8) [0145.124] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.124] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0145.125] CoTaskMemFree (pv=0x5950bd8) [0145.125] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x2772330, cb=0xc | out: lpmodinfo=0x2772330*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0145.126] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.126] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0145.127] CoTaskMemFree (pv=0x5950bd8) [0145.127] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.127] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0145.128] CoTaskMemFree (pv=0x5950bd8) [0145.128] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x2774448, cb=0xc | out: lpmodinfo=0x2774448*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0145.128] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.128] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0145.129] CoTaskMemFree (pv=0x5950bd8) [0145.129] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.129] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0145.130] CoTaskMemFree (pv=0x5950bd8) [0145.130] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x27765b8, cb=0xc | out: lpmodinfo=0x27765b8*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0145.131] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.131] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0145.132] CoTaskMemFree (pv=0x5950bd8) [0145.132] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.132] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0145.133] CoTaskMemFree (pv=0x5950bd8) [0145.133] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x2778704, cb=0xc | out: lpmodinfo=0x2778704*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0145.133] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.133] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0145.134] CoTaskMemFree (pv=0x5950bd8) [0145.134] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.134] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0145.135] CoTaskMemFree (pv=0x5950bd8) [0145.135] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x277a824, cb=0xc | out: lpmodinfo=0x277a824*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0145.136] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.136] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0145.137] CoTaskMemFree (pv=0x5950bd8) [0145.137] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.137] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0145.138] CoTaskMemFree (pv=0x5950bd8) [0145.138] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x277c9cc, cb=0xc | out: lpmodinfo=0x277c9cc*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0145.139] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.139] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0145.139] CoTaskMemFree (pv=0x5950bd8) [0145.140] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.140] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0145.140] CoTaskMemFree (pv=0x5950bd8) [0145.140] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x277eb94, cb=0xc | out: lpmodinfo=0x277eb94*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0145.141] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.141] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0145.142] CoTaskMemFree (pv=0x5950bd8) [0145.142] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.143] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0145.143] CoTaskMemFree (pv=0x5950bd8) [0145.143] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x2780ea0, cb=0xc | out: lpmodinfo=0x2780ea0*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0145.144] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.144] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0145.145] CoTaskMemFree (pv=0x5950bd8) [0145.145] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.145] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0145.146] CoTaskMemFree (pv=0x5950bd8) [0145.146] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x2783078, cb=0xc | out: lpmodinfo=0x2783078*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0145.147] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.147] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0145.148] CoTaskMemFree (pv=0x5950bd8) [0145.148] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.148] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0145.149] CoTaskMemFree (pv=0x5950bd8) [0145.149] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x2785274, cb=0xc | out: lpmodinfo=0x2785274*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0145.150] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.150] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0145.151] CoTaskMemFree (pv=0x5950bd8) [0145.151] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.151] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0145.152] CoTaskMemFree (pv=0x5950bd8) [0145.152] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x2787470, cb=0xc | out: lpmodinfo=0x2787470*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0145.153] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.153] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0145.154] CoTaskMemFree (pv=0x5950bd8) [0145.154] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.154] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0145.155] CoTaskMemFree (pv=0x5950bd8) [0145.155] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x2789630, cb=0xc | out: lpmodinfo=0x2789630*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0145.156] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.156] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0145.157] CoTaskMemFree (pv=0x5950bd8) [0145.157] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.158] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0145.158] CoTaskMemFree (pv=0x5950bd8) [0145.159] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x278b798, cb=0xc | out: lpmodinfo=0x278b798*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0145.160] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.160] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0145.161] CoTaskMemFree (pv=0x5950bd8) [0145.161] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.161] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0145.162] CoTaskMemFree (pv=0x5950bd8) [0145.162] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x278d8b0, cb=0xc | out: lpmodinfo=0x278d8b0*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0145.166] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.166] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0145.167] CoTaskMemFree (pv=0x5950bd8) [0145.167] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.167] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0145.168] CoTaskMemFree (pv=0x5950bd8) [0145.168] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x278f9c8, cb=0xc | out: lpmodinfo=0x278f9c8*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0145.169] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.169] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0145.170] CoTaskMemFree (pv=0x5950bd8) [0145.170] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.170] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0145.171] CoTaskMemFree (pv=0x5950bd8) [0145.171] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x2791ae0, cb=0xc | out: lpmodinfo=0x2791ae0*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0145.173] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.173] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0145.175] CoTaskMemFree (pv=0x5950bd8) [0145.175] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.175] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0145.176] CoTaskMemFree (pv=0x5950bd8) [0145.176] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x2793bf8, cb=0xc | out: lpmodinfo=0x2793bf8*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0145.177] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.177] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0145.178] CoTaskMemFree (pv=0x5950bd8) [0145.178] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.178] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0145.179] CoTaskMemFree (pv=0x5950bd8) [0145.179] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x2795d10, cb=0xc | out: lpmodinfo=0x2795d10*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0145.180] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.180] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0145.181] CoTaskMemFree (pv=0x5950bd8) [0145.181] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.181] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0145.183] CoTaskMemFree (pv=0x5950bd8) [0145.183] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x2797e20, cb=0xc | out: lpmodinfo=0x2797e20*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0145.184] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.184] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0145.185] CoTaskMemFree (pv=0x5950bd8) [0145.185] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.185] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0145.186] CoTaskMemFree (pv=0x5950bd8) [0145.186] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x2799f40, cb=0xc | out: lpmodinfo=0x2799f40*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0145.187] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.187] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0145.188] CoTaskMemFree (pv=0x5950bd8) [0145.188] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.188] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0145.190] CoTaskMemFree (pv=0x5950bd8) [0145.190] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x279c058, cb=0xc | out: lpmodinfo=0x279c058*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0145.191] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.191] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0145.192] CoTaskMemFree (pv=0x5950bd8) [0145.192] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.192] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0145.193] CoTaskMemFree (pv=0x5950bd8) [0145.193] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x279e170, cb=0xc | out: lpmodinfo=0x279e170*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0145.194] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.194] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0145.195] CoTaskMemFree (pv=0x5950bd8) [0145.196] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.196] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0145.197] CoTaskMemFree (pv=0x5950bd8) [0145.197] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x27a0278, cb=0xc | out: lpmodinfo=0x27a0278*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0145.198] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.198] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0145.199] CoTaskMemFree (pv=0x5950bd8) [0145.199] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.199] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0145.201] CoTaskMemFree (pv=0x5950bd8) [0145.201] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x27a2390, cb=0xc | out: lpmodinfo=0x27a2390*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0145.202] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.202] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0145.203] CoTaskMemFree (pv=0x5950bd8) [0145.203] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.203] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0145.204] CoTaskMemFree (pv=0x5950bd8) [0145.204] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x27a44a8, cb=0xc | out: lpmodinfo=0x27a44a8*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0145.206] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.206] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0145.207] CoTaskMemFree (pv=0x5950bd8) [0145.207] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.207] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0145.208] CoTaskMemFree (pv=0x5950bd8) [0145.208] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x27a65c8, cb=0xc | out: lpmodinfo=0x27a65c8*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0145.209] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.209] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0145.211] CoTaskMemFree (pv=0x5950bd8) [0145.211] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.211] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0145.212] CoTaskMemFree (pv=0x5950bd8) [0145.212] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x27a86e0, cb=0xc | out: lpmodinfo=0x27a86e0*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0145.213] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.213] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0145.214] CoTaskMemFree (pv=0x5950bd8) [0145.215] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.215] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0145.216] CoTaskMemFree (pv=0x5950bd8) [0145.216] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x27aa7f8, cb=0xc | out: lpmodinfo=0x27aa7f8*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0145.217] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.217] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0145.218] CoTaskMemFree (pv=0x5950bd8) [0145.218] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.218] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0145.222] CoTaskMemFree (pv=0x5950bd8) [0145.222] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x27ac908, cb=0xc | out: lpmodinfo=0x27ac908*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0145.223] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.223] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0145.225] CoTaskMemFree (pv=0x5950bd8) [0145.225] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.225] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0145.226] CoTaskMemFree (pv=0x5950bd8) [0145.226] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x27aea20, cb=0xc | out: lpmodinfo=0x27aea20*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0145.227] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.227] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0145.228] CoTaskMemFree (pv=0x5950bd8) [0145.229] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.229] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0145.230] CoTaskMemFree (pv=0x5950bd8) [0145.230] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x27b0b40, cb=0xc | out: lpmodinfo=0x27b0b40*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0145.231] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.231] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0145.233] CoTaskMemFree (pv=0x5950bd8) [0145.233] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.233] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0145.234] CoTaskMemFree (pv=0x5950bd8) [0145.234] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x27b2c58, cb=0xc | out: lpmodinfo=0x27b2c58*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0145.235] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.235] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0145.237] CoTaskMemFree (pv=0x5950bd8) [0145.237] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.237] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0145.238] CoTaskMemFree (pv=0x5950bd8) [0145.238] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x27b4d78, cb=0xc | out: lpmodinfo=0x27b4d78*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0145.239] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.239] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0145.241] CoTaskMemFree (pv=0x5950bd8) [0145.241] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.241] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0145.242] CoTaskMemFree (pv=0x5950bd8) [0145.242] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x27b6e98, cb=0xc | out: lpmodinfo=0x27b6e98*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0145.244] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.244] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0145.245] CoTaskMemFree (pv=0x5950bd8) [0145.245] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.245] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0145.246] CoTaskMemFree (pv=0x5950bd8) [0145.246] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x27b8fc0, cb=0xc | out: lpmodinfo=0x27b8fc0*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0145.248] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.248] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0145.249] CoTaskMemFree (pv=0x5950bd8) [0145.249] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.249] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0145.251] CoTaskMemFree (pv=0x5950bd8) [0145.251] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x27bb0d8, cb=0xc | out: lpmodinfo=0x27bb0d8*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0145.252] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.252] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0145.254] CoTaskMemFree (pv=0x5950bd8) [0145.254] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.254] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0145.255] CoTaskMemFree (pv=0x5950bd8) [0145.255] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x27bd1f8, cb=0xc | out: lpmodinfo=0x27bd1f8*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0145.257] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.257] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0145.258] CoTaskMemFree (pv=0x5950bd8) [0145.258] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.258] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0145.260] CoTaskMemFree (pv=0x5950bd8) [0145.260] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x27bf318, cb=0xc | out: lpmodinfo=0x27bf318*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0145.261] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.261] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0145.263] CoTaskMemFree (pv=0x5950bd8) [0145.263] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.263] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0145.264] CoTaskMemFree (pv=0x5950bd8) [0145.264] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x27c1430, cb=0xc | out: lpmodinfo=0x27c1430*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0145.266] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.266] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0145.267] CoTaskMemFree (pv=0x5950bd8) [0145.267] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.267] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0145.269] CoTaskMemFree (pv=0x5950bd8) [0145.269] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x27c375c, cb=0xc | out: lpmodinfo=0x27c375c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0145.270] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.270] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0145.272] CoTaskMemFree (pv=0x5950bd8) [0145.272] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.272] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0145.274] CoTaskMemFree (pv=0x5950bd8) [0145.274] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x27c5880, cb=0xc | out: lpmodinfo=0x27c5880*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0145.275] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.275] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0145.277] CoTaskMemFree (pv=0x5950bd8) [0145.277] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.277] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0145.278] CoTaskMemFree (pv=0x5950bd8) [0145.278] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x27c7998, cb=0xc | out: lpmodinfo=0x27c7998*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0145.280] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.280] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0145.293] CoTaskMemFree (pv=0x5950bd8) [0145.293] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.293] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0145.295] CoTaskMemFree (pv=0x5950bd8) [0145.295] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x27c9ab0, cb=0xc | out: lpmodinfo=0x27c9ab0*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0145.296] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.296] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0145.298] CoTaskMemFree (pv=0x5950bd8) [0145.298] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.298] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0145.300] CoTaskMemFree (pv=0x5950bd8) [0145.300] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x27cbbf0, cb=0xc | out: lpmodinfo=0x27cbbf0*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0145.301] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.301] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0145.303] CoTaskMemFree (pv=0x5950bd8) [0145.303] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.303] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0145.305] CoTaskMemFree (pv=0x5950bd8) [0145.305] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x27cdd08, cb=0xc | out: lpmodinfo=0x27cdd08*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0145.306] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.306] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0145.307] CoTaskMemFree (pv=0x5950bd8) [0145.307] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.307] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0145.309] CoTaskMemFree (pv=0x5950bd8) [0145.309] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x27cfe18, cb=0xc | out: lpmodinfo=0x27cfe18*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0145.310] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.310] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0145.311] CoTaskMemFree (pv=0x5950bd8) [0145.311] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.312] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0145.313] CoTaskMemFree (pv=0x5950bd8) [0145.313] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x27d1fec, cb=0xc | out: lpmodinfo=0x27d1fec*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0145.315] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.315] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0145.316] CoTaskMemFree (pv=0x5950bd8) [0145.316] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.316] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0145.318] CoTaskMemFree (pv=0x5950bd8) [0145.318] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x27d41a8, cb=0xc | out: lpmodinfo=0x27d41a8*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0145.319] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.319] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0145.321] CoTaskMemFree (pv=0x5950bd8) [0145.321] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.321] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0145.322] CoTaskMemFree (pv=0x5950bd8) [0145.323] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x27d62d8, cb=0xc | out: lpmodinfo=0x27d62d8*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0145.324] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.324] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0145.325] CoTaskMemFree (pv=0x5950bd8) [0145.325] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.325] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0145.327] CoTaskMemFree (pv=0x5950bd8) [0145.327] CloseHandle (hObject=0x640) returned 1 [0145.327] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0145.327] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0145.328] lstrlenA (lpString="ActivateActCtx") returned 14 [0145.328] lstrlenA (lpString="AddAtomA") returned 8 [0145.328] lstrlenA (lpString="AddAtomW") returned 8 [0145.328] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0145.328] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0145.328] lstrlenA (lpString="AddDllDirectory") returned 15 [0145.328] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0145.328] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0145.328] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0145.328] lstrlenA (lpString="AddRefActCtx") returned 12 [0145.328] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0145.328] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0145.329] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0145.329] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0145.329] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0145.329] lstrlenA (lpString="AllocConsole") returned 12 [0145.329] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0145.329] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0145.329] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0145.329] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0145.329] lstrlenA (lpString="AreFileApisANSI") returned 15 [0145.329] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0145.329] lstrlenA (lpString="AttachConsole") returned 13 [0145.330] lstrlenA (lpString="BackupRead") returned 10 [0145.330] lstrlenA (lpString="BackupSeek") returned 10 [0145.330] lstrlenA (lpString="BackupWrite") returned 11 [0145.330] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0145.330] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0145.330] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0145.330] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0145.330] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0145.330] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0145.330] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0145.330] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0145.330] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0145.331] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0145.331] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0145.331] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0145.331] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0145.331] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0145.331] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0145.331] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0145.331] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0145.331] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0145.331] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0145.331] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0145.331] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0145.331] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0145.332] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0145.332] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0145.332] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0145.332] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0145.332] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0145.332] lstrlenA (lpString="Beep") returned 4 [0145.332] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0145.332] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0145.332] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0145.332] lstrlenA (lpString="BuildCommDCBA") returned 13 [0145.332] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0145.332] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0145.333] lstrlenA (lpString="BuildCommDCBW") returned 13 [0145.333] lstrlenA (lpString="CallNamedPipeA") returned 14 [0145.333] lstrlenA (lpString="CallNamedPipeW") returned 14 [0145.333] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0145.333] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0145.333] lstrlenA (lpString="CancelIo") returned 8 [0145.333] lstrlenA (lpString="CancelIoEx") returned 10 [0145.333] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0145.333] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0145.333] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0145.333] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0145.333] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0145.333] lstrlenA (lpString="CheckElevation") returned 14 [0145.334] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0145.334] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0145.334] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0145.334] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0145.334] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0145.334] lstrlenA (lpString="ClearCommBreak") returned 14 [0145.334] lstrlenA (lpString="ClearCommError") returned 14 [0145.334] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0145.334] lstrlenA (lpString="CloseHandle") returned 11 [0145.334] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0145.334] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0145.335] lstrlenA (lpString="CloseThreadpool") returned 15 [0145.335] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0145.335] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0145.335] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0145.335] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0145.335] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0145.335] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0145.335] lstrlenA (lpString="CmdBatNotification") returned 18 [0145.335] lstrlenA (lpString="CommConfigDialogA") returned 17 [0145.335] lstrlenA (lpString="CommConfigDialogW") returned 17 [0145.335] lstrlenA (lpString="CompareCalendarDates") returned 20 [0145.336] lstrlenA (lpString="CompareFileTime") returned 15 [0145.336] lstrlenA (lpString="CompareStringA") returned 14 [0145.336] lstrlenA (lpString="CompareStringEx") returned 15 [0145.336] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0145.336] lstrlenA (lpString="CompareStringW") returned 14 [0145.336] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0145.336] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0145.336] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0145.336] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0145.336] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0145.336] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0145.337] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0145.337] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0145.337] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0145.337] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0145.337] lstrlenA (lpString="CopyContext") returned 11 [0145.337] lstrlenA (lpString="CopyFileA") returned 9 [0145.337] lstrlenA (lpString="CopyFileExA") returned 11 [0145.337] lstrlenA (lpString="CopyFileExW") returned 11 [0145.337] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0145.337] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0145.337] lstrlenA (lpString="CopyFileW") returned 9 [0145.337] lstrlenA (lpString="CopyLZFile") returned 10 [0145.338] lstrlenA (lpString="CreateActCtxA") returned 13 [0145.338] lstrlenA (lpString="CreateActCtxW") returned 13 [0145.338] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0145.338] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0145.338] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0145.338] lstrlenA (lpString="CreateDirectoryA") returned 16 [0145.338] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0145.338] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0145.338] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0145.338] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0145.338] lstrlenA (lpString="CreateDirectoryW") returned 16 [0145.338] lstrlenA (lpString="CreateEventA") returned 12 [0145.339] lstrlenA (lpString="CreateEventExA") returned 14 [0145.339] lstrlenA (lpString="CreateEventExW") returned 14 [0145.339] lstrlenA (lpString="CreateEventW") returned 12 [0145.339] lstrlenA (lpString="CreateFiber") returned 11 [0145.339] lstrlenA (lpString="CreateFiberEx") returned 13 [0145.339] lstrlenA (lpString="CreateFileA") returned 11 [0145.339] lstrlenA (lpString="CreateFileMappingA") returned 18 [0145.339] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0145.339] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0145.339] lstrlenA (lpString="CreateFileMappingW") returned 18 [0145.339] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0145.339] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0145.339] lstrlenA (lpString="CreateFileW") returned 11 [0145.339] lstrlenA (lpString="CreateHardLinkA") returned 15 [0145.339] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0145.339] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0145.339] lstrlenA (lpString="CreateHardLinkW") returned 15 [0145.340] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0145.340] lstrlenA (lpString="CreateJobObjectA") returned 16 [0145.340] lstrlenA (lpString="CreateJobObjectW") returned 16 [0145.340] lstrlenA (lpString="CreateJobSet") returned 12 [0145.340] lstrlenA (lpString="CreateMailslotA") returned 15 [0145.340] lstrlenA (lpString="CreateMailslotW") returned 15 [0145.340] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0145.340] lstrlenA (lpString="CreateMutexA") returned 12 [0145.340] lstrlenA (lpString="CreateMutexExA") returned 14 [0145.340] lstrlenA (lpString="CreateMutexExW") returned 14 [0145.340] lstrlenA (lpString="CreateMutexW") returned 12 [0145.340] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0145.340] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0145.340] lstrlenA (lpString="CreatePipe") returned 10 [0145.340] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0145.340] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0145.340] lstrlenA (lpString="CreateProcessA") returned 14 [0145.341] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0145.341] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0145.341] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0145.341] lstrlenA (lpString="CreateProcessW") returned 14 [0145.341] lstrlenA (lpString="CreateRemoteThread") returned 18 [0145.341] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0145.341] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0145.341] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0145.341] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0145.341] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0145.341] lstrlenA (lpString="CreateSocketHandle") returned 18 [0145.341] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0145.341] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0145.341] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0145.341] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0145.342] lstrlenA (lpString="CreateTapePartition") returned 19 [0145.342] lstrlenA (lpString="CreateThread") returned 12 [0145.342] lstrlenA (lpString="CreateThreadpool") returned 16 [0145.342] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0145.342] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0145.342] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0145.342] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0145.342] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0145.342] lstrlenA (lpString="CreateTimerQueue") returned 16 [0145.342] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0145.342] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0145.342] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0145.342] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0145.342] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0145.342] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0145.342] lstrlenA (lpString="CtrlRoutine") returned 11 [0145.342] lstrlenA (lpString="DeactivateActCtx") returned 16 [0145.342] lstrlenA (lpString="DebugActiveProcess") returned 18 [0145.343] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0145.343] lstrlenA (lpString="DebugBreak") returned 10 [0145.343] lstrlenA (lpString="DebugBreakProcess") returned 17 [0145.343] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0145.343] lstrlenA (lpString="DecodePointer") returned 13 [0145.343] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0145.343] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0145.343] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0145.343] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0145.343] lstrlenA (lpString="DeleteAtom") returned 10 [0145.343] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0145.343] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0145.343] lstrlenA (lpString="DeleteFiber") returned 11 [0145.343] lstrlenA (lpString="DeleteFileA") returned 11 [0145.343] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0145.343] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0145.343] lstrlenA (lpString="DeleteFileW") returned 11 [0145.343] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0145.344] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0145.344] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0145.344] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0145.344] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0145.344] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0145.344] lstrlenA (lpString="DeviceIoControl") returned 15 [0145.344] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0145.344] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0145.344] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0145.344] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0145.344] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0145.344] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0145.344] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0145.344] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0145.344] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0145.345] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0145.345] lstrlenA (lpString="DuplicateHandle") returned 15 [0145.345] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0145.345] lstrlenA (lpString="EncodePointer") returned 13 [0145.345] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0145.345] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0145.345] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0145.345] lstrlenA (lpString="EnterCriticalSection") returned 20 [0145.345] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0145.345] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0145.345] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0145.345] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0145.345] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0145.345] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0145.345] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0145.345] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0145.346] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0145.356] ReadProcessMemory (in: hProcess=0x638, lpBaseAddress=0x7efde008, lpBuffer=0x0, nSize=0x4, lpNumberOfBytesRead=0x27e5bf8 | out: lpBuffer=0x0, lpNumberOfBytesRead=0x27e5bf8) returned 0 [0145.434] EnumProcessModules (in: hProcess=0x640, lphModule=0x27ed270, cb=0x100, lpcbNeeded=0x2dc654 | out: lphModule=0x27ed270, lpcbNeeded=0x2dc654) returned 1 [0145.436] EnumProcessModules (in: hProcess=0x640, lphModule=0x27ed37c, cb=0x200, lpcbNeeded=0x2dc654 | out: lphModule=0x27ed37c, lpcbNeeded=0x2dc654) returned 1 [0145.437] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x27ed5bc, cb=0xc | out: lpmodinfo=0x27ed5bc*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0145.438] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.438] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0145.438] CoTaskMemFree (pv=0x5950bd8) [0145.438] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.438] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0145.438] CoTaskMemFree (pv=0x5950bd8) [0145.438] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x27ef70c, cb=0xc | out: lpmodinfo=0x27ef70c*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0145.438] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.438] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0145.439] CoTaskMemFree (pv=0x5950bd8) [0145.439] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.439] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0145.439] CoTaskMemFree (pv=0x5950bd8) [0145.439] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x27f1828, cb=0xc | out: lpmodinfo=0x27f1828*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0145.439] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.439] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0145.439] CoTaskMemFree (pv=0x5950bd8) [0145.439] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.439] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0145.440] CoTaskMemFree (pv=0x5950bd8) [0145.440] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x27f3940, cb=0xc | out: lpmodinfo=0x27f3940*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0145.440] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.440] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0145.440] CoTaskMemFree (pv=0x5950bd8) [0145.440] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.440] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0145.440] CoTaskMemFree (pv=0x5950bd8) [0145.440] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x27f5a60, cb=0xc | out: lpmodinfo=0x27f5a60*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0145.441] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.441] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0145.441] CoTaskMemFree (pv=0x5950bd8) [0145.441] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.441] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0145.442] CoTaskMemFree (pv=0x5950bd8) [0145.442] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x27f7bb4, cb=0xc | out: lpmodinfo=0x27f7bb4*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0145.442] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.442] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0145.442] CoTaskMemFree (pv=0x5950bd8) [0145.442] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.442] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0145.443] CoTaskMemFree (pv=0x5950bd8) [0145.443] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x27f9cd4, cb=0xc | out: lpmodinfo=0x27f9cd4*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0145.443] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.443] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0145.443] CoTaskMemFree (pv=0x5950bd8) [0145.443] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.443] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0145.444] CoTaskMemFree (pv=0x5950bd8) [0145.444] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x27fbdec, cb=0xc | out: lpmodinfo=0x27fbdec*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0145.444] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.444] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0145.444] CoTaskMemFree (pv=0x5950bd8) [0145.444] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.444] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0145.445] CoTaskMemFree (pv=0x5950bd8) [0145.445] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x27fdf04, cb=0xc | out: lpmodinfo=0x27fdf04*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0145.445] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.445] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0145.445] CoTaskMemFree (pv=0x5950bd8) [0145.445] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.445] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0145.446] CoTaskMemFree (pv=0x5950bd8) [0145.446] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x2800068, cb=0xc | out: lpmodinfo=0x2800068*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0145.446] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.446] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0145.446] CoTaskMemFree (pv=0x5950bd8) [0145.446] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.446] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0145.447] CoTaskMemFree (pv=0x5950bd8) [0145.447] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x2802180, cb=0xc | out: lpmodinfo=0x2802180*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0145.447] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.447] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0145.448] CoTaskMemFree (pv=0x5950bd8) [0145.448] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.448] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0145.448] CoTaskMemFree (pv=0x5950bd8) [0145.448] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x28042a0, cb=0xc | out: lpmodinfo=0x28042a0*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0145.448] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.448] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0145.449] CoTaskMemFree (pv=0x5950bd8) [0145.449] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.449] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0145.449] CoTaskMemFree (pv=0x5950bd8) [0145.449] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x28063f4, cb=0xc | out: lpmodinfo=0x28063f4*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0145.450] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.450] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0145.450] CoTaskMemFree (pv=0x5950bd8) [0145.450] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.450] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0145.451] CoTaskMemFree (pv=0x5950bd8) [0145.451] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x2808564, cb=0xc | out: lpmodinfo=0x2808564*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0145.451] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.451] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0145.451] CoTaskMemFree (pv=0x5950bd8) [0145.451] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.451] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0145.452] CoTaskMemFree (pv=0x5950bd8) [0145.452] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x280a67c, cb=0xc | out: lpmodinfo=0x280a67c*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0145.452] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.452] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0145.454] CoTaskMemFree (pv=0x5950bd8) [0145.454] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.454] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0145.454] CoTaskMemFree (pv=0x5950bd8) [0145.454] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x280c78c, cb=0xc | out: lpmodinfo=0x280c78c*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0145.455] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.455] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0145.455] CoTaskMemFree (pv=0x5950bd8) [0145.455] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.455] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0145.455] CoTaskMemFree (pv=0x5950bd8) [0145.456] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x280e8a4, cb=0xc | out: lpmodinfo=0x280e8a4*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0145.456] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.456] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0145.456] CoTaskMemFree (pv=0x5950bd8) [0145.456] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.456] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0145.457] CoTaskMemFree (pv=0x5950bd8) [0145.457] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x2810a38, cb=0xc | out: lpmodinfo=0x2810a38*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0145.457] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.457] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0145.458] CoTaskMemFree (pv=0x5950bd8) [0145.458] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.458] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0145.458] CoTaskMemFree (pv=0x5950bd8) [0145.458] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x2812b48, cb=0xc | out: lpmodinfo=0x2812b48*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0145.459] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.459] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0145.459] CoTaskMemFree (pv=0x5950bd8) [0145.460] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.460] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0145.460] CoTaskMemFree (pv=0x5950bd8) [0145.460] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x2814c58, cb=0xc | out: lpmodinfo=0x2814c58*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0145.461] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.461] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0145.461] CoTaskMemFree (pv=0x5950bd8) [0145.461] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.461] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0145.462] CoTaskMemFree (pv=0x5950bd8) [0145.462] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x2816d68, cb=0xc | out: lpmodinfo=0x2816d68*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0145.462] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.462] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0145.463] CoTaskMemFree (pv=0x5950bd8) [0145.463] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.463] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0145.463] CoTaskMemFree (pv=0x5950bd8) [0145.463] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x2818e80, cb=0xc | out: lpmodinfo=0x2818e80*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0145.464] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.464] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0145.465] CoTaskMemFree (pv=0x5950bd8) [0145.465] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.465] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0145.465] CoTaskMemFree (pv=0x5950bd8) [0145.465] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x281afbc, cb=0xc | out: lpmodinfo=0x281afbc*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0145.466] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.466] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0145.466] CoTaskMemFree (pv=0x5950bd8) [0145.466] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.466] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0145.467] CoTaskMemFree (pv=0x5950bd8) [0145.467] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x281d10c, cb=0xc | out: lpmodinfo=0x281d10c*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0145.468] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.468] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0145.468] CoTaskMemFree (pv=0x5950bd8) [0145.468] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.468] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0145.469] CoTaskMemFree (pv=0x5950bd8) [0145.469] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x281f24c, cb=0xc | out: lpmodinfo=0x281f24c*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0145.469] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.470] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0145.470] CoTaskMemFree (pv=0x5950bd8) [0145.470] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.470] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0145.471] CoTaskMemFree (pv=0x5950bd8) [0145.471] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x2821400, cb=0xc | out: lpmodinfo=0x2821400*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0145.471] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.471] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0145.472] CoTaskMemFree (pv=0x5950bd8) [0145.472] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.472] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0145.473] CoTaskMemFree (pv=0x5950bd8) [0145.473] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x2823510, cb=0xc | out: lpmodinfo=0x2823510*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0145.473] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.473] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0145.474] CoTaskMemFree (pv=0x5950bd8) [0145.474] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.474] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0145.475] CoTaskMemFree (pv=0x5950bd8) [0145.475] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x2825628, cb=0xc | out: lpmodinfo=0x2825628*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0145.475] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.475] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0145.476] CoTaskMemFree (pv=0x5950bd8) [0145.476] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.476] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0145.477] CoTaskMemFree (pv=0x5950bd8) [0145.477] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x28277a4, cb=0xc | out: lpmodinfo=0x28277a4*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0145.477] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.477] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0145.478] CoTaskMemFree (pv=0x5950bd8) [0145.478] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.478] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0145.479] CoTaskMemFree (pv=0x5950bd8) [0145.479] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x28298f0, cb=0xc | out: lpmodinfo=0x28298f0*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0145.479] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.479] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0145.480] CoTaskMemFree (pv=0x5950bd8) [0145.480] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.480] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0145.481] CoTaskMemFree (pv=0x5950bd8) [0145.481] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x282ba10, cb=0xc | out: lpmodinfo=0x282ba10*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0145.481] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.481] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0145.482] CoTaskMemFree (pv=0x5950bd8) [0145.482] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.482] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0145.483] CoTaskMemFree (pv=0x5950bd8) [0145.483] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x282dbb8, cb=0xc | out: lpmodinfo=0x282dbb8*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0145.484] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.484] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0145.484] CoTaskMemFree (pv=0x5950bd8) [0145.484] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.484] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0145.485] CoTaskMemFree (pv=0x5950bd8) [0145.485] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x282fd80, cb=0xc | out: lpmodinfo=0x282fd80*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0145.486] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.486] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0145.487] CoTaskMemFree (pv=0x5950bd8) [0145.487] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.487] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0145.487] CoTaskMemFree (pv=0x5950bd8) [0145.487] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x283208c, cb=0xc | out: lpmodinfo=0x283208c*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0145.488] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.488] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0145.489] CoTaskMemFree (pv=0x5950bd8) [0145.489] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.489] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0145.490] CoTaskMemFree (pv=0x5950bd8) [0145.490] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x2834264, cb=0xc | out: lpmodinfo=0x2834264*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0145.491] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.491] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0145.492] CoTaskMemFree (pv=0x5950bd8) [0145.492] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.492] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0145.493] CoTaskMemFree (pv=0x5950bd8) [0145.493] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x2836460, cb=0xc | out: lpmodinfo=0x2836460*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0145.493] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.493] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0145.494] CoTaskMemFree (pv=0x5950bd8) [0145.494] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.494] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0145.495] CoTaskMemFree (pv=0x5950bd8) [0145.495] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x283865c, cb=0xc | out: lpmodinfo=0x283865c*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0145.496] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.496] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0145.497] CoTaskMemFree (pv=0x5950bd8) [0145.497] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.497] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0145.498] CoTaskMemFree (pv=0x5950bd8) [0145.498] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x283a81c, cb=0xc | out: lpmodinfo=0x283a81c*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0145.498] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.498] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0145.499] CoTaskMemFree (pv=0x5950bd8) [0145.499] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.499] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0145.501] CoTaskMemFree (pv=0x5950bd8) [0145.501] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x283c978, cb=0xc | out: lpmodinfo=0x283c978*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0145.501] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.501] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0145.502] CoTaskMemFree (pv=0x5950bd8) [0145.502] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.502] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0145.503] CoTaskMemFree (pv=0x5950bd8) [0145.503] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x283ea90, cb=0xc | out: lpmodinfo=0x283ea90*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0145.504] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.504] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0145.505] CoTaskMemFree (pv=0x5950bd8) [0145.505] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.505] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0145.506] CoTaskMemFree (pv=0x5950bd8) [0145.506] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x2840ba8, cb=0xc | out: lpmodinfo=0x2840ba8*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0145.507] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.507] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0145.507] CoTaskMemFree (pv=0x5950bd8) [0145.507] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.507] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0145.508] CoTaskMemFree (pv=0x5950bd8) [0145.508] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x2842cc0, cb=0xc | out: lpmodinfo=0x2842cc0*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0145.509] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.509] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0145.510] CoTaskMemFree (pv=0x5950bd8) [0145.510] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.510] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0145.511] CoTaskMemFree (pv=0x5950bd8) [0145.511] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x2844dd8, cb=0xc | out: lpmodinfo=0x2844dd8*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0145.512] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.512] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0145.513] CoTaskMemFree (pv=0x5950bd8) [0145.513] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.513] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0145.514] CoTaskMemFree (pv=0x5950bd8) [0145.514] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x2846ef0, cb=0xc | out: lpmodinfo=0x2846ef0*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0145.515] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.515] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0145.516] CoTaskMemFree (pv=0x5950bd8) [0145.516] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.517] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0145.518] CoTaskMemFree (pv=0x5950bd8) [0145.518] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x2849000, cb=0xc | out: lpmodinfo=0x2849000*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0145.519] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.519] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0145.520] CoTaskMemFree (pv=0x5950bd8) [0145.520] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.520] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0145.521] CoTaskMemFree (pv=0x5950bd8) [0145.521] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x284b120, cb=0xc | out: lpmodinfo=0x284b120*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0145.522] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.522] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0145.523] CoTaskMemFree (pv=0x5950bd8) [0145.523] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.523] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0145.525] CoTaskMemFree (pv=0x5950bd8) [0145.525] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x284d238, cb=0xc | out: lpmodinfo=0x284d238*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0145.526] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.526] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0145.527] CoTaskMemFree (pv=0x5950bd8) [0145.527] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.527] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0145.528] CoTaskMemFree (pv=0x5950bd8) [0145.528] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x284f350, cb=0xc | out: lpmodinfo=0x284f350*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0145.529] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.529] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0145.530] CoTaskMemFree (pv=0x5950bd8) [0145.530] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.530] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0145.531] CoTaskMemFree (pv=0x5950bd8) [0145.531] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x2851458, cb=0xc | out: lpmodinfo=0x2851458*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0145.532] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.532] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0145.533] CoTaskMemFree (pv=0x5950bd8) [0145.533] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.533] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0145.534] CoTaskMemFree (pv=0x5950bd8) [0145.534] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x2853570, cb=0xc | out: lpmodinfo=0x2853570*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0145.535] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.535] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0145.536] CoTaskMemFree (pv=0x5950bd8) [0145.536] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.536] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0145.537] CoTaskMemFree (pv=0x5950bd8) [0145.537] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x2855688, cb=0xc | out: lpmodinfo=0x2855688*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0145.538] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.538] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0145.539] CoTaskMemFree (pv=0x5950bd8) [0145.540] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.540] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0145.541] CoTaskMemFree (pv=0x5950bd8) [0145.541] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x28577b4, cb=0xc | out: lpmodinfo=0x28577b4*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0145.542] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.542] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0145.543] CoTaskMemFree (pv=0x5950bd8) [0145.543] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.543] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0145.544] CoTaskMemFree (pv=0x5950bd8) [0145.544] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x28598cc, cb=0xc | out: lpmodinfo=0x28598cc*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0145.545] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.545] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0145.546] CoTaskMemFree (pv=0x5950bd8) [0145.546] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.546] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0145.549] CoTaskMemFree (pv=0x5950bd8) [0145.549] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x285b9e4, cb=0xc | out: lpmodinfo=0x285b9e4*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0145.550] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.550] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0145.551] CoTaskMemFree (pv=0x5950bd8) [0145.551] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.551] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0145.552] CoTaskMemFree (pv=0x5950bd8) [0145.552] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x285daf4, cb=0xc | out: lpmodinfo=0x285daf4*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0145.553] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.553] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0145.554] CoTaskMemFree (pv=0x5950bd8) [0145.554] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.554] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0145.555] CoTaskMemFree (pv=0x5950bd8) [0145.555] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x285fc0c, cb=0xc | out: lpmodinfo=0x285fc0c*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0145.556] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.556] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0145.557] CoTaskMemFree (pv=0x5950bd8) [0145.557] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.557] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0145.558] CoTaskMemFree (pv=0x5950bd8) [0145.558] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x2861d2c, cb=0xc | out: lpmodinfo=0x2861d2c*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0145.559] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.560] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0145.561] CoTaskMemFree (pv=0x5950bd8) [0145.561] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.561] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0145.562] CoTaskMemFree (pv=0x5950bd8) [0145.562] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x2863e44, cb=0xc | out: lpmodinfo=0x2863e44*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0145.563] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.563] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0145.564] CoTaskMemFree (pv=0x5950bd8) [0145.564] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.564] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0145.565] CoTaskMemFree (pv=0x5950bd8) [0145.565] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x2865f64, cb=0xc | out: lpmodinfo=0x2865f64*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0145.566] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.566] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0145.568] CoTaskMemFree (pv=0x5950bd8) [0145.568] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.568] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0145.569] CoTaskMemFree (pv=0x5950bd8) [0145.569] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x2868084, cb=0xc | out: lpmodinfo=0x2868084*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0145.570] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.570] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0145.571] CoTaskMemFree (pv=0x5950bd8) [0145.571] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.571] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0145.572] CoTaskMemFree (pv=0x5950bd8) [0145.572] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x286a1ac, cb=0xc | out: lpmodinfo=0x286a1ac*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0145.573] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.573] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0145.574] CoTaskMemFree (pv=0x5950bd8) [0145.574] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.574] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0145.576] CoTaskMemFree (pv=0x5950bd8) [0145.576] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x286c2c4, cb=0xc | out: lpmodinfo=0x286c2c4*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0145.577] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.577] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0145.578] CoTaskMemFree (pv=0x5950bd8) [0145.578] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.578] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0145.579] CoTaskMemFree (pv=0x5950bd8) [0145.579] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x286e3e4, cb=0xc | out: lpmodinfo=0x286e3e4*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0145.581] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.581] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0145.582] CoTaskMemFree (pv=0x5950bd8) [0145.582] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.582] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0145.583] CoTaskMemFree (pv=0x5950bd8) [0145.583] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x2870504, cb=0xc | out: lpmodinfo=0x2870504*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0145.584] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.584] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0145.585] CoTaskMemFree (pv=0x5950bd8) [0145.585] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.585] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0145.587] CoTaskMemFree (pv=0x5950bd8) [0145.587] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x287261c, cb=0xc | out: lpmodinfo=0x287261c*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0145.588] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.588] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0145.589] CoTaskMemFree (pv=0x5950bd8) [0145.589] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.589] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0145.590] CoTaskMemFree (pv=0x5950bd8) [0145.590] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x2874948, cb=0xc | out: lpmodinfo=0x2874948*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0145.591] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.591] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0145.593] CoTaskMemFree (pv=0x5950bd8) [0145.593] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.593] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0145.595] CoTaskMemFree (pv=0x5950bd8) [0145.595] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x2876a60, cb=0xc | out: lpmodinfo=0x2876a60*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0145.597] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.597] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0145.598] CoTaskMemFree (pv=0x5950bd8) [0145.598] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.598] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0145.599] CoTaskMemFree (pv=0x5950bd8) [0145.599] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x2878b78, cb=0xc | out: lpmodinfo=0x2878b78*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0145.601] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.601] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0145.602] CoTaskMemFree (pv=0x5950bd8) [0145.602] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.602] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0145.603] CoTaskMemFree (pv=0x5950bd8) [0145.603] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x287ac90, cb=0xc | out: lpmodinfo=0x287ac90*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0145.604] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.604] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0145.705] CoTaskMemFree (pv=0x5950bd8) [0145.705] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.705] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0145.706] CoTaskMemFree (pv=0x5950bd8) [0145.706] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x287cdc4, cb=0xc | out: lpmodinfo=0x287cdc4*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0145.708] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.708] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0145.709] CoTaskMemFree (pv=0x5950bd8) [0145.710] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.710] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0145.711] CoTaskMemFree (pv=0x5950bd8) [0145.711] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x287eedc, cb=0xc | out: lpmodinfo=0x287eedc*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0145.713] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.713] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0145.715] CoTaskMemFree (pv=0x5950bd8) [0145.715] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.715] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0145.716] CoTaskMemFree (pv=0x5950bd8) [0145.716] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x2880fec, cb=0xc | out: lpmodinfo=0x2880fec*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0145.718] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.718] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0145.719] CoTaskMemFree (pv=0x5950bd8) [0145.719] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.719] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0145.720] CoTaskMemFree (pv=0x5950bd8) [0145.720] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x28831c0, cb=0xc | out: lpmodinfo=0x28831c0*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0145.722] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.722] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0145.723] CoTaskMemFree (pv=0x5950bd8) [0145.723] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.723] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0145.725] CoTaskMemFree (pv=0x5950bd8) [0145.725] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x288537c, cb=0xc | out: lpmodinfo=0x288537c*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0145.726] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.726] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0145.728] CoTaskMemFree (pv=0x5950bd8) [0145.728] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.728] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0145.729] CoTaskMemFree (pv=0x5950bd8) [0145.729] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x28874ac, cb=0xc | out: lpmodinfo=0x28874ac*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0145.731] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.731] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0145.733] CoTaskMemFree (pv=0x5950bd8) [0145.733] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0145.733] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0145.790] CoTaskMemFree (pv=0x5950bd8) [0145.790] CloseHandle (hObject=0x640) returned 1 [0145.802] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0145.802] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0145.802] lstrlenA (lpString="ActivateActCtx") returned 14 [0145.802] lstrlenA (lpString="AddAtomA") returned 8 [0145.802] lstrlenA (lpString="AddAtomW") returned 8 [0145.802] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0145.802] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0145.802] lstrlenA (lpString="AddDllDirectory") returned 15 [0145.802] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0145.803] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0145.803] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0145.803] lstrlenA (lpString="AddRefActCtx") returned 12 [0145.803] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0145.803] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0145.803] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0145.803] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0145.803] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0145.803] lstrlenA (lpString="AllocConsole") returned 12 [0145.803] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0145.804] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0145.804] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0145.804] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0145.804] lstrlenA (lpString="AreFileApisANSI") returned 15 [0145.804] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0145.804] lstrlenA (lpString="AttachConsole") returned 13 [0145.804] lstrlenA (lpString="BackupRead") returned 10 [0145.804] lstrlenA (lpString="BackupSeek") returned 10 [0145.804] lstrlenA (lpString="BackupWrite") returned 11 [0145.804] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0145.805] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0145.805] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0145.805] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0145.805] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0145.805] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0145.805] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0145.805] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0145.805] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0145.805] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0145.806] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0145.806] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0145.806] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0145.806] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0145.806] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0145.806] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0145.806] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0145.806] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0145.806] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0145.806] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0145.807] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0145.807] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0145.807] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0145.807] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0145.807] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0145.807] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0145.807] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0145.807] lstrlenA (lpString="Beep") returned 4 [0145.807] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0145.807] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0145.808] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0145.808] lstrlenA (lpString="BuildCommDCBA") returned 13 [0145.808] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0145.808] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0145.808] lstrlenA (lpString="BuildCommDCBW") returned 13 [0145.808] lstrlenA (lpString="CallNamedPipeA") returned 14 [0145.808] lstrlenA (lpString="CallNamedPipeW") returned 14 [0145.808] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0145.808] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0145.809] lstrlenA (lpString="CancelIo") returned 8 [0145.809] lstrlenA (lpString="CancelIoEx") returned 10 [0145.809] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0145.809] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0145.809] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0145.809] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0145.809] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0145.810] lstrlenA (lpString="CheckElevation") returned 14 [0145.810] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0145.810] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0145.810] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0145.810] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0145.810] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0145.810] lstrlenA (lpString="ClearCommBreak") returned 14 [0145.810] lstrlenA (lpString="ClearCommError") returned 14 [0145.810] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0145.810] lstrlenA (lpString="CloseHandle") returned 11 [0145.811] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0145.811] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0145.811] lstrlenA (lpString="CloseThreadpool") returned 15 [0145.811] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0145.811] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0145.811] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0145.811] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0145.811] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0145.811] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0145.811] lstrlenA (lpString="CmdBatNotification") returned 18 [0145.812] lstrlenA (lpString="CommConfigDialogA") returned 17 [0145.812] lstrlenA (lpString="CommConfigDialogW") returned 17 [0145.812] lstrlenA (lpString="CompareCalendarDates") returned 20 [0145.812] lstrlenA (lpString="CompareFileTime") returned 15 [0145.812] lstrlenA (lpString="CompareStringA") returned 14 [0145.812] lstrlenA (lpString="CompareStringEx") returned 15 [0145.812] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0145.813] lstrlenA (lpString="CompareStringW") returned 14 [0145.813] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0145.813] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0145.813] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0145.813] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0145.813] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0145.813] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0145.813] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0145.813] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0145.813] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0145.814] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0145.814] lstrlenA (lpString="CopyContext") returned 11 [0145.814] lstrlenA (lpString="CopyFileA") returned 9 [0145.814] lstrlenA (lpString="CopyFileExA") returned 11 [0145.814] lstrlenA (lpString="CopyFileExW") returned 11 [0145.814] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0145.814] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0145.814] lstrlenA (lpString="CopyFileW") returned 9 [0145.814] lstrlenA (lpString="CopyLZFile") returned 10 [0145.814] lstrlenA (lpString="CreateActCtxA") returned 13 [0145.815] lstrlenA (lpString="CreateActCtxW") returned 13 [0145.815] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0145.815] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0145.815] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0145.815] lstrlenA (lpString="CreateDirectoryA") returned 16 [0145.815] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0145.815] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0145.815] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0145.815] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0145.816] lstrlenA (lpString="CreateDirectoryW") returned 16 [0145.816] lstrlenA (lpString="CreateEventA") returned 12 [0145.816] lstrlenA (lpString="CreateEventExA") returned 14 [0145.816] lstrlenA (lpString="CreateEventExW") returned 14 [0145.816] lstrlenA (lpString="CreateEventW") returned 12 [0145.816] lstrlenA (lpString="CreateFiber") returned 11 [0145.816] lstrlenA (lpString="CreateFiberEx") returned 13 [0145.816] lstrlenA (lpString="CreateFileA") returned 11 [0145.816] lstrlenA (lpString="CreateFileMappingA") returned 18 [0145.816] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0145.816] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0145.816] lstrlenA (lpString="CreateFileMappingW") returned 18 [0145.816] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0145.817] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0145.817] lstrlenA (lpString="CreateFileW") returned 11 [0145.817] lstrlenA (lpString="CreateHardLinkA") returned 15 [0145.817] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0145.817] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0145.817] lstrlenA (lpString="CreateHardLinkW") returned 15 [0145.817] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0145.817] lstrlenA (lpString="CreateJobObjectA") returned 16 [0145.817] lstrlenA (lpString="CreateJobObjectW") returned 16 [0145.817] lstrlenA (lpString="CreateJobSet") returned 12 [0145.817] lstrlenA (lpString="CreateMailslotA") returned 15 [0145.818] lstrlenA (lpString="CreateMailslotW") returned 15 [0145.818] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0145.818] lstrlenA (lpString="CreateMutexA") returned 12 [0145.818] lstrlenA (lpString="CreateMutexExA") returned 14 [0145.818] lstrlenA (lpString="CreateMutexExW") returned 14 [0145.818] lstrlenA (lpString="CreateMutexW") returned 12 [0145.818] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0145.818] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0145.818] lstrlenA (lpString="CreatePipe") returned 10 [0145.818] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0145.818] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0145.819] lstrlenA (lpString="CreateProcessA") returned 14 [0145.819] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0145.819] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0145.819] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0145.819] lstrlenA (lpString="CreateProcessW") returned 14 [0145.819] lstrlenA (lpString="CreateRemoteThread") returned 18 [0145.819] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0145.819] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0145.819] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0145.819] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0145.819] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0145.819] lstrlenA (lpString="CreateSocketHandle") returned 18 [0145.820] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0145.820] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0145.820] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0145.820] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0145.820] lstrlenA (lpString="CreateTapePartition") returned 19 [0145.820] lstrlenA (lpString="CreateThread") returned 12 [0145.820] lstrlenA (lpString="CreateThreadpool") returned 16 [0145.820] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0145.820] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0145.820] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0145.820] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0145.820] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0145.821] lstrlenA (lpString="CreateTimerQueue") returned 16 [0145.821] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0145.821] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0145.821] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0145.821] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0145.821] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0145.821] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0145.821] lstrlenA (lpString="CtrlRoutine") returned 11 [0145.821] lstrlenA (lpString="DeactivateActCtx") returned 16 [0145.821] lstrlenA (lpString="DebugActiveProcess") returned 18 [0145.821] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0145.822] lstrlenA (lpString="DebugBreak") returned 10 [0145.822] lstrlenA (lpString="DebugBreakProcess") returned 17 [0145.822] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0145.822] lstrlenA (lpString="DecodePointer") returned 13 [0145.822] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0145.822] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0145.822] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0145.822] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0145.822] lstrlenA (lpString="DeleteAtom") returned 10 [0145.822] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0145.822] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0145.823] lstrlenA (lpString="DeleteFiber") returned 11 [0145.823] lstrlenA (lpString="DeleteFileA") returned 11 [0145.823] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0145.823] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0145.823] lstrlenA (lpString="DeleteFileW") returned 11 [0145.823] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0145.823] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0145.823] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0145.823] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0145.823] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0145.823] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0145.824] lstrlenA (lpString="DeviceIoControl") returned 15 [0145.824] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0145.824] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0145.824] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0145.824] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0145.824] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0145.824] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0145.824] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0145.825] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0145.825] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0145.825] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0145.825] lstrlenA (lpString="DuplicateHandle") returned 15 [0145.825] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0145.825] lstrlenA (lpString="EncodePointer") returned 13 [0145.825] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0145.825] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0145.825] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0145.825] lstrlenA (lpString="EnterCriticalSection") returned 20 [0145.825] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0145.826] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0145.826] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0145.826] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0145.826] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0145.826] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0145.826] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0145.826] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0145.826] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0145.924] VirtualAllocEx (hProcess=0x638, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0146.135] EnumProcessModules (in: hProcess=0x640, lphModule=0x2677e54, cb=0x100, lpcbNeeded=0x2dc658 | out: lphModule=0x2677e54, lpcbNeeded=0x2dc658) returned 1 [0146.136] EnumProcessModules (in: hProcess=0x640, lphModule=0x2677f60, cb=0x200, lpcbNeeded=0x2dc658 | out: lphModule=0x2677f60, lpcbNeeded=0x2dc658) returned 1 [0146.138] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x26781a0, cb=0xc | out: lpmodinfo=0x26781a0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0146.138] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.138] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0146.139] CoTaskMemFree (pv=0x5950bd8) [0146.139] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.139] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0146.139] CoTaskMemFree (pv=0x5950bd8) [0146.139] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x267b98c, cb=0xc | out: lpmodinfo=0x267b98c*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0146.139] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.139] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0146.140] CoTaskMemFree (pv=0x5950bd8) [0146.140] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.140] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0146.140] CoTaskMemFree (pv=0x5950bd8) [0146.140] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x267e05c, cb=0xc | out: lpmodinfo=0x267e05c*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0146.140] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.140] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0146.141] CoTaskMemFree (pv=0x5950bd8) [0146.141] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.141] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0146.148] CoTaskMemFree (pv=0x5950bd8) [0146.148] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x2680374, cb=0xc | out: lpmodinfo=0x2680374*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0146.149] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.149] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0146.149] CoTaskMemFree (pv=0x5950bd8) [0146.149] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.149] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0146.149] CoTaskMemFree (pv=0x5950bd8) [0146.149] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x26830d4, cb=0xc | out: lpmodinfo=0x26830d4*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0146.150] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.150] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0146.150] CoTaskMemFree (pv=0x5950bd8) [0146.150] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.150] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0146.150] CoTaskMemFree (pv=0x5950bd8) [0146.150] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x2688e7c, cb=0xc | out: lpmodinfo=0x2688e7c*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0146.151] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.151] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0146.151] CoTaskMemFree (pv=0x5950bd8) [0146.151] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.151] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0146.151] CoTaskMemFree (pv=0x5950bd8) [0146.151] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x268b8b0, cb=0xc | out: lpmodinfo=0x268b8b0*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0146.152] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.152] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0146.152] CoTaskMemFree (pv=0x5950bd8) [0146.152] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.152] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0146.152] CoTaskMemFree (pv=0x5950bd8) [0146.153] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x268d9c8, cb=0xc | out: lpmodinfo=0x268d9c8*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0146.153] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.153] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0146.154] CoTaskMemFree (pv=0x5950bd8) [0146.154] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.154] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0146.154] CoTaskMemFree (pv=0x5950bd8) [0146.154] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x269104c, cb=0xc | out: lpmodinfo=0x269104c*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0146.155] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.155] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0146.155] CoTaskMemFree (pv=0x5950bd8) [0146.155] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.155] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0146.156] CoTaskMemFree (pv=0x5950bd8) [0146.156] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x2694220, cb=0xc | out: lpmodinfo=0x2694220*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0146.156] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.156] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0146.157] CoTaskMemFree (pv=0x5950bd8) [0146.157] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.157] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0146.157] CoTaskMemFree (pv=0x5950bd8) [0146.157] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x2697394, cb=0xc | out: lpmodinfo=0x2697394*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0146.157] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.158] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0146.158] CoTaskMemFree (pv=0x5950bd8) [0146.158] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.158] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0146.158] CoTaskMemFree (pv=0x5950bd8) [0146.158] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x269a568, cb=0xc | out: lpmodinfo=0x269a568*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0146.159] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.159] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0146.159] CoTaskMemFree (pv=0x5950bd8) [0146.159] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.159] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0146.160] CoTaskMemFree (pv=0x5950bd8) [0146.160] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x269d758, cb=0xc | out: lpmodinfo=0x269d758*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0146.160] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.160] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0146.161] CoTaskMemFree (pv=0x5950bd8) [0146.161] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.161] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0146.162] CoTaskMemFree (pv=0x5950bd8) [0146.162] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x26a08dc, cb=0xc | out: lpmodinfo=0x26a08dc*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0146.162] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.162] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0146.163] CoTaskMemFree (pv=0x5950bd8) [0146.163] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.163] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0146.163] CoTaskMemFree (pv=0x5950bd8) [0146.163] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x26a3ac0, cb=0xc | out: lpmodinfo=0x26a3ac0*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0146.164] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.164] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0146.164] CoTaskMemFree (pv=0x5950bd8) [0146.164] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.164] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0146.165] CoTaskMemFree (pv=0x5950bd8) [0146.165] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x26a6c4c, cb=0xc | out: lpmodinfo=0x26a6c4c*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0146.165] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.165] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0146.166] CoTaskMemFree (pv=0x5950bd8) [0146.166] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.166] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0146.166] CoTaskMemFree (pv=0x5950bd8) [0146.166] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x26a9ea4, cb=0xc | out: lpmodinfo=0x26a9ea4*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0146.167] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.167] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0146.167] CoTaskMemFree (pv=0x5950bd8) [0146.167] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.168] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0146.168] CoTaskMemFree (pv=0x5950bd8) [0146.168] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x26ad0a8, cb=0xc | out: lpmodinfo=0x26ad0a8*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0146.169] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.169] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0146.169] CoTaskMemFree (pv=0x5950bd8) [0146.169] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.169] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0146.170] CoTaskMemFree (pv=0x5950bd8) [0146.170] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x26b01e0, cb=0xc | out: lpmodinfo=0x26b01e0*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0146.170] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.170] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0146.171] CoTaskMemFree (pv=0x5950bd8) [0146.171] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.171] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0146.172] CoTaskMemFree (pv=0x5950bd8) [0146.172] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x26b33dc, cb=0xc | out: lpmodinfo=0x26b33dc*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0146.172] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.172] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0146.173] CoTaskMemFree (pv=0x5950bd8) [0146.173] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.173] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0146.174] CoTaskMemFree (pv=0x5950bd8) [0146.174] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x26b6594, cb=0xc | out: lpmodinfo=0x26b6594*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0146.174] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.174] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0146.175] CoTaskMemFree (pv=0x5950bd8) [0146.175] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.175] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0146.176] CoTaskMemFree (pv=0x5950bd8) [0146.176] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x26b9714, cb=0xc | out: lpmodinfo=0x26b9714*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0146.176] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.176] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0146.177] CoTaskMemFree (pv=0x5950bd8) [0146.177] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.177] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0146.178] CoTaskMemFree (pv=0x5950bd8) [0146.178] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x26bc928, cb=0xc | out: lpmodinfo=0x26bc928*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0146.178] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.178] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0146.179] CoTaskMemFree (pv=0x5950bd8) [0146.179] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.179] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0146.180] CoTaskMemFree (pv=0x5950bd8) [0146.180] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x26bfaf4, cb=0xc | out: lpmodinfo=0x26bfaf4*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0146.180] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.180] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0146.181] CoTaskMemFree (pv=0x5950bd8) [0146.181] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.181] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0146.182] CoTaskMemFree (pv=0x5950bd8) [0146.182] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x26c2d54, cb=0xc | out: lpmodinfo=0x26c2d54*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0146.183] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.183] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0146.183] CoTaskMemFree (pv=0x5950bd8) [0146.183] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.183] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0146.184] CoTaskMemFree (pv=0x5950bd8) [0146.184] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x26c5f5c, cb=0xc | out: lpmodinfo=0x26c5f5c*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0146.185] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.185] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0146.186] CoTaskMemFree (pv=0x5950bd8) [0146.186] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.186] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0146.187] CoTaskMemFree (pv=0x5950bd8) [0146.187] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x26c90d4, cb=0xc | out: lpmodinfo=0x26c90d4*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0146.187] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.187] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0146.189] CoTaskMemFree (pv=0x5950bd8) [0146.189] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.189] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0146.190] CoTaskMemFree (pv=0x5950bd8) [0146.190] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x26cc2a0, cb=0xc | out: lpmodinfo=0x26cc2a0*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0146.190] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.190] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0146.191] CoTaskMemFree (pv=0x5950bd8) [0146.191] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.191] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0146.192] CoTaskMemFree (pv=0x5950bd8) [0146.192] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x26cf518, cb=0xc | out: lpmodinfo=0x26cf518*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0146.193] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.193] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0146.194] CoTaskMemFree (pv=0x5950bd8) [0146.194] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.194] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0146.195] CoTaskMemFree (pv=0x5950bd8) [0146.195] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x26d2784, cb=0xc | out: lpmodinfo=0x26d2784*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0146.195] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.196] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0146.196] CoTaskMemFree (pv=0x5950bd8) [0146.196] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.196] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0146.197] CoTaskMemFree (pv=0x5950bd8) [0146.197] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x26d5ba8, cb=0xc | out: lpmodinfo=0x26d5ba8*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0146.198] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.198] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0146.199] CoTaskMemFree (pv=0x5950bd8) [0146.199] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.199] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0146.200] CoTaskMemFree (pv=0x5950bd8) [0146.200] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x26d8eb8, cb=0xc | out: lpmodinfo=0x26d8eb8*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0146.201] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.201] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0146.202] CoTaskMemFree (pv=0x5950bd8) [0146.202] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.202] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0146.203] CoTaskMemFree (pv=0x5950bd8) [0146.203] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x26dc1fc, cb=0xc | out: lpmodinfo=0x26dc1fc*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0146.203] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.203] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0146.204] CoTaskMemFree (pv=0x5950bd8) [0146.204] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.204] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0146.205] CoTaskMemFree (pv=0x5950bd8) [0146.205] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x26df4f4, cb=0xc | out: lpmodinfo=0x26df4f4*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0146.206] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.206] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0146.207] CoTaskMemFree (pv=0x5950bd8) [0146.207] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.207] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0146.208] CoTaskMemFree (pv=0x5950bd8) [0146.208] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x26e2594, cb=0xc | out: lpmodinfo=0x26e2594*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0146.209] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.209] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0146.210] CoTaskMemFree (pv=0x5950bd8) [0146.210] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.210] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0146.211] CoTaskMemFree (pv=0x5950bd8) [0146.211] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x26e5730, cb=0xc | out: lpmodinfo=0x26e5730*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0146.212] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.212] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0146.213] CoTaskMemFree (pv=0x5950bd8) [0146.213] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.213] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0146.214] CoTaskMemFree (pv=0x5950bd8) [0146.214] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x26e88f4, cb=0xc | out: lpmodinfo=0x26e88f4*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0146.215] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.215] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0146.216] CoTaskMemFree (pv=0x5950bd8) [0146.216] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.216] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0146.217] CoTaskMemFree (pv=0x5950bd8) [0146.217] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x26eba58, cb=0xc | out: lpmodinfo=0x26eba58*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0146.218] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.218] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0146.219] CoTaskMemFree (pv=0x5950bd8) [0146.219] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.219] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0146.220] CoTaskMemFree (pv=0x5950bd8) [0146.220] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x26eebb4, cb=0xc | out: lpmodinfo=0x26eebb4*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0146.221] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.221] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0146.222] CoTaskMemFree (pv=0x5950bd8) [0146.222] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.222] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0146.223] CoTaskMemFree (pv=0x5950bd8) [0146.223] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x26f1d00, cb=0xc | out: lpmodinfo=0x26f1d00*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0146.224] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.224] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0146.225] CoTaskMemFree (pv=0x5950bd8) [0146.225] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.225] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0146.226] CoTaskMemFree (pv=0x5950bd8) [0146.226] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x26f4eb0, cb=0xc | out: lpmodinfo=0x26f4eb0*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0146.227] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.227] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0146.228] CoTaskMemFree (pv=0x5950bd8) [0146.228] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.228] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0146.229] CoTaskMemFree (pv=0x5950bd8) [0146.229] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x26f8044, cb=0xc | out: lpmodinfo=0x26f8044*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0146.230] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.230] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0146.231] CoTaskMemFree (pv=0x5950bd8) [0146.231] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.231] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0146.232] CoTaskMemFree (pv=0x5950bd8) [0146.233] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x26fb200, cb=0xc | out: lpmodinfo=0x26fb200*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0146.234] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.234] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0146.235] CoTaskMemFree (pv=0x5950bd8) [0146.235] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.235] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0146.236] CoTaskMemFree (pv=0x5950bd8) [0146.236] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x26fe38c, cb=0xc | out: lpmodinfo=0x26fe38c*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0146.237] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.237] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0146.238] CoTaskMemFree (pv=0x5950bd8) [0146.238] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.238] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0146.239] CoTaskMemFree (pv=0x5950bd8) [0146.239] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x270153c, cb=0xc | out: lpmodinfo=0x270153c*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0146.240] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.240] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0146.242] CoTaskMemFree (pv=0x5950bd8) [0146.242] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.242] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0146.243] CoTaskMemFree (pv=0x5950bd8) [0146.243] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x27046dc, cb=0xc | out: lpmodinfo=0x27046dc*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0146.244] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.244] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0146.245] CoTaskMemFree (pv=0x5950bd8) [0146.245] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.245] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0146.246] CoTaskMemFree (pv=0x5950bd8) [0146.246] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x27078a4, cb=0xc | out: lpmodinfo=0x27078a4*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0146.247] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.247] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0146.250] CoTaskMemFree (pv=0x5950bd8) [0146.250] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.250] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0146.251] CoTaskMemFree (pv=0x5950bd8) [0146.251] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x270aa38, cb=0xc | out: lpmodinfo=0x270aa38*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0146.252] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.252] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0146.254] CoTaskMemFree (pv=0x5950bd8) [0146.254] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.254] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0146.255] CoTaskMemFree (pv=0x5950bd8) [0146.255] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x270dbfc, cb=0xc | out: lpmodinfo=0x270dbfc*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0146.256] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.256] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0146.257] CoTaskMemFree (pv=0x5950bd8) [0146.257] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.257] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0146.258] CoTaskMemFree (pv=0x5950bd8) [0146.259] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x2710d94, cb=0xc | out: lpmodinfo=0x2710d94*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0146.260] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.260] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0146.261] CoTaskMemFree (pv=0x5950bd8) [0146.261] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.261] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0146.262] CoTaskMemFree (pv=0x5950bd8) [0146.262] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x2713f5c, cb=0xc | out: lpmodinfo=0x2713f5c*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0146.263] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.264] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0146.265] CoTaskMemFree (pv=0x5950bd8) [0146.265] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.265] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0146.266] CoTaskMemFree (pv=0x5950bd8) [0146.266] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x27172f8, cb=0xc | out: lpmodinfo=0x27172f8*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0146.267] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.267] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0146.269] CoTaskMemFree (pv=0x5950bd8) [0146.269] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.269] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0146.270] CoTaskMemFree (pv=0x5950bd8) [0146.270] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x271a4b8, cb=0xc | out: lpmodinfo=0x271a4b8*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0146.271] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.271] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0146.273] CoTaskMemFree (pv=0x5950bd8) [0146.273] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.273] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0146.274] CoTaskMemFree (pv=0x5950bd8) [0146.274] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x271d650, cb=0xc | out: lpmodinfo=0x271d650*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0146.275] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.275] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0146.277] CoTaskMemFree (pv=0x5950bd8) [0146.277] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.277] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0146.278] CoTaskMemFree (pv=0x5950bd8) [0146.278] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x2720824, cb=0xc | out: lpmodinfo=0x2720824*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0146.279] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.279] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0146.282] CoTaskMemFree (pv=0x5950bd8) [0146.282] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.282] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0146.283] CoTaskMemFree (pv=0x5950bd8) [0146.283] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x27239b4, cb=0xc | out: lpmodinfo=0x27239b4*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0146.284] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.284] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0146.286] CoTaskMemFree (pv=0x5950bd8) [0146.286] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.286] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0146.287] CoTaskMemFree (pv=0x5950bd8) [0146.287] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x2726ccc, cb=0xc | out: lpmodinfo=0x2726ccc*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0146.288] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.289] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0146.290] CoTaskMemFree (pv=0x5950bd8) [0146.290] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.290] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0146.291] CoTaskMemFree (pv=0x5950bd8) [0146.291] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x2729e7c, cb=0xc | out: lpmodinfo=0x2729e7c*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0146.293] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.293] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0146.294] CoTaskMemFree (pv=0x5950bd8) [0146.294] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.294] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0146.296] CoTaskMemFree (pv=0x5950bd8) [0146.296] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x272d660, cb=0xc | out: lpmodinfo=0x272d660*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0146.297] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.297] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0146.299] CoTaskMemFree (pv=0x5950bd8) [0146.299] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.299] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0146.300] CoTaskMemFree (pv=0x5950bd8) [0146.300] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x272f780, cb=0xc | out: lpmodinfo=0x272f780*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0146.302] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.302] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0146.303] CoTaskMemFree (pv=0x5950bd8) [0146.303] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.303] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0146.304] CoTaskMemFree (pv=0x5950bd8) [0146.305] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x27318a8, cb=0xc | out: lpmodinfo=0x27318a8*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0146.306] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.306] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0146.307] CoTaskMemFree (pv=0x5950bd8) [0146.307] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.308] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0146.309] CoTaskMemFree (pv=0x5950bd8) [0146.309] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x27339c0, cb=0xc | out: lpmodinfo=0x27339c0*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0146.310] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.310] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0146.312] CoTaskMemFree (pv=0x5950bd8) [0146.312] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.312] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0146.314] CoTaskMemFree (pv=0x5950bd8) [0146.314] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x2735b78, cb=0xc | out: lpmodinfo=0x2735b78*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0146.315] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.315] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0146.317] CoTaskMemFree (pv=0x5950bd8) [0146.317] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.317] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0146.318] CoTaskMemFree (pv=0x5950bd8) [0146.318] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x2738490, cb=0xc | out: lpmodinfo=0x2738490*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0146.320] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.320] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0146.321] CoTaskMemFree (pv=0x5950bd8) [0146.321] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.321] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0146.323] CoTaskMemFree (pv=0x5950bd8) [0146.323] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x273a678, cb=0xc | out: lpmodinfo=0x273a678*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0146.324] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.324] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0146.326] CoTaskMemFree (pv=0x5950bd8) [0146.326] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.326] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0146.328] CoTaskMemFree (pv=0x5950bd8) [0146.328] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x273ce64, cb=0xc | out: lpmodinfo=0x273ce64*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0146.330] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.330] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0146.331] CoTaskMemFree (pv=0x5950bd8) [0146.331] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.331] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0146.333] CoTaskMemFree (pv=0x5950bd8) [0146.333] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x273fe0c, cb=0xc | out: lpmodinfo=0x273fe0c*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0146.334] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.334] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0146.336] CoTaskMemFree (pv=0x5950bd8) [0146.336] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.336] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0146.338] CoTaskMemFree (pv=0x5950bd8) [0146.338] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x27427c0, cb=0xc | out: lpmodinfo=0x27427c0*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0146.339] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.339] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0146.341] CoTaskMemFree (pv=0x5950bd8) [0146.341] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.341] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0146.343] CoTaskMemFree (pv=0x5950bd8) [0146.343] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x2745960, cb=0xc | out: lpmodinfo=0x2745960*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0146.344] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.344] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0146.346] CoTaskMemFree (pv=0x5950bd8) [0146.346] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.346] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0146.348] CoTaskMemFree (pv=0x5950bd8) [0146.348] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x2748b68, cb=0xc | out: lpmodinfo=0x2748b68*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0146.349] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.349] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0146.351] CoTaskMemFree (pv=0x5950bd8) [0146.351] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.351] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0146.353] CoTaskMemFree (pv=0x5950bd8) [0146.353] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x274bce4, cb=0xc | out: lpmodinfo=0x274bce4*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0146.354] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.354] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0146.356] CoTaskMemFree (pv=0x5950bd8) [0146.356] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.356] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0146.357] CoTaskMemFree (pv=0x5950bd8) [0146.357] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x274eee4, cb=0xc | out: lpmodinfo=0x274eee4*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0146.359] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.359] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0146.360] CoTaskMemFree (pv=0x5950bd8) [0146.361] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.361] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0146.362] CoTaskMemFree (pv=0x5950bd8) [0146.362] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x2752134, cb=0xc | out: lpmodinfo=0x2752134*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0146.364] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.364] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0146.365] CoTaskMemFree (pv=0x5950bd8) [0146.365] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.365] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0146.367] CoTaskMemFree (pv=0x5950bd8) [0146.367] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x2755318, cb=0xc | out: lpmodinfo=0x2755318*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0146.369] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.369] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0146.370] CoTaskMemFree (pv=0x5950bd8) [0146.370] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.370] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0146.372] CoTaskMemFree (pv=0x5950bd8) [0146.372] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x2758468, cb=0xc | out: lpmodinfo=0x2758468*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0146.375] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.375] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0146.377] CoTaskMemFree (pv=0x5950bd8) [0146.377] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.377] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0146.378] CoTaskMemFree (pv=0x5950bd8) [0146.379] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0146.379] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0146.379] lstrlenA (lpString="ActivateActCtx") returned 14 [0146.379] lstrlenA (lpString="AddAtomA") returned 8 [0146.379] lstrlenA (lpString="AddAtomW") returned 8 [0146.379] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0146.379] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0146.380] lstrlenA (lpString="AddDllDirectory") returned 15 [0146.380] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0146.380] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0146.380] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0146.380] lstrlenA (lpString="AddRefActCtx") returned 12 [0146.380] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0146.380] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0146.380] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0146.380] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0146.380] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0146.381] lstrlenA (lpString="AllocConsole") returned 12 [0146.381] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0146.381] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0146.381] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0146.381] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0146.381] lstrlenA (lpString="AreFileApisANSI") returned 15 [0146.381] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0146.381] lstrlenA (lpString="AttachConsole") returned 13 [0146.381] lstrlenA (lpString="BackupRead") returned 10 [0146.381] lstrlenA (lpString="BackupSeek") returned 10 [0146.382] lstrlenA (lpString="BackupWrite") returned 11 [0146.382] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0146.382] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0146.382] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0146.382] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0146.382] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0146.382] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0146.382] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0146.382] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0146.382] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0146.383] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0146.383] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0146.383] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0146.383] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0146.383] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0146.383] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0146.383] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0146.383] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0146.383] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0146.383] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0146.384] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0146.384] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0146.384] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0146.384] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0146.384] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0146.384] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0146.384] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0146.384] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0146.384] lstrlenA (lpString="Beep") returned 4 [0146.385] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0146.385] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0146.385] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0146.385] lstrlenA (lpString="BuildCommDCBA") returned 13 [0146.385] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0146.385] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0146.385] lstrlenA (lpString="BuildCommDCBW") returned 13 [0146.385] lstrlenA (lpString="CallNamedPipeA") returned 14 [0146.385] lstrlenA (lpString="CallNamedPipeW") returned 14 [0146.385] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0146.386] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0146.386] lstrlenA (lpString="CancelIo") returned 8 [0146.386] lstrlenA (lpString="CancelIoEx") returned 10 [0146.386] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0146.386] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0146.386] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0146.386] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0146.386] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0146.386] lstrlenA (lpString="CheckElevation") returned 14 [0146.386] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0146.387] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0146.387] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0146.387] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0146.387] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0146.387] lstrlenA (lpString="ClearCommBreak") returned 14 [0146.387] lstrlenA (lpString="ClearCommError") returned 14 [0146.387] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0146.387] lstrlenA (lpString="CloseHandle") returned 11 [0146.387] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0146.387] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0146.388] lstrlenA (lpString="CloseThreadpool") returned 15 [0146.388] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0146.388] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0146.388] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0146.388] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0146.388] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0146.388] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0146.388] lstrlenA (lpString="CmdBatNotification") returned 18 [0146.388] lstrlenA (lpString="CommConfigDialogA") returned 17 [0146.388] lstrlenA (lpString="CommConfigDialogW") returned 17 [0146.389] lstrlenA (lpString="CompareCalendarDates") returned 20 [0146.389] lstrlenA (lpString="CompareFileTime") returned 15 [0146.389] lstrlenA (lpString="CompareStringA") returned 14 [0146.389] lstrlenA (lpString="CompareStringEx") returned 15 [0146.389] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0146.389] lstrlenA (lpString="CompareStringW") returned 14 [0146.389] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0146.389] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0146.390] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0146.390] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0146.390] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0146.390] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0146.390] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0146.390] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0146.390] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0146.390] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0146.390] lstrlenA (lpString="CopyContext") returned 11 [0146.390] lstrlenA (lpString="CopyFileA") returned 9 [0146.390] lstrlenA (lpString="CopyFileExA") returned 11 [0146.391] lstrlenA (lpString="CopyFileExW") returned 11 [0146.391] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0146.391] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0146.391] lstrlenA (lpString="CopyFileW") returned 9 [0146.391] lstrlenA (lpString="CopyLZFile") returned 10 [0146.391] lstrlenA (lpString="CreateActCtxA") returned 13 [0146.391] lstrlenA (lpString="CreateActCtxW") returned 13 [0146.391] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0146.391] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0146.391] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0146.391] lstrlenA (lpString="CreateDirectoryA") returned 16 [0146.391] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0146.392] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0146.392] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0146.392] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0146.392] lstrlenA (lpString="CreateDirectoryW") returned 16 [0146.392] lstrlenA (lpString="CreateEventA") returned 12 [0146.392] lstrlenA (lpString="CreateEventExA") returned 14 [0146.392] lstrlenA (lpString="CreateEventExW") returned 14 [0146.392] lstrlenA (lpString="CreateEventW") returned 12 [0146.392] lstrlenA (lpString="CreateFiber") returned 11 [0146.392] lstrlenA (lpString="CreateFiberEx") returned 13 [0146.392] lstrlenA (lpString="CreateFileA") returned 11 [0146.392] lstrlenA (lpString="CreateFileMappingA") returned 18 [0146.392] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0146.392] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0146.392] lstrlenA (lpString="CreateFileMappingW") returned 18 [0146.392] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0146.392] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0146.393] lstrlenA (lpString="CreateFileW") returned 11 [0146.393] lstrlenA (lpString="CreateHardLinkA") returned 15 [0146.393] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0146.393] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0146.393] lstrlenA (lpString="CreateHardLinkW") returned 15 [0146.393] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0146.393] lstrlenA (lpString="CreateJobObjectA") returned 16 [0146.393] lstrlenA (lpString="CreateJobObjectW") returned 16 [0146.393] lstrlenA (lpString="CreateJobSet") returned 12 [0146.393] lstrlenA (lpString="CreateMailslotA") returned 15 [0146.393] lstrlenA (lpString="CreateMailslotW") returned 15 [0146.393] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0146.393] lstrlenA (lpString="CreateMutexA") returned 12 [0146.393] lstrlenA (lpString="CreateMutexExA") returned 14 [0146.393] lstrlenA (lpString="CreateMutexExW") returned 14 [0146.394] lstrlenA (lpString="CreateMutexW") returned 12 [0146.394] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0146.394] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0146.394] lstrlenA (lpString="CreatePipe") returned 10 [0146.394] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0146.394] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0146.394] lstrlenA (lpString="CreateProcessA") returned 14 [0146.394] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0146.394] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0146.394] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0146.394] lstrlenA (lpString="CreateProcessW") returned 14 [0146.394] lstrlenA (lpString="CreateRemoteThread") returned 18 [0146.394] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0146.394] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0146.394] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0146.394] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0146.394] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0146.395] lstrlenA (lpString="CreateSocketHandle") returned 18 [0146.395] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0146.395] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0146.395] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0146.395] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0146.395] lstrlenA (lpString="CreateTapePartition") returned 19 [0146.395] lstrlenA (lpString="CreateThread") returned 12 [0146.395] lstrlenA (lpString="CreateThreadpool") returned 16 [0146.395] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0146.395] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0146.395] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0146.395] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0146.395] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0146.395] lstrlenA (lpString="CreateTimerQueue") returned 16 [0146.395] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0146.395] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0146.396] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0146.396] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0146.396] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0146.396] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0146.396] lstrlenA (lpString="CtrlRoutine") returned 11 [0146.396] lstrlenA (lpString="DeactivateActCtx") returned 16 [0146.396] lstrlenA (lpString="DebugActiveProcess") returned 18 [0146.396] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0146.396] lstrlenA (lpString="DebugBreak") returned 10 [0146.396] lstrlenA (lpString="DebugBreakProcess") returned 17 [0146.396] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0146.396] lstrlenA (lpString="DecodePointer") returned 13 [0146.396] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0146.396] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0146.396] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0146.396] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0146.396] lstrlenA (lpString="DeleteAtom") returned 10 [0146.397] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0146.397] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0146.397] lstrlenA (lpString="DeleteFiber") returned 11 [0146.397] lstrlenA (lpString="DeleteFileA") returned 11 [0146.397] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0146.397] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0146.397] lstrlenA (lpString="DeleteFileW") returned 11 [0146.397] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0146.397] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0146.397] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0146.397] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0146.397] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0146.397] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0146.397] lstrlenA (lpString="DeviceIoControl") returned 15 [0146.397] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0146.397] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0146.398] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0146.398] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0146.398] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0146.398] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0146.398] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0146.398] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0146.398] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0146.398] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0146.398] lstrlenA (lpString="DuplicateHandle") returned 15 [0146.398] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0146.398] lstrlenA (lpString="EncodePointer") returned 13 [0146.398] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0146.398] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0146.398] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0146.398] lstrlenA (lpString="EnterCriticalSection") returned 20 [0146.399] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0146.399] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0146.399] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0146.399] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0146.399] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0146.399] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0146.399] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0146.399] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0146.399] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0146.408] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x400000, lpBuffer=0x3728a88*, nSize=0x200, lpNumberOfBytesWritten=0x276e314 | out: lpBuffer=0x3728a88*, lpNumberOfBytesWritten=0x276e314*=0x200) returned 1 [0146.504] EnumProcessModules (in: hProcess=0x640, lphModule=0x2775d00, cb=0x100, lpcbNeeded=0x2dc658 | out: lphModule=0x2775d00, lpcbNeeded=0x2dc658) returned 1 [0146.506] EnumProcessModules (in: hProcess=0x640, lphModule=0x2775e0c, cb=0x200, lpcbNeeded=0x2dc658 | out: lphModule=0x2775e0c, lpcbNeeded=0x2dc658) returned 1 [0146.508] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x277604c, cb=0xc | out: lpmodinfo=0x277604c*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0146.508] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.508] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0146.508] CoTaskMemFree (pv=0x5950bd8) [0146.508] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.508] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0146.508] CoTaskMemFree (pv=0x5950bd8) [0146.509] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x27787ac, cb=0xc | out: lpmodinfo=0x27787ac*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0146.509] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.509] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0146.509] CoTaskMemFree (pv=0x5950bd8) [0146.509] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.509] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0146.509] CoTaskMemFree (pv=0x5950bd8) [0146.509] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x277b908, cb=0xc | out: lpmodinfo=0x277b908*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0146.510] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.510] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0146.510] CoTaskMemFree (pv=0x5950bd8) [0146.510] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.510] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0146.510] CoTaskMemFree (pv=0x5950bd8) [0146.510] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x277ec00, cb=0xc | out: lpmodinfo=0x277ec00*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0146.511] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.511] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0146.511] CoTaskMemFree (pv=0x5950bd8) [0146.511] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.511] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0146.511] CoTaskMemFree (pv=0x5950bd8) [0146.512] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x2781f9c, cb=0xc | out: lpmodinfo=0x2781f9c*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0146.512] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.512] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0146.512] CoTaskMemFree (pv=0x5950bd8) [0146.512] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.512] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0146.513] CoTaskMemFree (pv=0x5950bd8) [0146.513] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x2785314, cb=0xc | out: lpmodinfo=0x2785314*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0146.513] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.513] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0146.513] CoTaskMemFree (pv=0x5950bd8) [0146.513] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.513] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0146.514] CoTaskMemFree (pv=0x5950bd8) [0146.514] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x2788564, cb=0xc | out: lpmodinfo=0x2788564*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0146.514] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.514] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0146.515] CoTaskMemFree (pv=0x5950bd8) [0146.515] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.515] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0146.515] CoTaskMemFree (pv=0x5950bd8) [0146.515] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x278b804, cb=0xc | out: lpmodinfo=0x278b804*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0146.516] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.516] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0146.516] CoTaskMemFree (pv=0x5950bd8) [0146.516] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.516] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0146.516] CoTaskMemFree (pv=0x5950bd8) [0146.516] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x278e988, cb=0xc | out: lpmodinfo=0x278e988*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0146.517] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.517] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0146.517] CoTaskMemFree (pv=0x5950bd8) [0146.517] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.517] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0146.518] CoTaskMemFree (pv=0x5950bd8) [0146.518] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x2791b98, cb=0xc | out: lpmodinfo=0x2791b98*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0146.518] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.518] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0146.518] CoTaskMemFree (pv=0x5950bd8) [0146.519] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.519] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0146.519] CoTaskMemFree (pv=0x5950bd8) [0146.519] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x2794cd0, cb=0xc | out: lpmodinfo=0x2794cd0*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0146.519] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.519] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0146.520] CoTaskMemFree (pv=0x5950bd8) [0146.520] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.520] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0146.520] CoTaskMemFree (pv=0x5950bd8) [0146.520] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x2797e90, cb=0xc | out: lpmodinfo=0x2797e90*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0146.521] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.521] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0146.521] CoTaskMemFree (pv=0x5950bd8) [0146.521] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.521] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0146.522] CoTaskMemFree (pv=0x5950bd8) [0146.522] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x279b050, cb=0xc | out: lpmodinfo=0x279b050*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0146.522] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.522] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0146.523] CoTaskMemFree (pv=0x5950bd8) [0146.523] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.523] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0146.523] CoTaskMemFree (pv=0x5950bd8) [0146.524] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x279e208, cb=0xc | out: lpmodinfo=0x279e208*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0146.524] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.524] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0146.524] CoTaskMemFree (pv=0x5950bd8) [0146.525] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.525] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0146.525] CoTaskMemFree (pv=0x5950bd8) [0146.525] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x27a1350, cb=0xc | out: lpmodinfo=0x27a1350*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0146.526] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.526] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0146.526] CoTaskMemFree (pv=0x5950bd8) [0146.526] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.526] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0146.527] CoTaskMemFree (pv=0x5950bd8) [0146.527] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x27a4510, cb=0xc | out: lpmodinfo=0x27a4510*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0146.527] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.527] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0146.528] CoTaskMemFree (pv=0x5950bd8) [0146.528] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.528] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0146.528] CoTaskMemFree (pv=0x5950bd8) [0146.528] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x27a76a0, cb=0xc | out: lpmodinfo=0x27a76a0*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0146.529] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.529] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0146.530] CoTaskMemFree (pv=0x5950bd8) [0146.530] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.530] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0146.530] CoTaskMemFree (pv=0x5950bd8) [0146.530] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x27aa8e8, cb=0xc | out: lpmodinfo=0x27aa8e8*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0146.531] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.531] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0146.531] CoTaskMemFree (pv=0x5950bd8) [0146.532] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.532] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0146.532] CoTaskMemFree (pv=0x5950bd8) [0146.532] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x27ad9e8, cb=0xc | out: lpmodinfo=0x27ad9e8*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0146.533] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.533] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0146.533] CoTaskMemFree (pv=0x5950bd8) [0146.534] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.534] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0146.534] CoTaskMemFree (pv=0x5950bd8) [0146.534] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x27b0ba8, cb=0xc | out: lpmodinfo=0x27b0ba8*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0146.535] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.535] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0146.535] CoTaskMemFree (pv=0x5950bd8) [0146.536] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.536] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0146.536] CoTaskMemFree (pv=0x5950bd8) [0146.536] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x27b3d3c, cb=0xc | out: lpmodinfo=0x27b3d3c*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0146.537] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.537] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0146.538] CoTaskMemFree (pv=0x5950bd8) [0146.538] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.538] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0146.538] CoTaskMemFree (pv=0x5950bd8) [0146.539] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x27b6f04, cb=0xc | out: lpmodinfo=0x27b6f04*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0146.539] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.539] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0146.540] CoTaskMemFree (pv=0x5950bd8) [0146.540] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.540] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0146.541] CoTaskMemFree (pv=0x5950bd8) [0146.541] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x27ba0d0, cb=0xc | out: lpmodinfo=0x27ba0d0*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0146.542] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.542] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0146.542] CoTaskMemFree (pv=0x5950bd8) [0146.542] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.543] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0146.543] CoTaskMemFree (pv=0x5950bd8) [0146.543] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x27bd280, cb=0xc | out: lpmodinfo=0x27bd280*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0146.544] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.544] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0146.545] CoTaskMemFree (pv=0x5950bd8) [0146.545] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.549] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0146.550] CoTaskMemFree (pv=0x5950bd8) [0146.550] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x27c0410, cb=0xc | out: lpmodinfo=0x27c0410*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0146.550] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.550] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0146.551] CoTaskMemFree (pv=0x5950bd8) [0146.551] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.551] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0146.552] CoTaskMemFree (pv=0x5950bd8) [0146.552] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x27c3630, cb=0xc | out: lpmodinfo=0x27c3630*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0146.553] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.553] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0146.553] CoTaskMemFree (pv=0x5950bd8) [0146.554] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.554] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0146.554] CoTaskMemFree (pv=0x5950bd8) [0146.554] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x27c58e8, cb=0xc | out: lpmodinfo=0x27c58e8*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0146.555] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.555] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0146.556] CoTaskMemFree (pv=0x5950bd8) [0146.556] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.556] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0146.557] CoTaskMemFree (pv=0x5950bd8) [0146.557] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x27c8a70, cb=0xc | out: lpmodinfo=0x27c8a70*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0146.557] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.558] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0146.558] CoTaskMemFree (pv=0x5950bd8) [0146.558] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.558] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0146.559] CoTaskMemFree (pv=0x5950bd8) [0146.559] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x27cbc88, cb=0xc | out: lpmodinfo=0x27cbc88*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0146.560] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.560] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0146.561] CoTaskMemFree (pv=0x5950bd8) [0146.561] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.561] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0146.562] CoTaskMemFree (pv=0x5950bd8) [0146.562] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x27cee10, cb=0xc | out: lpmodinfo=0x27cee10*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0146.563] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.563] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0146.564] CoTaskMemFree (pv=0x5950bd8) [0146.564] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.564] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0146.565] CoTaskMemFree (pv=0x5950bd8) [0146.565] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x27d205c, cb=0xc | out: lpmodinfo=0x27d205c*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0146.566] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.566] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0146.567] CoTaskMemFree (pv=0x5950bd8) [0146.567] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.567] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0146.568] CoTaskMemFree (pv=0x5950bd8) [0146.568] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x27d5318, cb=0xc | out: lpmodinfo=0x27d5318*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0146.568] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.568] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0146.569] CoTaskMemFree (pv=0x5950bd8) [0146.569] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.569] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0146.570] CoTaskMemFree (pv=0x5950bd8) [0146.570] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x27d8584, cb=0xc | out: lpmodinfo=0x27d8584*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0146.571] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.571] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0146.572] CoTaskMemFree (pv=0x5950bd8) [0146.572] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.572] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0146.573] CoTaskMemFree (pv=0x5950bd8) [0146.573] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x27db354, cb=0xc | out: lpmodinfo=0x27db354*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0146.574] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.574] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0146.575] CoTaskMemFree (pv=0x5950bd8) [0146.575] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.575] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0146.576] CoTaskMemFree (pv=0x5950bd8) [0146.576] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x27dd52c, cb=0xc | out: lpmodinfo=0x27dd52c*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0146.577] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.577] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0146.578] CoTaskMemFree (pv=0x5950bd8) [0146.578] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.578] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0146.579] CoTaskMemFree (pv=0x5950bd8) [0146.579] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x27df728, cb=0xc | out: lpmodinfo=0x27df728*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0146.580] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.580] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0146.581] CoTaskMemFree (pv=0x5950bd8) [0146.581] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.581] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0146.582] CoTaskMemFree (pv=0x5950bd8) [0146.582] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x27e1924, cb=0xc | out: lpmodinfo=0x27e1924*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0146.583] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.583] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0146.584] CoTaskMemFree (pv=0x5950bd8) [0146.584] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.584] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0146.585] CoTaskMemFree (pv=0x5950bd8) [0146.585] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x27e3ae4, cb=0xc | out: lpmodinfo=0x27e3ae4*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0146.586] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.586] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0146.587] CoTaskMemFree (pv=0x5950bd8) [0146.587] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.587] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0146.588] CoTaskMemFree (pv=0x5950bd8) [0146.588] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x27e5da0, cb=0xc | out: lpmodinfo=0x27e5da0*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0146.589] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.589] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0146.590] CoTaskMemFree (pv=0x5950bd8) [0146.590] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.590] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0146.591] CoTaskMemFree (pv=0x5950bd8) [0146.591] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x27e7eb8, cb=0xc | out: lpmodinfo=0x27e7eb8*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0146.605] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.605] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0146.606] CoTaskMemFree (pv=0x5950bd8) [0146.606] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.606] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0146.607] CoTaskMemFree (pv=0x5950bd8) [0146.607] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x27ea810, cb=0xc | out: lpmodinfo=0x27ea810*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0146.608] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.608] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0146.609] CoTaskMemFree (pv=0x5950bd8) [0146.609] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.609] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0146.610] CoTaskMemFree (pv=0x5950bd8) [0146.610] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x27ec94c, cb=0xc | out: lpmodinfo=0x27ec94c*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0146.611] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.611] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0146.612] CoTaskMemFree (pv=0x5950bd8) [0146.613] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.613] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0146.614] CoTaskMemFree (pv=0x5950bd8) [0146.614] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x27eff84, cb=0xc | out: lpmodinfo=0x27eff84*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0146.615] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.615] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0146.616] CoTaskMemFree (pv=0x5950bd8) [0146.616] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.616] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0146.617] CoTaskMemFree (pv=0x5950bd8) [0146.617] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x27f310c, cb=0xc | out: lpmodinfo=0x27f310c*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0146.618] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.618] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0146.619] CoTaskMemFree (pv=0x5950bd8) [0146.619] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.619] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0146.621] CoTaskMemFree (pv=0x5950bd8) [0146.621] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x27f5ac8, cb=0xc | out: lpmodinfo=0x27f5ac8*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0146.622] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.622] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0146.623] CoTaskMemFree (pv=0x5950bd8) [0146.623] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.623] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0146.624] CoTaskMemFree (pv=0x5950bd8) [0146.624] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x27f8c94, cb=0xc | out: lpmodinfo=0x27f8c94*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0146.625] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.625] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0146.647] CoTaskMemFree (pv=0x5950bd8) [0146.647] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.647] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0146.648] CoTaskMemFree (pv=0x5950bd8) [0146.648] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x27fbe58, cb=0xc | out: lpmodinfo=0x27fbe58*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0146.649] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.649] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0146.650] CoTaskMemFree (pv=0x5950bd8) [0146.650] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.650] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0146.651] CoTaskMemFree (pv=0x5950bd8) [0146.651] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x27fefdc, cb=0xc | out: lpmodinfo=0x27fefdc*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0146.652] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.652] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0146.653] CoTaskMemFree (pv=0x5950bd8) [0146.653] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.654] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0146.665] CoTaskMemFree (pv=0x5950bd8) [0146.665] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x28021e4, cb=0xc | out: lpmodinfo=0x28021e4*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0146.666] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.666] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0146.667] CoTaskMemFree (pv=0x5950bd8) [0146.667] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.667] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0146.668] CoTaskMemFree (pv=0x5950bd8) [0146.669] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x280537c, cb=0xc | out: lpmodinfo=0x280537c*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0146.670] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.670] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0146.671] CoTaskMemFree (pv=0x5950bd8) [0146.671] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.671] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0146.672] CoTaskMemFree (pv=0x5950bd8) [0146.672] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x28085d0, cb=0xc | out: lpmodinfo=0x28085d0*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0146.673] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.673] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0146.675] CoTaskMemFree (pv=0x5950bd8) [0146.675] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.675] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0146.676] CoTaskMemFree (pv=0x5950bd8) [0146.676] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x280b754, cb=0xc | out: lpmodinfo=0x280b754*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0146.677] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.677] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0146.678] CoTaskMemFree (pv=0x5950bd8) [0146.678] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.678] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0146.680] CoTaskMemFree (pv=0x5950bd8) [0146.680] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x280e910, cb=0xc | out: lpmodinfo=0x280e910*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0146.681] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.681] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0146.682] CoTaskMemFree (pv=0x5950bd8) [0146.682] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.682] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0146.684] CoTaskMemFree (pv=0x5950bd8) [0146.684] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x2811b18, cb=0xc | out: lpmodinfo=0x2811b18*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0146.685] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.685] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0146.687] CoTaskMemFree (pv=0x5950bd8) [0146.687] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.688] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0146.689] CoTaskMemFree (pv=0x5950bd8) [0146.689] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x2814cc0, cb=0xc | out: lpmodinfo=0x2814cc0*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0146.690] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.690] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0146.692] CoTaskMemFree (pv=0x5950bd8) [0146.692] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.692] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0146.693] CoTaskMemFree (pv=0x5950bd8) [0146.693] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x2817e4c, cb=0xc | out: lpmodinfo=0x2817e4c*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0146.695] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.695] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0146.696] CoTaskMemFree (pv=0x5950bd8) [0146.696] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.696] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0146.698] CoTaskMemFree (pv=0x5950bd8) [0146.698] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x281b02c, cb=0xc | out: lpmodinfo=0x281b02c*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0146.699] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.699] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0146.701] CoTaskMemFree (pv=0x5950bd8) [0146.701] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.701] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0146.702] CoTaskMemFree (pv=0x5950bd8) [0146.702] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x281e204, cb=0xc | out: lpmodinfo=0x281e204*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0146.704] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.704] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0146.705] CoTaskMemFree (pv=0x5950bd8) [0146.705] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.705] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0146.707] CoTaskMemFree (pv=0x5950bd8) [0146.707] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x2821470, cb=0xc | out: lpmodinfo=0x2821470*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0146.708] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.708] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0146.709] CoTaskMemFree (pv=0x5950bd8) [0146.709] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.709] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0146.711] CoTaskMemFree (pv=0x5950bd8) [0146.711] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x28245f8, cb=0xc | out: lpmodinfo=0x28245f8*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0146.712] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.712] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0146.714] CoTaskMemFree (pv=0x5950bd8) [0146.714] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.714] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0146.715] CoTaskMemFree (pv=0x5950bd8) [0146.715] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x2827818, cb=0xc | out: lpmodinfo=0x2827818*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0146.717] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.717] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0146.718] CoTaskMemFree (pv=0x5950bd8) [0146.718] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.718] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0146.720] CoTaskMemFree (pv=0x5950bd8) [0146.720] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x282a9cc, cb=0xc | out: lpmodinfo=0x282a9cc*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0146.721] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.721] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0146.723] CoTaskMemFree (pv=0x5950bd8) [0146.723] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.723] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0146.724] CoTaskMemFree (pv=0x5950bd8) [0146.724] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x282dc28, cb=0xc | out: lpmodinfo=0x282dc28*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0146.726] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.726] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0146.727] CoTaskMemFree (pv=0x5950bd8) [0146.727] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.727] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0146.729] CoTaskMemFree (pv=0x5950bd8) [0146.729] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x2830e80, cb=0xc | out: lpmodinfo=0x2830e80*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0146.730] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.730] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0146.732] CoTaskMemFree (pv=0x5950bd8) [0146.732] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.732] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0146.734] CoTaskMemFree (pv=0x5950bd8) [0146.734] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x28342d0, cb=0xc | out: lpmodinfo=0x28342d0*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0146.735] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.735] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0146.737] CoTaskMemFree (pv=0x5950bd8) [0146.737] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.737] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0146.739] CoTaskMemFree (pv=0x5950bd8) [0146.739] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x2837768, cb=0xc | out: lpmodinfo=0x2837768*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0146.740] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.740] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0146.742] CoTaskMemFree (pv=0x5950bd8) [0146.742] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.742] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0146.743] CoTaskMemFree (pv=0x5950bd8) [0146.743] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x283a888, cb=0xc | out: lpmodinfo=0x283a888*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0146.745] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.745] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0146.746] CoTaskMemFree (pv=0x5950bd8) [0146.746] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.746] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0146.749] CoTaskMemFree (pv=0x5950bd8) [0146.749] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x283da5c, cb=0xc | out: lpmodinfo=0x283da5c*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0146.750] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.750] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0146.752] CoTaskMemFree (pv=0x5950bd8) [0146.752] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.752] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0146.754] CoTaskMemFree (pv=0x5950bd8) [0146.754] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x2840c14, cb=0xc | out: lpmodinfo=0x2840c14*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0146.755] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.755] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0146.757] CoTaskMemFree (pv=0x5950bd8) [0146.757] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.757] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0146.758] CoTaskMemFree (pv=0x5950bd8) [0146.758] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x2843db8, cb=0xc | out: lpmodinfo=0x2843db8*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0146.760] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.760] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0146.761] CoTaskMemFree (pv=0x5950bd8) [0146.761] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.762] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0146.763] CoTaskMemFree (pv=0x5950bd8) [0146.763] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x2846f5c, cb=0xc | out: lpmodinfo=0x2846f5c*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0146.765] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.765] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0146.766] CoTaskMemFree (pv=0x5950bd8) [0146.766] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.766] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0146.768] CoTaskMemFree (pv=0x5950bd8) [0146.768] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x284a0e4, cb=0xc | out: lpmodinfo=0x284a0e4*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0146.769] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.769] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0146.771] CoTaskMemFree (pv=0x5950bd8) [0146.771] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.771] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0146.772] CoTaskMemFree (pv=0x5950bd8) [0146.772] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x284d35c, cb=0xc | out: lpmodinfo=0x284d35c*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0146.774] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.774] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0146.775] CoTaskMemFree (pv=0x5950bd8) [0146.775] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.775] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0146.777] CoTaskMemFree (pv=0x5950bd8) [0146.777] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x28504d0, cb=0xc | out: lpmodinfo=0x28504d0*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0146.778] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.778] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0146.780] CoTaskMemFree (pv=0x5950bd8) [0146.780] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.780] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0146.781] CoTaskMemFree (pv=0x5950bd8) [0146.781] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x28535e8, cb=0xc | out: lpmodinfo=0x28535e8*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0146.783] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.783] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0146.784] CoTaskMemFree (pv=0x5950bd8) [0146.784] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.784] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0146.786] CoTaskMemFree (pv=0x5950bd8) [0146.786] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0146.786] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0146.786] lstrlenA (lpString="ActivateActCtx") returned 14 [0146.786] lstrlenA (lpString="AddAtomA") returned 8 [0146.786] lstrlenA (lpString="AddAtomW") returned 8 [0146.787] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0146.787] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0146.787] lstrlenA (lpString="AddDllDirectory") returned 15 [0146.787] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0146.787] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0146.787] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0146.787] lstrlenA (lpString="AddRefActCtx") returned 12 [0146.787] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0146.787] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0146.787] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0146.787] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0146.787] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0146.788] lstrlenA (lpString="AllocConsole") returned 12 [0146.788] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0146.788] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0146.788] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0146.788] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0146.788] lstrlenA (lpString="AreFileApisANSI") returned 15 [0146.788] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0146.788] lstrlenA (lpString="AttachConsole") returned 13 [0146.788] lstrlenA (lpString="BackupRead") returned 10 [0146.788] lstrlenA (lpString="BackupSeek") returned 10 [0146.788] lstrlenA (lpString="BackupWrite") returned 11 [0146.788] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0146.789] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0146.789] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0146.789] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0146.789] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0146.789] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0146.789] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0146.789] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0146.789] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0146.789] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0146.789] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0146.789] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0146.790] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0146.790] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0146.790] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0146.790] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0146.790] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0146.790] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0146.790] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0146.790] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0146.790] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0146.790] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0146.790] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0146.790] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0146.791] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0146.791] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0146.791] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0146.791] lstrlenA (lpString="Beep") returned 4 [0146.791] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0146.791] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0146.791] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0146.791] lstrlenA (lpString="BuildCommDCBA") returned 13 [0146.791] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0146.791] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0146.791] lstrlenA (lpString="BuildCommDCBW") returned 13 [0146.792] lstrlenA (lpString="CallNamedPipeA") returned 14 [0146.792] lstrlenA (lpString="CallNamedPipeW") returned 14 [0146.792] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0146.792] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0146.792] lstrlenA (lpString="CancelIo") returned 8 [0146.792] lstrlenA (lpString="CancelIoEx") returned 10 [0146.792] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0146.792] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0146.792] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0146.792] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0146.792] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0146.792] lstrlenA (lpString="CheckElevation") returned 14 [0146.793] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0146.793] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0146.793] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0146.793] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0146.793] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0146.793] lstrlenA (lpString="ClearCommBreak") returned 14 [0146.793] lstrlenA (lpString="ClearCommError") returned 14 [0146.793] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0146.793] lstrlenA (lpString="CloseHandle") returned 11 [0146.793] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0146.793] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0146.793] lstrlenA (lpString="CloseThreadpool") returned 15 [0146.794] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0146.794] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0146.794] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0146.794] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0146.794] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0146.794] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0146.794] lstrlenA (lpString="CmdBatNotification") returned 18 [0146.794] lstrlenA (lpString="CommConfigDialogA") returned 17 [0146.794] lstrlenA (lpString="CommConfigDialogW") returned 17 [0146.794] lstrlenA (lpString="CompareCalendarDates") returned 20 [0146.794] lstrlenA (lpString="CompareFileTime") returned 15 [0146.794] lstrlenA (lpString="CompareStringA") returned 14 [0146.794] lstrlenA (lpString="CompareStringEx") returned 15 [0146.795] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0146.795] lstrlenA (lpString="CompareStringW") returned 14 [0146.795] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0146.795] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0146.795] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0146.795] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0146.795] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0146.795] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0146.795] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0146.795] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0146.795] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0146.795] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0146.796] lstrlenA (lpString="CopyContext") returned 11 [0146.796] lstrlenA (lpString="CopyFileA") returned 9 [0146.796] lstrlenA (lpString="CopyFileExA") returned 11 [0146.796] lstrlenA (lpString="CopyFileExW") returned 11 [0146.796] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0146.796] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0146.796] lstrlenA (lpString="CopyFileW") returned 9 [0146.796] lstrlenA (lpString="CopyLZFile") returned 10 [0146.796] lstrlenA (lpString="CreateActCtxA") returned 13 [0146.796] lstrlenA (lpString="CreateActCtxW") returned 13 [0146.796] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0146.796] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0146.797] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0146.797] lstrlenA (lpString="CreateDirectoryA") returned 16 [0146.797] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0146.797] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0146.797] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0146.797] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0146.797] lstrlenA (lpString="CreateDirectoryW") returned 16 [0146.797] lstrlenA (lpString="CreateEventA") returned 12 [0146.797] lstrlenA (lpString="CreateEventExA") returned 14 [0146.797] lstrlenA (lpString="CreateEventExW") returned 14 [0146.797] lstrlenA (lpString="CreateEventW") returned 12 [0146.797] lstrlenA (lpString="CreateFiber") returned 11 [0146.797] lstrlenA (lpString="CreateFiberEx") returned 13 [0146.798] lstrlenA (lpString="CreateFileA") returned 11 [0146.798] lstrlenA (lpString="CreateFileMappingA") returned 18 [0146.798] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0146.798] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0146.798] lstrlenA (lpString="CreateFileMappingW") returned 18 [0146.798] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0146.798] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0146.798] lstrlenA (lpString="CreateFileW") returned 11 [0146.798] lstrlenA (lpString="CreateHardLinkA") returned 15 [0146.798] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0146.798] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0146.798] lstrlenA (lpString="CreateHardLinkW") returned 15 [0146.798] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0146.798] lstrlenA (lpString="CreateJobObjectA") returned 16 [0146.798] lstrlenA (lpString="CreateJobObjectW") returned 16 [0146.798] lstrlenA (lpString="CreateJobSet") returned 12 [0146.798] lstrlenA (lpString="CreateMailslotA") returned 15 [0146.798] lstrlenA (lpString="CreateMailslotW") returned 15 [0146.799] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0146.799] lstrlenA (lpString="CreateMutexA") returned 12 [0146.799] lstrlenA (lpString="CreateMutexExA") returned 14 [0146.799] lstrlenA (lpString="CreateMutexExW") returned 14 [0146.799] lstrlenA (lpString="CreateMutexW") returned 12 [0146.799] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0146.799] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0146.799] lstrlenA (lpString="CreatePipe") returned 10 [0146.799] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0146.799] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0146.799] lstrlenA (lpString="CreateProcessA") returned 14 [0146.799] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0146.799] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0146.799] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0146.800] lstrlenA (lpString="CreateProcessW") returned 14 [0146.800] lstrlenA (lpString="CreateRemoteThread") returned 18 [0146.800] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0146.800] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0146.800] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0146.800] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0146.800] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0146.800] lstrlenA (lpString="CreateSocketHandle") returned 18 [0146.800] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0146.800] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0146.800] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0146.800] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0146.800] lstrlenA (lpString="CreateTapePartition") returned 19 [0146.800] lstrlenA (lpString="CreateThread") returned 12 [0146.800] lstrlenA (lpString="CreateThreadpool") returned 16 [0146.800] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0146.800] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0146.801] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0146.801] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0146.801] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0146.801] lstrlenA (lpString="CreateTimerQueue") returned 16 [0146.801] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0146.801] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0146.801] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0146.801] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0146.801] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0146.801] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0146.801] lstrlenA (lpString="CtrlRoutine") returned 11 [0146.801] lstrlenA (lpString="DeactivateActCtx") returned 16 [0146.801] lstrlenA (lpString="DebugActiveProcess") returned 18 [0146.801] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0146.801] lstrlenA (lpString="DebugBreak") returned 10 [0146.801] lstrlenA (lpString="DebugBreakProcess") returned 17 [0146.801] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0146.801] lstrlenA (lpString="DecodePointer") returned 13 [0146.802] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0146.802] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0146.802] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0146.802] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0146.802] lstrlenA (lpString="DeleteAtom") returned 10 [0146.802] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0146.802] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0146.802] lstrlenA (lpString="DeleteFiber") returned 11 [0146.802] lstrlenA (lpString="DeleteFileA") returned 11 [0146.802] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0146.802] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0146.802] lstrlenA (lpString="DeleteFileW") returned 11 [0146.802] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0146.802] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0146.803] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0146.803] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0146.803] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0146.803] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0146.803] lstrlenA (lpString="DeviceIoControl") returned 15 [0146.803] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0146.803] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0146.803] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0146.803] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0146.803] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0146.803] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0146.803] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0146.803] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0146.803] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0146.803] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0146.803] lstrlenA (lpString="DuplicateHandle") returned 15 [0146.803] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0146.803] lstrlenA (lpString="EncodePointer") returned 13 [0146.804] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0146.804] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0146.804] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0146.804] lstrlenA (lpString="EnterCriticalSection") returned 20 [0146.804] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0146.804] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0146.804] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0146.804] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0146.804] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0146.804] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0146.804] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0146.804] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0146.804] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0146.856] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x402000, lpBuffer=0x3592960*, nSize=0x33e00, lpNumberOfBytesWritten=0x265d0a4 | out: lpBuffer=0x3592960*, lpNumberOfBytesWritten=0x265d0a4*=0x33e00) returned 1 [0146.938] EnumProcessModules (in: hProcess=0x640, lphModule=0x2664f64, cb=0x100, lpcbNeeded=0x2dc658 | out: lphModule=0x2664f64, lpcbNeeded=0x2dc658) returned 1 [0146.940] EnumProcessModules (in: hProcess=0x640, lphModule=0x2665070, cb=0x200, lpcbNeeded=0x2dc658 | out: lphModule=0x2665070, lpcbNeeded=0x2dc658) returned 1 [0146.942] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x26652b0, cb=0xc | out: lpmodinfo=0x26652b0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0146.942] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.942] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0146.942] CoTaskMemFree (pv=0x5950bd8) [0146.942] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.942] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0146.943] CoTaskMemFree (pv=0x5950bd8) [0146.943] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x2667400, cb=0xc | out: lpmodinfo=0x2667400*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0146.943] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.943] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0146.943] CoTaskMemFree (pv=0x5950bd8) [0146.943] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.943] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0146.944] CoTaskMemFree (pv=0x5950bd8) [0146.944] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x2669510, cb=0xc | out: lpmodinfo=0x2669510*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0146.944] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.944] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0146.944] CoTaskMemFree (pv=0x5950bd8) [0146.944] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.944] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0146.945] CoTaskMemFree (pv=0x5950bd8) [0146.945] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x266b628, cb=0xc | out: lpmodinfo=0x266b628*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0146.945] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.945] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0146.945] CoTaskMemFree (pv=0x5950bd8) [0146.945] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.945] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0146.946] CoTaskMemFree (pv=0x5950bd8) [0146.946] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x266d748, cb=0xc | out: lpmodinfo=0x266d748*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0146.946] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.946] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0146.946] CoTaskMemFree (pv=0x5950bd8) [0146.946] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.946] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0146.947] CoTaskMemFree (pv=0x5950bd8) [0146.947] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x266f89c, cb=0xc | out: lpmodinfo=0x266f89c*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0146.947] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.947] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0146.947] CoTaskMemFree (pv=0x5950bd8) [0146.948] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.948] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0146.948] CoTaskMemFree (pv=0x5950bd8) [0146.948] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x26719bc, cb=0xc | out: lpmodinfo=0x26719bc*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0146.948] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.948] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0146.949] CoTaskMemFree (pv=0x5950bd8) [0146.949] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.949] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0146.949] CoTaskMemFree (pv=0x5950bd8) [0146.949] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x2673ad4, cb=0xc | out: lpmodinfo=0x2673ad4*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0146.949] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.949] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0146.950] CoTaskMemFree (pv=0x5950bd8) [0146.950] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.950] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0146.951] CoTaskMemFree (pv=0x5950bd8) [0146.951] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x2675bec, cb=0xc | out: lpmodinfo=0x2675bec*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0146.951] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.951] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0146.952] CoTaskMemFree (pv=0x5950bd8) [0146.952] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.952] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0146.952] CoTaskMemFree (pv=0x5950bd8) [0146.952] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x2677d50, cb=0xc | out: lpmodinfo=0x2677d50*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0146.952] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.952] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0146.953] CoTaskMemFree (pv=0x5950bd8) [0146.953] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.953] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0146.953] CoTaskMemFree (pv=0x5950bd8) [0146.953] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x2679e68, cb=0xc | out: lpmodinfo=0x2679e68*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0146.954] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.954] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0146.954] CoTaskMemFree (pv=0x5950bd8) [0146.954] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.954] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0146.955] CoTaskMemFree (pv=0x5950bd8) [0146.955] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x267bf88, cb=0xc | out: lpmodinfo=0x267bf88*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0146.955] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.955] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0146.956] CoTaskMemFree (pv=0x5950bd8) [0146.956] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.956] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0146.956] CoTaskMemFree (pv=0x5950bd8) [0146.956] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x267e0dc, cb=0xc | out: lpmodinfo=0x267e0dc*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0146.957] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.957] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0146.957] CoTaskMemFree (pv=0x5950bd8) [0146.957] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.957] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0146.958] CoTaskMemFree (pv=0x5950bd8) [0146.958] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x268024c, cb=0xc | out: lpmodinfo=0x268024c*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0146.958] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.958] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0146.959] CoTaskMemFree (pv=0x5950bd8) [0146.959] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.959] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0146.959] CoTaskMemFree (pv=0x5950bd8) [0146.959] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x2682364, cb=0xc | out: lpmodinfo=0x2682364*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0146.960] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.960] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0146.960] CoTaskMemFree (pv=0x5950bd8) [0146.961] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.961] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0146.961] CoTaskMemFree (pv=0x5950bd8) [0146.961] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x2684474, cb=0xc | out: lpmodinfo=0x2684474*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0146.962] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.962] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0146.962] CoTaskMemFree (pv=0x5950bd8) [0146.962] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.962] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0146.963] CoTaskMemFree (pv=0x5950bd8) [0146.963] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x268658c, cb=0xc | out: lpmodinfo=0x268658c*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0146.963] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.963] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0146.964] CoTaskMemFree (pv=0x5950bd8) [0146.964] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.964] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0146.965] CoTaskMemFree (pv=0x5950bd8) [0146.965] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x2688720, cb=0xc | out: lpmodinfo=0x2688720*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0146.965] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.965] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0146.966] CoTaskMemFree (pv=0x5950bd8) [0146.966] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.966] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0146.966] CoTaskMemFree (pv=0x5950bd8) [0146.966] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x268a830, cb=0xc | out: lpmodinfo=0x268a830*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0146.967] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.967] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0146.968] CoTaskMemFree (pv=0x5950bd8) [0146.968] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.968] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0146.968] CoTaskMemFree (pv=0x5950bd8) [0146.968] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x268c940, cb=0xc | out: lpmodinfo=0x268c940*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0146.969] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.969] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0146.970] CoTaskMemFree (pv=0x5950bd8) [0146.970] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.970] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0146.970] CoTaskMemFree (pv=0x5950bd8) [0146.970] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x268ea50, cb=0xc | out: lpmodinfo=0x268ea50*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0146.971] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.971] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0146.971] CoTaskMemFree (pv=0x5950bd8) [0146.971] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.971] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0146.972] CoTaskMemFree (pv=0x5950bd8) [0146.972] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x2690b68, cb=0xc | out: lpmodinfo=0x2690b68*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0146.973] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.973] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0146.973] CoTaskMemFree (pv=0x5950bd8) [0146.973] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.973] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0146.974] CoTaskMemFree (pv=0x5950bd8) [0146.974] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x2692cb0, cb=0xc | out: lpmodinfo=0x2692cb0*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0146.975] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.975] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0146.975] CoTaskMemFree (pv=0x5950bd8) [0146.976] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.976] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0146.976] CoTaskMemFree (pv=0x5950bd8) [0146.976] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x2694e00, cb=0xc | out: lpmodinfo=0x2694e00*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0146.977] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.977] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0146.978] CoTaskMemFree (pv=0x5950bd8) [0146.978] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.978] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0146.978] CoTaskMemFree (pv=0x5950bd8) [0146.978] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x2696f40, cb=0xc | out: lpmodinfo=0x2696f40*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0146.979] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.979] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0146.980] CoTaskMemFree (pv=0x5950bd8) [0146.980] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.980] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0146.980] CoTaskMemFree (pv=0x5950bd8) [0146.981] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x26990f4, cb=0xc | out: lpmodinfo=0x26990f4*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0146.981] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.981] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0146.991] CoTaskMemFree (pv=0x5950bd8) [0146.991] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.991] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0146.992] CoTaskMemFree (pv=0x5950bd8) [0146.992] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x269b204, cb=0xc | out: lpmodinfo=0x269b204*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0146.993] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.993] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0146.994] CoTaskMemFree (pv=0x5950bd8) [0146.994] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.994] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0146.994] CoTaskMemFree (pv=0x5950bd8) [0146.994] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x269d31c, cb=0xc | out: lpmodinfo=0x269d31c*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0146.995] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.995] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0146.996] CoTaskMemFree (pv=0x5950bd8) [0146.996] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.996] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0146.997] CoTaskMemFree (pv=0x5950bd8) [0146.997] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x269f48c, cb=0xc | out: lpmodinfo=0x269f48c*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0146.998] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.998] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0146.999] CoTaskMemFree (pv=0x5950bd8) [0146.999] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0146.999] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0147.000] CoTaskMemFree (pv=0x5950bd8) [0147.000] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x26a15d8, cb=0xc | out: lpmodinfo=0x26a15d8*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0147.001] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.001] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0147.001] CoTaskMemFree (pv=0x5950bd8) [0147.001] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.001] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0147.002] CoTaskMemFree (pv=0x5950bd8) [0147.002] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x26a36f8, cb=0xc | out: lpmodinfo=0x26a36f8*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0147.003] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.003] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0147.003] CoTaskMemFree (pv=0x5950bd8) [0147.003] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.004] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0147.004] CoTaskMemFree (pv=0x5950bd8) [0147.004] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x26a58a0, cb=0xc | out: lpmodinfo=0x26a58a0*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0147.005] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.005] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0147.006] CoTaskMemFree (pv=0x5950bd8) [0147.006] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.006] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0147.007] CoTaskMemFree (pv=0x5950bd8) [0147.007] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x26a7a68, cb=0xc | out: lpmodinfo=0x26a7a68*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0147.008] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.008] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0147.009] CoTaskMemFree (pv=0x5950bd8) [0147.009] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.009] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0147.009] CoTaskMemFree (pv=0x5950bd8) [0147.010] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x26a9d74, cb=0xc | out: lpmodinfo=0x26a9d74*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0147.010] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.010] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0147.011] CoTaskMemFree (pv=0x5950bd8) [0147.011] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.011] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0147.012] CoTaskMemFree (pv=0x5950bd8) [0147.012] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x26abf4c, cb=0xc | out: lpmodinfo=0x26abf4c*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0147.013] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.013] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0147.014] CoTaskMemFree (pv=0x5950bd8) [0147.014] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.014] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0147.015] CoTaskMemFree (pv=0x5950bd8) [0147.015] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x26ae148, cb=0xc | out: lpmodinfo=0x26ae148*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0147.016] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.016] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0147.017] CoTaskMemFree (pv=0x5950bd8) [0147.017] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.017] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0147.018] CoTaskMemFree (pv=0x5950bd8) [0147.018] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x26b0344, cb=0xc | out: lpmodinfo=0x26b0344*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0147.019] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.019] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0147.020] CoTaskMemFree (pv=0x5950bd8) [0147.020] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.020] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0147.021] CoTaskMemFree (pv=0x5950bd8) [0147.021] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x26b2504, cb=0xc | out: lpmodinfo=0x26b2504*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0147.022] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.022] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0147.023] CoTaskMemFree (pv=0x5950bd8) [0147.023] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.023] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0147.024] CoTaskMemFree (pv=0x5950bd8) [0147.024] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x26b4660, cb=0xc | out: lpmodinfo=0x26b4660*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0147.025] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.025] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0147.026] CoTaskMemFree (pv=0x5950bd8) [0147.026] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.026] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0147.027] CoTaskMemFree (pv=0x5950bd8) [0147.027] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x26b6778, cb=0xc | out: lpmodinfo=0x26b6778*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0147.028] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.028] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0147.029] CoTaskMemFree (pv=0x5950bd8) [0147.029] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.029] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0147.030] CoTaskMemFree (pv=0x5950bd8) [0147.030] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x26b8890, cb=0xc | out: lpmodinfo=0x26b8890*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0147.031] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.031] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0147.032] CoTaskMemFree (pv=0x5950bd8) [0147.032] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.032] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0147.033] CoTaskMemFree (pv=0x5950bd8) [0147.033] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x26ba9a8, cb=0xc | out: lpmodinfo=0x26ba9a8*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0147.034] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.034] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0147.035] CoTaskMemFree (pv=0x5950bd8) [0147.035] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.035] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0147.036] CoTaskMemFree (pv=0x5950bd8) [0147.036] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x26bcac0, cb=0xc | out: lpmodinfo=0x26bcac0*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0147.037] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.037] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0147.038] CoTaskMemFree (pv=0x5950bd8) [0147.039] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.039] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0147.040] CoTaskMemFree (pv=0x5950bd8) [0147.040] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x26bebd8, cb=0xc | out: lpmodinfo=0x26bebd8*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0147.041] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.041] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0147.042] CoTaskMemFree (pv=0x5950bd8) [0147.042] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.042] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0147.043] CoTaskMemFree (pv=0x5950bd8) [0147.043] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x26c0cf4, cb=0xc | out: lpmodinfo=0x26c0cf4*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0147.044] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.044] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0147.045] CoTaskMemFree (pv=0x5950bd8) [0147.045] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.045] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0147.046] CoTaskMemFree (pv=0x5950bd8) [0147.046] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x26c2e14, cb=0xc | out: lpmodinfo=0x26c2e14*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0147.047] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.047] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0147.048] CoTaskMemFree (pv=0x5950bd8) [0147.048] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.048] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0147.049] CoTaskMemFree (pv=0x5950bd8) [0147.049] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x26c4f2c, cb=0xc | out: lpmodinfo=0x26c4f2c*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0147.050] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.050] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0147.051] CoTaskMemFree (pv=0x5950bd8) [0147.052] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.052] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0147.053] CoTaskMemFree (pv=0x5950bd8) [0147.053] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x26c7044, cb=0xc | out: lpmodinfo=0x26c7044*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0147.054] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.054] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0147.055] CoTaskMemFree (pv=0x5950bd8) [0147.055] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.055] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0147.056] CoTaskMemFree (pv=0x5950bd8) [0147.056] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x26c914c, cb=0xc | out: lpmodinfo=0x26c914c*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0147.058] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.058] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0147.059] CoTaskMemFree (pv=0x5950bd8) [0147.059] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.059] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0147.060] CoTaskMemFree (pv=0x5950bd8) [0147.060] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x26cb264, cb=0xc | out: lpmodinfo=0x26cb264*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0147.061] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.061] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0147.063] CoTaskMemFree (pv=0x5950bd8) [0147.063] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.063] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0147.064] CoTaskMemFree (pv=0x5950bd8) [0147.064] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x26cd37c, cb=0xc | out: lpmodinfo=0x26cd37c*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0147.065] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.065] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0147.066] CoTaskMemFree (pv=0x5950bd8) [0147.066] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.066] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0147.067] CoTaskMemFree (pv=0x5950bd8) [0147.068] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x26cf49c, cb=0xc | out: lpmodinfo=0x26cf49c*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0147.069] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.069] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0147.070] CoTaskMemFree (pv=0x5950bd8) [0147.070] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.070] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0147.071] CoTaskMemFree (pv=0x5950bd8) [0147.071] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x26d15b4, cb=0xc | out: lpmodinfo=0x26d15b4*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0147.073] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.073] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0147.074] CoTaskMemFree (pv=0x5950bd8) [0147.074] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.074] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0147.075] CoTaskMemFree (pv=0x5950bd8) [0147.075] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x26d36cc, cb=0xc | out: lpmodinfo=0x26d36cc*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0147.082] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.082] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0147.084] CoTaskMemFree (pv=0x5950bd8) [0147.084] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.084] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0147.085] CoTaskMemFree (pv=0x5950bd8) [0147.085] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x26d57dc, cb=0xc | out: lpmodinfo=0x26d57dc*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0147.086] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.086] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0147.088] CoTaskMemFree (pv=0x5950bd8) [0147.088] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.088] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0147.089] CoTaskMemFree (pv=0x5950bd8) [0147.089] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x26d78f4, cb=0xc | out: lpmodinfo=0x26d78f4*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0147.090] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.090] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0147.092] CoTaskMemFree (pv=0x5950bd8) [0147.092] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.092] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0147.093] CoTaskMemFree (pv=0x5950bd8) [0147.093] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x26d9a14, cb=0xc | out: lpmodinfo=0x26d9a14*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0147.095] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.095] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0147.096] CoTaskMemFree (pv=0x5950bd8) [0147.096] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.096] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0147.097] CoTaskMemFree (pv=0x5950bd8) [0147.098] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x26dbb2c, cb=0xc | out: lpmodinfo=0x26dbb2c*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0147.099] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.099] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0147.100] CoTaskMemFree (pv=0x5950bd8) [0147.100] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.100] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0147.102] CoTaskMemFree (pv=0x5950bd8) [0147.102] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x26ddc4c, cb=0xc | out: lpmodinfo=0x26ddc4c*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0147.103] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.103] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0147.104] CoTaskMemFree (pv=0x5950bd8) [0147.104] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.104] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0147.106] CoTaskMemFree (pv=0x5950bd8) [0147.106] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x26dfd6c, cb=0xc | out: lpmodinfo=0x26dfd6c*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0147.109] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.109] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0147.110] CoTaskMemFree (pv=0x5950bd8) [0147.110] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.110] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0147.111] CoTaskMemFree (pv=0x5950bd8) [0147.111] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x26e1e94, cb=0xc | out: lpmodinfo=0x26e1e94*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0147.113] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.113] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0147.114] CoTaskMemFree (pv=0x5950bd8) [0147.114] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.114] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0147.116] CoTaskMemFree (pv=0x5950bd8) [0147.116] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x26e3fac, cb=0xc | out: lpmodinfo=0x26e3fac*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0147.117] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.117] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0147.119] CoTaskMemFree (pv=0x5950bd8) [0147.119] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.119] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0147.120] CoTaskMemFree (pv=0x5950bd8) [0147.120] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x26e60cc, cb=0xc | out: lpmodinfo=0x26e60cc*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0147.122] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.122] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0147.124] CoTaskMemFree (pv=0x5950bd8) [0147.124] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.124] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0147.125] CoTaskMemFree (pv=0x5950bd8) [0147.125] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x26e81ec, cb=0xc | out: lpmodinfo=0x26e81ec*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0147.127] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.127] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0147.128] CoTaskMemFree (pv=0x5950bd8) [0147.128] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.128] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0147.130] CoTaskMemFree (pv=0x5950bd8) [0147.130] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x26ea304, cb=0xc | out: lpmodinfo=0x26ea304*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0147.131] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.131] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0147.133] CoTaskMemFree (pv=0x5950bd8) [0147.133] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.133] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0147.134] CoTaskMemFree (pv=0x5950bd8) [0147.134] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x26ec630, cb=0xc | out: lpmodinfo=0x26ec630*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0147.136] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.136] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0147.137] CoTaskMemFree (pv=0x5950bd8) [0147.137] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.137] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0147.139] CoTaskMemFree (pv=0x5950bd8) [0147.139] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x26ee748, cb=0xc | out: lpmodinfo=0x26ee748*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0147.140] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.140] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0147.142] CoTaskMemFree (pv=0x5950bd8) [0147.142] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.142] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0147.143] CoTaskMemFree (pv=0x5950bd8) [0147.143] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x26f0860, cb=0xc | out: lpmodinfo=0x26f0860*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0147.145] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.145] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0147.147] CoTaskMemFree (pv=0x5950bd8) [0147.147] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.147] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0147.148] CoTaskMemFree (pv=0x5950bd8) [0147.149] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x26f2978, cb=0xc | out: lpmodinfo=0x26f2978*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0147.150] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.150] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0147.152] CoTaskMemFree (pv=0x5950bd8) [0147.152] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.152] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0147.155] CoTaskMemFree (pv=0x5950bd8) [0147.155] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x26f4ab8, cb=0xc | out: lpmodinfo=0x26f4ab8*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0147.156] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.156] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0147.158] CoTaskMemFree (pv=0x5950bd8) [0147.158] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.158] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0147.160] CoTaskMemFree (pv=0x5950bd8) [0147.160] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x26f6bd0, cb=0xc | out: lpmodinfo=0x26f6bd0*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0147.162] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.162] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0147.163] CoTaskMemFree (pv=0x5950bd8) [0147.164] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.164] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0147.165] CoTaskMemFree (pv=0x5950bd8) [0147.165] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x26f8cec, cb=0xc | out: lpmodinfo=0x26f8cec*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0147.167] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.167] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0147.169] CoTaskMemFree (pv=0x5950bd8) [0147.169] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.169] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0147.171] CoTaskMemFree (pv=0x5950bd8) [0147.171] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x26faec0, cb=0xc | out: lpmodinfo=0x26faec0*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0147.172] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.172] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0147.175] CoTaskMemFree (pv=0x5950bd8) [0147.175] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.175] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0147.176] CoTaskMemFree (pv=0x5950bd8) [0147.176] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x26fd07c, cb=0xc | out: lpmodinfo=0x26fd07c*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0147.178] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.178] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0147.180] CoTaskMemFree (pv=0x5950bd8) [0147.180] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.180] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0147.182] CoTaskMemFree (pv=0x5950bd8) [0147.182] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x26ff1ac, cb=0xc | out: lpmodinfo=0x26ff1ac*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0147.183] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.183] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0147.185] CoTaskMemFree (pv=0x5950bd8) [0147.185] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.185] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0147.189] CoTaskMemFree (pv=0x5950bd8) [0147.189] CloseHandle (hObject=0x640) returned 1 [0147.190] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0147.190] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0147.190] lstrlenA (lpString="ActivateActCtx") returned 14 [0147.190] lstrlenA (lpString="AddAtomA") returned 8 [0147.190] lstrlenA (lpString="AddAtomW") returned 8 [0147.190] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0147.190] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0147.191] lstrlenA (lpString="AddDllDirectory") returned 15 [0147.191] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0147.191] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0147.191] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0147.191] lstrlenA (lpString="AddRefActCtx") returned 12 [0147.191] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0147.191] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0147.191] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0147.191] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0147.192] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0147.192] lstrlenA (lpString="AllocConsole") returned 12 [0147.192] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0147.192] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0147.192] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0147.192] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0147.193] lstrlenA (lpString="AreFileApisANSI") returned 15 [0147.193] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0147.193] lstrlenA (lpString="AttachConsole") returned 13 [0147.193] lstrlenA (lpString="BackupRead") returned 10 [0147.193] lstrlenA (lpString="BackupSeek") returned 10 [0147.193] lstrlenA (lpString="BackupWrite") returned 11 [0147.193] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0147.193] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0147.194] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0147.194] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0147.194] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0147.194] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0147.194] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0147.194] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0147.194] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0147.194] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0147.194] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0147.194] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0147.195] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0147.195] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0147.195] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0147.195] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0147.195] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0147.195] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0147.195] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0147.195] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0147.195] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0147.196] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0147.196] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0147.196] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0147.196] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0147.196] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0147.196] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0147.196] lstrlenA (lpString="Beep") returned 4 [0147.196] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0147.196] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0147.196] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0147.197] lstrlenA (lpString="BuildCommDCBA") returned 13 [0147.197] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0147.197] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0147.197] lstrlenA (lpString="BuildCommDCBW") returned 13 [0147.197] lstrlenA (lpString="CallNamedPipeA") returned 14 [0147.197] lstrlenA (lpString="CallNamedPipeW") returned 14 [0147.197] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0147.197] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0147.197] lstrlenA (lpString="CancelIo") returned 8 [0147.197] lstrlenA (lpString="CancelIoEx") returned 10 [0147.198] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0147.198] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0147.198] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0147.198] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0147.198] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0147.198] lstrlenA (lpString="CheckElevation") returned 14 [0147.198] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0147.198] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0147.198] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0147.198] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0147.199] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0147.199] lstrlenA (lpString="ClearCommBreak") returned 14 [0147.199] lstrlenA (lpString="ClearCommError") returned 14 [0147.199] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0147.199] lstrlenA (lpString="CloseHandle") returned 11 [0147.199] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0147.199] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0147.199] lstrlenA (lpString="CloseThreadpool") returned 15 [0147.199] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0147.199] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0147.200] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0147.200] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0147.200] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0147.200] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0147.204] lstrlenA (lpString="CmdBatNotification") returned 18 [0147.204] lstrlenA (lpString="CommConfigDialogA") returned 17 [0147.204] lstrlenA (lpString="CommConfigDialogW") returned 17 [0147.204] lstrlenA (lpString="CompareCalendarDates") returned 20 [0147.204] lstrlenA (lpString="CompareFileTime") returned 15 [0147.204] lstrlenA (lpString="CompareStringA") returned 14 [0147.204] lstrlenA (lpString="CompareStringEx") returned 15 [0147.205] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0147.205] lstrlenA (lpString="CompareStringW") returned 14 [0147.205] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0147.205] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0147.205] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0147.205] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0147.205] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0147.205] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0147.205] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0147.206] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0147.206] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0147.206] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0147.206] lstrlenA (lpString="CopyContext") returned 11 [0147.206] lstrlenA (lpString="CopyFileA") returned 9 [0147.206] lstrlenA (lpString="CopyFileExA") returned 11 [0147.206] lstrlenA (lpString="CopyFileExW") returned 11 [0147.206] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0147.206] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0147.206] lstrlenA (lpString="CopyFileW") returned 9 [0147.207] lstrlenA (lpString="CopyLZFile") returned 10 [0147.207] lstrlenA (lpString="CreateActCtxA") returned 13 [0147.207] lstrlenA (lpString="CreateActCtxW") returned 13 [0147.207] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0147.207] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0147.207] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0147.207] lstrlenA (lpString="CreateDirectoryA") returned 16 [0147.207] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0147.207] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0147.207] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0147.207] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0147.208] lstrlenA (lpString="CreateDirectoryW") returned 16 [0147.208] lstrlenA (lpString="CreateEventA") returned 12 [0147.208] lstrlenA (lpString="CreateEventExA") returned 14 [0147.208] lstrlenA (lpString="CreateEventExW") returned 14 [0147.208] lstrlenA (lpString="CreateEventW") returned 12 [0147.208] lstrlenA (lpString="CreateFiber") returned 11 [0147.208] lstrlenA (lpString="CreateFiberEx") returned 13 [0147.208] lstrlenA (lpString="CreateFileA") returned 11 [0147.208] lstrlenA (lpString="CreateFileMappingA") returned 18 [0147.208] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0147.208] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0147.208] lstrlenA (lpString="CreateFileMappingW") returned 18 [0147.208] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0147.208] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0147.209] lstrlenA (lpString="CreateFileW") returned 11 [0147.209] lstrlenA (lpString="CreateHardLinkA") returned 15 [0147.209] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0147.209] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0147.209] lstrlenA (lpString="CreateHardLinkW") returned 15 [0147.209] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0147.209] lstrlenA (lpString="CreateJobObjectA") returned 16 [0147.209] lstrlenA (lpString="CreateJobObjectW") returned 16 [0147.209] lstrlenA (lpString="CreateJobSet") returned 12 [0147.209] lstrlenA (lpString="CreateMailslotA") returned 15 [0147.209] lstrlenA (lpString="CreateMailslotW") returned 15 [0147.209] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0147.209] lstrlenA (lpString="CreateMutexA") returned 12 [0147.209] lstrlenA (lpString="CreateMutexExA") returned 14 [0147.210] lstrlenA (lpString="CreateMutexExW") returned 14 [0147.210] lstrlenA (lpString="CreateMutexW") returned 12 [0147.210] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0147.210] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0147.210] lstrlenA (lpString="CreatePipe") returned 10 [0147.210] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0147.210] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0147.210] lstrlenA (lpString="CreateProcessA") returned 14 [0147.210] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0147.210] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0147.210] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0147.210] lstrlenA (lpString="CreateProcessW") returned 14 [0147.210] lstrlenA (lpString="CreateRemoteThread") returned 18 [0147.210] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0147.210] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0147.211] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0147.211] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0147.211] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0147.211] lstrlenA (lpString="CreateSocketHandle") returned 18 [0147.211] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0147.211] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0147.211] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0147.211] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0147.211] lstrlenA (lpString="CreateTapePartition") returned 19 [0147.211] lstrlenA (lpString="CreateThread") returned 12 [0147.211] lstrlenA (lpString="CreateThreadpool") returned 16 [0147.211] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0147.211] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0147.211] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0147.212] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0147.212] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0147.212] lstrlenA (lpString="CreateTimerQueue") returned 16 [0147.212] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0147.212] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0147.212] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0147.212] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0147.212] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0147.212] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0147.212] lstrlenA (lpString="CtrlRoutine") returned 11 [0147.212] lstrlenA (lpString="DeactivateActCtx") returned 16 [0147.212] lstrlenA (lpString="DebugActiveProcess") returned 18 [0147.212] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0147.212] lstrlenA (lpString="DebugBreak") returned 10 [0147.213] lstrlenA (lpString="DebugBreakProcess") returned 17 [0147.213] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0147.213] lstrlenA (lpString="DecodePointer") returned 13 [0147.213] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0147.213] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0147.213] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0147.213] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0147.213] lstrlenA (lpString="DeleteAtom") returned 10 [0147.213] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0147.213] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0147.213] lstrlenA (lpString="DeleteFiber") returned 11 [0147.213] lstrlenA (lpString="DeleteFileA") returned 11 [0147.213] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0147.214] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0147.214] lstrlenA (lpString="DeleteFileW") returned 11 [0147.214] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0147.214] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0147.214] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0147.214] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0147.214] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0147.214] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0147.214] lstrlenA (lpString="DeviceIoControl") returned 15 [0147.214] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0147.214] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0147.214] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0147.214] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0147.214] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0147.214] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0147.215] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0147.215] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0147.215] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0147.215] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0147.215] lstrlenA (lpString="DuplicateHandle") returned 15 [0147.215] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0147.215] lstrlenA (lpString="EncodePointer") returned 13 [0147.215] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0147.215] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0147.215] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0147.215] lstrlenA (lpString="EnterCriticalSection") returned 20 [0147.215] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0147.215] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0147.215] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0147.216] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0147.216] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0147.216] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0147.216] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0147.216] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0147.216] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0147.217] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x436000, lpBuffer=0x265d0c0*, nSize=0x600, lpNumberOfBytesWritten=0x271373c | out: lpBuffer=0x265d0c0*, lpNumberOfBytesWritten=0x271373c*=0x600) returned 1 [0147.267] EnumProcessModules (in: hProcess=0x640, lphModule=0x271affc, cb=0x100, lpcbNeeded=0x2dc658 | out: lphModule=0x271affc, lpcbNeeded=0x2dc658) returned 1 [0147.268] EnumProcessModules (in: hProcess=0x640, lphModule=0x271b108, cb=0x200, lpcbNeeded=0x2dc658 | out: lphModule=0x271b108, lpcbNeeded=0x2dc658) returned 1 [0147.269] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x271b348, cb=0xc | out: lpmodinfo=0x271b348*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0147.270] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.270] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0147.270] CoTaskMemFree (pv=0x5950bd8) [0147.270] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.270] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0147.270] CoTaskMemFree (pv=0x5950bd8) [0147.270] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x271d498, cb=0xc | out: lpmodinfo=0x271d498*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0147.270] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.270] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0147.271] CoTaskMemFree (pv=0x5950bd8) [0147.271] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.271] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0147.271] CoTaskMemFree (pv=0x5950bd8) [0147.271] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x271f5a8, cb=0xc | out: lpmodinfo=0x271f5a8*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0147.271] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.271] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0147.271] CoTaskMemFree (pv=0x5950bd8) [0147.271] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.271] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0147.272] CoTaskMemFree (pv=0x5950bd8) [0147.272] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x27216c0, cb=0xc | out: lpmodinfo=0x27216c0*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0147.272] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.272] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0147.272] CoTaskMemFree (pv=0x5950bd8) [0147.272] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.272] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0147.273] CoTaskMemFree (pv=0x5950bd8) [0147.273] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x27237e0, cb=0xc | out: lpmodinfo=0x27237e0*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0147.273] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.273] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0147.273] CoTaskMemFree (pv=0x5950bd8) [0147.273] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.273] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0147.273] CoTaskMemFree (pv=0x5950bd8) [0147.274] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x2725934, cb=0xc | out: lpmodinfo=0x2725934*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0147.274] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.274] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0147.274] CoTaskMemFree (pv=0x5950bd8) [0147.274] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.274] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0147.274] CoTaskMemFree (pv=0x5950bd8) [0147.274] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x2727a54, cb=0xc | out: lpmodinfo=0x2727a54*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0147.275] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.275] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0147.275] CoTaskMemFree (pv=0x5950bd8) [0147.275] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.275] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0147.275] CoTaskMemFree (pv=0x5950bd8) [0147.275] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x2729b6c, cb=0xc | out: lpmodinfo=0x2729b6c*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0147.276] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.276] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0147.276] CoTaskMemFree (pv=0x5950bd8) [0147.276] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.276] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0147.276] CoTaskMemFree (pv=0x5950bd8) [0147.276] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x272bc84, cb=0xc | out: lpmodinfo=0x272bc84*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0147.276] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.277] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0147.277] CoTaskMemFree (pv=0x5950bd8) [0147.277] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.277] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0147.277] CoTaskMemFree (pv=0x5950bd8) [0147.277] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x272dde8, cb=0xc | out: lpmodinfo=0x272dde8*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0147.277] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.277] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0147.278] CoTaskMemFree (pv=0x5950bd8) [0147.278] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.278] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0147.278] CoTaskMemFree (pv=0x5950bd8) [0147.278] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x272ff00, cb=0xc | out: lpmodinfo=0x272ff00*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0147.279] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.279] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0147.279] CoTaskMemFree (pv=0x5950bd8) [0147.279] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.279] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0147.279] CoTaskMemFree (pv=0x5950bd8) [0147.279] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x2732020, cb=0xc | out: lpmodinfo=0x2732020*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0147.280] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.280] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0147.280] CoTaskMemFree (pv=0x5950bd8) [0147.280] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.280] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0147.281] CoTaskMemFree (pv=0x5950bd8) [0147.281] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x2734174, cb=0xc | out: lpmodinfo=0x2734174*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0147.281] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.281] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0147.281] CoTaskMemFree (pv=0x5950bd8) [0147.282] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.282] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0147.282] CoTaskMemFree (pv=0x5950bd8) [0147.282] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x27362e4, cb=0xc | out: lpmodinfo=0x27362e4*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0147.282] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.282] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0147.283] CoTaskMemFree (pv=0x5950bd8) [0147.283] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.283] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0147.283] CoTaskMemFree (pv=0x5950bd8) [0147.283] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x27383fc, cb=0xc | out: lpmodinfo=0x27383fc*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0147.284] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.284] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0147.284] CoTaskMemFree (pv=0x5950bd8) [0147.284] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.284] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0147.285] CoTaskMemFree (pv=0x5950bd8) [0147.285] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x273a50c, cb=0xc | out: lpmodinfo=0x273a50c*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0147.285] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.285] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0147.285] CoTaskMemFree (pv=0x5950bd8) [0147.285] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.285] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0147.286] CoTaskMemFree (pv=0x5950bd8) [0147.286] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x273c624, cb=0xc | out: lpmodinfo=0x273c624*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0147.286] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.286] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0147.287] CoTaskMemFree (pv=0x5950bd8) [0147.287] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.287] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0147.287] CoTaskMemFree (pv=0x5950bd8) [0147.287] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x273e7b8, cb=0xc | out: lpmodinfo=0x273e7b8*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0147.288] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.288] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0147.288] CoTaskMemFree (pv=0x5950bd8) [0147.288] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.288] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0147.289] CoTaskMemFree (pv=0x5950bd8) [0147.289] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x27408c8, cb=0xc | out: lpmodinfo=0x27408c8*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0147.289] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.289] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0147.290] CoTaskMemFree (pv=0x5950bd8) [0147.290] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.290] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0147.290] CoTaskMemFree (pv=0x5950bd8) [0147.290] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x27429d8, cb=0xc | out: lpmodinfo=0x27429d8*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0147.291] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.291] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0147.291] CoTaskMemFree (pv=0x5950bd8) [0147.291] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.291] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0147.292] CoTaskMemFree (pv=0x5950bd8) [0147.292] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x2744ae8, cb=0xc | out: lpmodinfo=0x2744ae8*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0147.292] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.292] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0147.293] CoTaskMemFree (pv=0x5950bd8) [0147.293] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.293] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0147.293] CoTaskMemFree (pv=0x5950bd8) [0147.293] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x2746c00, cb=0xc | out: lpmodinfo=0x2746c00*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0147.294] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.294] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0147.294] CoTaskMemFree (pv=0x5950bd8) [0147.294] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.294] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0147.295] CoTaskMemFree (pv=0x5950bd8) [0147.295] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x2748d48, cb=0xc | out: lpmodinfo=0x2748d48*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0147.295] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.295] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0147.296] CoTaskMemFree (pv=0x5950bd8) [0147.296] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.296] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0147.297] CoTaskMemFree (pv=0x5950bd8) [0147.297] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x274ae98, cb=0xc | out: lpmodinfo=0x274ae98*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0147.297] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.297] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0147.298] CoTaskMemFree (pv=0x5950bd8) [0147.298] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.298] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0147.298] CoTaskMemFree (pv=0x5950bd8) [0147.298] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x274cfd8, cb=0xc | out: lpmodinfo=0x274cfd8*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0147.299] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.299] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0147.299] CoTaskMemFree (pv=0x5950bd8) [0147.299] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.299] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0147.300] CoTaskMemFree (pv=0x5950bd8) [0147.300] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x274f18c, cb=0xc | out: lpmodinfo=0x274f18c*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0147.300] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.300] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0147.301] CoTaskMemFree (pv=0x5950bd8) [0147.301] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.301] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0147.302] CoTaskMemFree (pv=0x5950bd8) [0147.302] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x275129c, cb=0xc | out: lpmodinfo=0x275129c*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0147.302] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.302] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0147.303] CoTaskMemFree (pv=0x5950bd8) [0147.303] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.303] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0147.304] CoTaskMemFree (pv=0x5950bd8) [0147.304] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x27533b4, cb=0xc | out: lpmodinfo=0x27533b4*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0147.304] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.304] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0147.305] CoTaskMemFree (pv=0x5950bd8) [0147.305] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.305] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0147.306] CoTaskMemFree (pv=0x5950bd8) [0147.306] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x2755524, cb=0xc | out: lpmodinfo=0x2755524*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0147.306] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.306] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0147.307] CoTaskMemFree (pv=0x5950bd8) [0147.307] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.307] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0147.308] CoTaskMemFree (pv=0x5950bd8) [0147.308] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x2757670, cb=0xc | out: lpmodinfo=0x2757670*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0147.308] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.308] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0147.309] CoTaskMemFree (pv=0x5950bd8) [0147.309] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.309] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0147.310] CoTaskMemFree (pv=0x5950bd8) [0147.310] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x2759790, cb=0xc | out: lpmodinfo=0x2759790*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0147.311] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.311] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0147.312] CoTaskMemFree (pv=0x5950bd8) [0147.312] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.312] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0147.313] CoTaskMemFree (pv=0x5950bd8) [0147.313] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x275b938, cb=0xc | out: lpmodinfo=0x275b938*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0147.313] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.313] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0147.314] CoTaskMemFree (pv=0x5950bd8) [0147.314] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.314] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0147.315] CoTaskMemFree (pv=0x5950bd8) [0147.315] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x275db00, cb=0xc | out: lpmodinfo=0x275db00*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0147.316] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.316] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0147.317] CoTaskMemFree (pv=0x5950bd8) [0147.317] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.317] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0147.318] CoTaskMemFree (pv=0x5950bd8) [0147.318] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x275fe0c, cb=0xc | out: lpmodinfo=0x275fe0c*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0147.319] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.319] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0147.320] CoTaskMemFree (pv=0x5950bd8) [0147.320] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.320] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0147.321] CoTaskMemFree (pv=0x5950bd8) [0147.321] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x2761fe4, cb=0xc | out: lpmodinfo=0x2761fe4*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0147.322] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.322] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0147.322] CoTaskMemFree (pv=0x5950bd8) [0147.322] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.322] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0147.323] CoTaskMemFree (pv=0x5950bd8) [0147.323] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x27641e0, cb=0xc | out: lpmodinfo=0x27641e0*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0147.324] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.324] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0147.325] CoTaskMemFree (pv=0x5950bd8) [0147.325] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.325] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0147.326] CoTaskMemFree (pv=0x5950bd8) [0147.326] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x27663dc, cb=0xc | out: lpmodinfo=0x27663dc*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0147.327] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.327] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0147.327] CoTaskMemFree (pv=0x5950bd8) [0147.327] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.327] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0147.328] CoTaskMemFree (pv=0x5950bd8) [0147.328] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x276859c, cb=0xc | out: lpmodinfo=0x276859c*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0147.329] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.329] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0147.330] CoTaskMemFree (pv=0x5950bd8) [0147.330] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.330] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0147.331] CoTaskMemFree (pv=0x5950bd8) [0147.331] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x276a6f8, cb=0xc | out: lpmodinfo=0x276a6f8*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0147.331] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.331] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0147.332] CoTaskMemFree (pv=0x5950bd8) [0147.332] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.332] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0147.333] CoTaskMemFree (pv=0x5950bd8) [0147.333] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x276c810, cb=0xc | out: lpmodinfo=0x276c810*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0147.334] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.334] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0147.335] CoTaskMemFree (pv=0x5950bd8) [0147.335] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.335] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0147.336] CoTaskMemFree (pv=0x5950bd8) [0147.336] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x276e928, cb=0xc | out: lpmodinfo=0x276e928*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0147.337] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.337] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0147.338] CoTaskMemFree (pv=0x5950bd8) [0147.338] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.338] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0147.339] CoTaskMemFree (pv=0x5950bd8) [0147.339] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x2770a40, cb=0xc | out: lpmodinfo=0x2770a40*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0147.340] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.340] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0147.341] CoTaskMemFree (pv=0x5950bd8) [0147.341] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.341] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0147.343] CoTaskMemFree (pv=0x5950bd8) [0147.343] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x2772b58, cb=0xc | out: lpmodinfo=0x2772b58*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0147.344] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.344] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0147.345] CoTaskMemFree (pv=0x5950bd8) [0147.345] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.345] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0147.347] CoTaskMemFree (pv=0x5950bd8) [0147.347] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x2774c70, cb=0xc | out: lpmodinfo=0x2774c70*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0147.348] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.348] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0147.349] CoTaskMemFree (pv=0x5950bd8) [0147.350] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.350] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0147.351] CoTaskMemFree (pv=0x5950bd8) [0147.351] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x2776d8c, cb=0xc | out: lpmodinfo=0x2776d8c*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0147.352] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.352] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0147.353] CoTaskMemFree (pv=0x5950bd8) [0147.353] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.353] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0147.354] CoTaskMemFree (pv=0x5950bd8) [0147.354] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x2778eac, cb=0xc | out: lpmodinfo=0x2778eac*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0147.355] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.355] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0147.356] CoTaskMemFree (pv=0x5950bd8) [0147.356] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.356] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0147.357] CoTaskMemFree (pv=0x5950bd8) [0147.357] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x277afc4, cb=0xc | out: lpmodinfo=0x277afc4*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0147.358] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.358] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0147.359] CoTaskMemFree (pv=0x5950bd8) [0147.359] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.359] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0147.361] CoTaskMemFree (pv=0x5950bd8) [0147.361] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x277d0dc, cb=0xc | out: lpmodinfo=0x277d0dc*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0147.362] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.362] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0147.363] CoTaskMemFree (pv=0x5950bd8) [0147.363] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.363] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0147.364] CoTaskMemFree (pv=0x5950bd8) [0147.364] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x277f1e4, cb=0xc | out: lpmodinfo=0x277f1e4*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0147.365] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.365] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0147.366] CoTaskMemFree (pv=0x5950bd8) [0147.366] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.366] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0147.368] CoTaskMemFree (pv=0x5950bd8) [0147.368] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x27812fc, cb=0xc | out: lpmodinfo=0x27812fc*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0147.369] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.369] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0147.370] CoTaskMemFree (pv=0x5950bd8) [0147.370] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0147.371] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x2783414, cb=0xc | out: lpmodinfo=0x2783414*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0147.374] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0147.375] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0147.376] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x2785534, cb=0xc | out: lpmodinfo=0x2785534*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0147.377] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0147.379] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0147.380] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x278764c, cb=0xc | out: lpmodinfo=0x278764c*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0147.381] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0147.382] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0147.383] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x2789764, cb=0xc | out: lpmodinfo=0x2789764*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0147.385] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0147.386] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0147.387] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x278b874, cb=0xc | out: lpmodinfo=0x278b874*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0147.388] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0147.390] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0147.391] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x278d98c, cb=0xc | out: lpmodinfo=0x278d98c*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0147.392] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0147.393] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0147.394] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x278faac, cb=0xc | out: lpmodinfo=0x278faac*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0147.395] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0147.396] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0147.397] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x2791bc4, cb=0xc | out: lpmodinfo=0x2791bc4*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0147.399] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0147.400] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0147.401] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x2793ce4, cb=0xc | out: lpmodinfo=0x2793ce4*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0147.403] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0147.404] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0147.406] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x2795e04, cb=0xc | out: lpmodinfo=0x2795e04*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0147.407] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0147.408] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0147.410] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x2797f2c, cb=0xc | out: lpmodinfo=0x2797f2c*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0147.411] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0147.412] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0147.414] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x279a044, cb=0xc | out: lpmodinfo=0x279a044*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0147.415] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0147.417] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0147.418] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x279c164, cb=0xc | out: lpmodinfo=0x279c164*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0147.420] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0147.421] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0147.422] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x279e284, cb=0xc | out: lpmodinfo=0x279e284*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0147.424] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0147.425] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0147.427] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x27a039c, cb=0xc | out: lpmodinfo=0x27a039c*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0147.428] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0147.430] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0147.431] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x27a26c8, cb=0xc | out: lpmodinfo=0x27a26c8*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0147.433] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0147.435] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0147.436] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x27a47e0, cb=0xc | out: lpmodinfo=0x27a47e0*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0147.438] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0147.439] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0147.441] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x27a68f8, cb=0xc | out: lpmodinfo=0x27a68f8*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0147.442] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0147.444] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0147.445] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x27a8a10, cb=0xc | out: lpmodinfo=0x27a8a10*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0147.447] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0147.449] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0147.450] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x27aab50, cb=0xc | out: lpmodinfo=0x27aab50*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0147.453] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0147.454] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0147.456] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x27acc68, cb=0xc | out: lpmodinfo=0x27acc68*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0147.458] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0147.459] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0147.461] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x27aed84, cb=0xc | out: lpmodinfo=0x27aed84*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0147.462] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0147.464] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0147.466] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x27b0f58, cb=0xc | out: lpmodinfo=0x27b0f58*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0147.468] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0147.469] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0147.471] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x27b3114, cb=0xc | out: lpmodinfo=0x27b3114*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0147.473] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0147.474] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0147.476] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x27b5244, cb=0xc | out: lpmodinfo=0x27b5244*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0147.478] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0147.479] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0147.484] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x438000, lpBuffer=0x2713758*, nSize=0x200, lpNumberOfBytesWritten=0x27c97d4 | out: lpBuffer=0x2713758*, lpNumberOfBytesWritten=0x27c97d4*=0x200) returned 1 [0147.574] EnumProcessModules (in: hProcess=0x640, lphModule=0x27d0e98, cb=0x100, lpcbNeeded=0x2dc658 | out: lphModule=0x27d0e98, lpcbNeeded=0x2dc658) returned 1 [0147.576] EnumProcessModules (in: hProcess=0x640, lphModule=0x27d0fa4, cb=0x200, lpcbNeeded=0x2dc658 | out: lphModule=0x27d0fa4, lpcbNeeded=0x2dc658) returned 1 [0147.577] GetModuleInformation (in: hProcess=0x640, hModule=0x10b0000, lpmodinfo=0x27d11e4, cb=0xc | out: lpmodinfo=0x27d11e4*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0147.578] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.578] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0147.578] CoTaskMemFree (pv=0x5950bd8) [0147.578] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.578] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0147.578] CoTaskMemFree (pv=0x5950bd8) [0147.578] GetModuleInformation (in: hProcess=0x640, hModule=0x76f00000, lpmodinfo=0x27d3334, cb=0xc | out: lpmodinfo=0x27d3334*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0147.578] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.578] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0147.579] CoTaskMemFree (pv=0x5950bd8) [0147.579] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.579] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0147.579] CoTaskMemFree (pv=0x5950bd8) [0147.579] GetModuleInformation (in: hProcess=0x640, hModule=0x73500000, lpmodinfo=0x27d5444, cb=0xc | out: lpmodinfo=0x27d5444*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0147.579] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.579] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0147.579] CoTaskMemFree (pv=0x5950bd8) [0147.580] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.580] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0147.580] CoTaskMemFree (pv=0x5950bd8) [0147.580] GetModuleInformation (in: hProcess=0x640, hModule=0x752b0000, lpmodinfo=0x27d755c, cb=0xc | out: lpmodinfo=0x27d755c*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0147.580] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.580] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0147.580] CoTaskMemFree (pv=0x5950bd8) [0147.580] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.580] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0147.581] CoTaskMemFree (pv=0x5950bd8) [0147.581] GetModuleInformation (in: hProcess=0x640, hModule=0x753c0000, lpmodinfo=0x27d967c, cb=0xc | out: lpmodinfo=0x27d967c*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0147.581] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.581] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0147.581] CoTaskMemFree (pv=0x5950bd8) [0147.581] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.581] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0147.582] CoTaskMemFree (pv=0x5950bd8) [0147.582] GetModuleInformation (in: hProcess=0x640, hModule=0x76a60000, lpmodinfo=0x27db7d0, cb=0xc | out: lpmodinfo=0x27db7d0*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0147.582] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.582] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0147.582] CoTaskMemFree (pv=0x5950bd8) [0147.582] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.583] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0147.583] CoTaskMemFree (pv=0x5950bd8) [0147.583] GetModuleInformation (in: hProcess=0x640, hModule=0x75410000, lpmodinfo=0x27dd8f0, cb=0xc | out: lpmodinfo=0x27dd8f0*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0147.583] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.583] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0147.584] CoTaskMemFree (pv=0x5950bd8) [0147.584] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.584] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0147.584] CoTaskMemFree (pv=0x5950bd8) [0147.584] GetModuleInformation (in: hProcess=0x640, hModule=0x759a0000, lpmodinfo=0x27dfa08, cb=0xc | out: lpmodinfo=0x27dfa08*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0147.584] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.584] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0147.585] CoTaskMemFree (pv=0x5950bd8) [0147.585] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.585] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0147.585] CoTaskMemFree (pv=0x5950bd8) [0147.585] GetModuleInformation (in: hProcess=0x640, hModule=0x76970000, lpmodinfo=0x27e1b20, cb=0xc | out: lpmodinfo=0x27e1b20*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0147.586] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.586] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0147.586] CoTaskMemFree (pv=0x5950bd8) [0147.586] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.586] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0147.586] CoTaskMemFree (pv=0x5950bd8) [0147.586] GetModuleInformation (in: hProcess=0x640, hModule=0x74a50000, lpmodinfo=0x27e3c84, cb=0xc | out: lpmodinfo=0x27e3c84*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0147.587] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.587] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0147.587] CoTaskMemFree (pv=0x5950bd8) [0147.587] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.587] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0147.588] CoTaskMemFree (pv=0x5950bd8) [0147.588] GetModuleInformation (in: hProcess=0x640, hModule=0x74a40000, lpmodinfo=0x27e5d9c, cb=0xc | out: lpmodinfo=0x27e5d9c*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0147.588] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.588] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0147.589] CoTaskMemFree (pv=0x5950bd8) [0147.589] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.589] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0147.589] CoTaskMemFree (pv=0x5950bd8) [0147.589] GetModuleInformation (in: hProcess=0x640, hModule=0x733b0000, lpmodinfo=0x27e7ebc, cb=0xc | out: lpmodinfo=0x27e7ebc*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0147.590] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.590] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0147.590] CoTaskMemFree (pv=0x5950bd8) [0147.590] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.590] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0147.591] CoTaskMemFree (pv=0x5950bd8) [0147.591] GetModuleInformation (in: hProcess=0x640, hModule=0x734f0000, lpmodinfo=0x27ea010, cb=0xc | out: lpmodinfo=0x27ea010*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0147.591] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.591] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0147.592] CoTaskMemFree (pv=0x5950bd8) [0147.592] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.592] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0147.592] CoTaskMemFree (pv=0x5950bd8) [0147.592] GetModuleInformation (in: hProcess=0x640, hModule=0x751c0000, lpmodinfo=0x27ec180, cb=0xc | out: lpmodinfo=0x27ec180*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0147.593] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.593] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0147.593] CoTaskMemFree (pv=0x5950bd8) [0147.593] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.593] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0147.594] CoTaskMemFree (pv=0x5950bd8) [0147.594] GetModuleInformation (in: hProcess=0x640, hModule=0x75220000, lpmodinfo=0x27ee298, cb=0xc | out: lpmodinfo=0x27ee298*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0147.594] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.594] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0147.595] CoTaskMemFree (pv=0x5950bd8) [0147.595] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.595] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0147.595] CoTaskMemFree (pv=0x5950bd8) [0147.595] GetModuleInformation (in: hProcess=0x640, hModule=0x76860000, lpmodinfo=0x27f03a8, cb=0xc | out: lpmodinfo=0x27f03a8*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0147.596] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.596] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0147.596] CoTaskMemFree (pv=0x5950bd8) [0147.596] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.596] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0147.597] CoTaskMemFree (pv=0x5950bd8) [0147.597] GetModuleInformation (in: hProcess=0x640, hModule=0x759c0000, lpmodinfo=0x27f24c0, cb=0xc | out: lpmodinfo=0x27f24c0*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0147.598] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.598] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0147.598] CoTaskMemFree (pv=0x5950bd8) [0147.598] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.598] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0147.599] CoTaskMemFree (pv=0x5950bd8) [0147.599] GetModuleInformation (in: hProcess=0x640, hModule=0x74d40000, lpmodinfo=0x27f4654, cb=0xc | out: lpmodinfo=0x27f4654*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0147.599] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.599] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0147.600] CoTaskMemFree (pv=0x5950bd8) [0147.600] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.600] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0147.601] CoTaskMemFree (pv=0x5950bd8) [0147.601] GetModuleInformation (in: hProcess=0x640, hModule=0x75550000, lpmodinfo=0x27f6764, cb=0xc | out: lpmodinfo=0x27f6764*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0147.601] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.601] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0147.602] CoTaskMemFree (pv=0x5950bd8) [0147.602] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.602] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0147.602] CoTaskMemFree (pv=0x5950bd8) [0147.602] GetModuleInformation (in: hProcess=0x640, hModule=0x74c40000, lpmodinfo=0x27f8874, cb=0xc | out: lpmodinfo=0x27f8874*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0147.603] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.603] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0147.604] CoTaskMemFree (pv=0x5950bd8) [0147.604] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.604] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0147.604] CoTaskMemFree (pv=0x5950bd8) [0147.604] GetModuleInformation (in: hProcess=0x640, hModule=0x733a0000, lpmodinfo=0x27fa984, cb=0xc | out: lpmodinfo=0x27fa984*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0147.605] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.605] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0147.606] CoTaskMemFree (pv=0x5950bd8) [0147.606] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.606] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0147.613] CoTaskMemFree (pv=0x5950bd8) [0147.613] GetModuleInformation (in: hProcess=0x640, hModule=0x71770000, lpmodinfo=0x27fca9c, cb=0xc | out: lpmodinfo=0x27fca9c*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0147.614] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.614] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0147.614] CoTaskMemFree (pv=0x5950bd8) [0147.614] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.614] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0147.615] CoTaskMemFree (pv=0x5950bd8) [0147.615] GetModuleInformation (in: hProcess=0x640, hModule=0x73600000, lpmodinfo=0x27febd8, cb=0xc | out: lpmodinfo=0x27febd8*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0147.616] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.616] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0147.616] CoTaskMemFree (pv=0x5950bd8) [0147.616] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.617] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0147.617] CoTaskMemFree (pv=0x5950bd8) [0147.617] GetModuleInformation (in: hProcess=0x640, hModule=0x73550000, lpmodinfo=0x2800d34, cb=0xc | out: lpmodinfo=0x2800d34*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0147.618] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.618] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0147.619] CoTaskMemFree (pv=0x5950bd8) [0147.619] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.619] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0147.619] CoTaskMemFree (pv=0x5950bd8) [0147.619] GetModuleInformation (in: hProcess=0x640, hModule=0x70360000, lpmodinfo=0x2802e74, cb=0xc | out: lpmodinfo=0x2802e74*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0147.620] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.620] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0147.621] CoTaskMemFree (pv=0x5950bd8) [0147.621] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.621] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0147.624] CoTaskMemFree (pv=0x5950bd8) [0147.624] GetModuleInformation (in: hProcess=0x640, hModule=0x75740000, lpmodinfo=0x2805028, cb=0xc | out: lpmodinfo=0x2805028*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0147.625] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.625] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0147.625] CoTaskMemFree (pv=0x5950bd8) [0147.625] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.625] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0147.626] CoTaskMemFree (pv=0x5950bd8) [0147.626] GetModuleInformation (in: hProcess=0x640, hModule=0x73a10000, lpmodinfo=0x2807138, cb=0xc | out: lpmodinfo=0x2807138*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0147.627] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.627] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0147.628] CoTaskMemFree (pv=0x5950bd8) [0147.628] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.628] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0147.628] CoTaskMemFree (pv=0x5950bd8) [0147.629] GetModuleInformation (in: hProcess=0x640, hModule=0x74a20000, lpmodinfo=0x2809250, cb=0xc | out: lpmodinfo=0x2809250*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0147.629] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.629] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0147.630] CoTaskMemFree (pv=0x5950bd8) [0147.630] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.630] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0147.631] CoTaskMemFree (pv=0x5950bd8) [0147.631] GetModuleInformation (in: hProcess=0x640, hModule=0x74990000, lpmodinfo=0x280b3c0, cb=0xc | out: lpmodinfo=0x280b3c0*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0147.632] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.632] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0147.632] CoTaskMemFree (pv=0x5950bd8) [0147.632] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.633] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0147.633] CoTaskMemFree (pv=0x5950bd8) [0147.633] GetModuleInformation (in: hProcess=0x640, hModule=0x75130000, lpmodinfo=0x280d50c, cb=0xc | out: lpmodinfo=0x280d50c*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0147.634] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.634] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0147.635] CoTaskMemFree (pv=0x5950bd8) [0147.635] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.635] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0147.636] CoTaskMemFree (pv=0x5950bd8) [0147.636] GetModuleInformation (in: hProcess=0x640, hModule=0x6eea0000, lpmodinfo=0x280f62c, cb=0xc | out: lpmodinfo=0x280f62c*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0147.637] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.637] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0147.638] CoTaskMemFree (pv=0x5950bd8) [0147.638] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.638] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0147.639] CoTaskMemFree (pv=0x5950bd8) [0147.639] GetModuleInformation (in: hProcess=0x640, hModule=0x6fb40000, lpmodinfo=0x28117d4, cb=0xc | out: lpmodinfo=0x28117d4*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0147.639] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.639] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0147.640] CoTaskMemFree (pv=0x5950bd8) [0147.640] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.640] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0147.641] CoTaskMemFree (pv=0x5950bd8) [0147.641] GetModuleInformation (in: hProcess=0x640, hModule=0x6f950000, lpmodinfo=0x281399c, cb=0xc | out: lpmodinfo=0x281399c*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0147.642] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.642] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0147.643] CoTaskMemFree (pv=0x5950bd8) [0147.643] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.643] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0147.644] CoTaskMemFree (pv=0x5950bd8) [0147.644] GetModuleInformation (in: hProcess=0x640, hModule=0x6ecf0000, lpmodinfo=0x2815ca8, cb=0xc | out: lpmodinfo=0x2815ca8*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0147.645] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.645] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0147.646] CoTaskMemFree (pv=0x5950bd8) [0147.646] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.646] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0147.647] CoTaskMemFree (pv=0x5950bd8) [0147.647] GetModuleInformation (in: hProcess=0x640, hModule=0x6de80000, lpmodinfo=0x2817e80, cb=0xc | out: lpmodinfo=0x2817e80*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0147.648] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.648] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0147.649] CoTaskMemFree (pv=0x5950bd8) [0147.649] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.649] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0147.650] CoTaskMemFree (pv=0x5950bd8) [0147.650] GetModuleInformation (in: hProcess=0x640, hModule=0x6dd70000, lpmodinfo=0x281a07c, cb=0xc | out: lpmodinfo=0x281a07c*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0147.651] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.651] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0147.652] CoTaskMemFree (pv=0x5950bd8) [0147.652] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.652] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0147.660] CoTaskMemFree (pv=0x5950bd8) [0147.660] GetModuleInformation (in: hProcess=0x640, hModule=0x6d5f0000, lpmodinfo=0x281c278, cb=0xc | out: lpmodinfo=0x281c278*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0147.661] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.661] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0147.662] CoTaskMemFree (pv=0x5950bd8) [0147.662] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.662] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0147.663] CoTaskMemFree (pv=0x5950bd8) [0147.663] GetModuleInformation (in: hProcess=0x640, hModule=0x74950000, lpmodinfo=0x281e438, cb=0xc | out: lpmodinfo=0x281e438*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0147.664] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.664] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0147.665] CoTaskMemFree (pv=0x5950bd8) [0147.665] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.665] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0147.666] CoTaskMemFree (pv=0x5950bd8) [0147.666] GetModuleInformation (in: hProcess=0x640, hModule=0x75be0000, lpmodinfo=0x2820594, cb=0xc | out: lpmodinfo=0x2820594*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0147.667] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.667] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0147.668] CoTaskMemFree (pv=0x5950bd8) [0147.668] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.668] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0147.669] CoTaskMemFree (pv=0x5950bd8) [0147.669] GetModuleInformation (in: hProcess=0x640, hModule=0x748d0000, lpmodinfo=0x28226ac, cb=0xc | out: lpmodinfo=0x28226ac*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0147.670] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.670] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0147.671] CoTaskMemFree (pv=0x5950bd8) [0147.671] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.671] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0147.672] CoTaskMemFree (pv=0x5950bd8) [0147.672] GetModuleInformation (in: hProcess=0x640, hModule=0x74970000, lpmodinfo=0x28247c4, cb=0xc | out: lpmodinfo=0x28247c4*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0147.673] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.673] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0147.674] CoTaskMemFree (pv=0x5950bd8) [0147.674] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.674] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0147.675] CoTaskMemFree (pv=0x5950bd8) [0147.675] GetModuleInformation (in: hProcess=0x640, hModule=0x738e0000, lpmodinfo=0x28268dc, cb=0xc | out: lpmodinfo=0x28268dc*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0147.676] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.676] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0147.677] CoTaskMemFree (pv=0x5950bd8) [0147.677] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.677] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0147.678] CoTaskMemFree (pv=0x5950bd8) [0147.678] GetModuleInformation (in: hProcess=0x640, hModule=0x738a0000, lpmodinfo=0x28289f4, cb=0xc | out: lpmodinfo=0x28289f4*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0147.679] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.680] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0147.681] CoTaskMemFree (pv=0x5950bd8) [0147.681] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.681] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0147.682] CoTaskMemFree (pv=0x5950bd8) [0147.682] GetModuleInformation (in: hProcess=0x640, hModule=0x75950000, lpmodinfo=0x282ab0c, cb=0xc | out: lpmodinfo=0x282ab0c*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0147.683] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.683] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0147.684] CoTaskMemFree (pv=0x5950bd8) [0147.684] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.684] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0147.686] CoTaskMemFree (pv=0x5950bd8) [0147.686] GetModuleInformation (in: hProcess=0x640, hModule=0x73990000, lpmodinfo=0x282cc1c, cb=0xc | out: lpmodinfo=0x282cc1c*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0147.687] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.687] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0147.688] CoTaskMemFree (pv=0x5950bd8) [0147.688] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.688] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0147.689] CoTaskMemFree (pv=0x5950bd8) [0147.689] GetModuleInformation (in: hProcess=0x640, hModule=0x73970000, lpmodinfo=0x282ed48, cb=0xc | out: lpmodinfo=0x282ed48*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0147.690] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.690] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0147.691] CoTaskMemFree (pv=0x5950bd8) [0147.691] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.691] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0147.692] CoTaskMemFree (pv=0x5950bd8) [0147.693] GetModuleInformation (in: hProcess=0x640, hModule=0x75960000, lpmodinfo=0x2830e60, cb=0xc | out: lpmodinfo=0x2830e60*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0147.694] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.694] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0147.695] CoTaskMemFree (pv=0x5950bd8) [0147.695] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.695] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0147.696] CoTaskMemFree (pv=0x5950bd8) [0147.696] GetModuleInformation (in: hProcess=0x640, hModule=0x76960000, lpmodinfo=0x2832f78, cb=0xc | out: lpmodinfo=0x2832f78*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0147.697] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.697] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0147.698] CoTaskMemFree (pv=0x5950bd8) [0147.698] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.698] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0147.700] CoTaskMemFree (pv=0x5950bd8) [0147.700] GetModuleInformation (in: hProcess=0x640, hModule=0x73960000, lpmodinfo=0x2835080, cb=0xc | out: lpmodinfo=0x2835080*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0147.701] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.701] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0147.702] CoTaskMemFree (pv=0x5950bd8) [0147.702] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.702] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0147.704] CoTaskMemFree (pv=0x5950bd8) [0147.704] GetModuleInformation (in: hProcess=0x640, hModule=0x747e0000, lpmodinfo=0x2837198, cb=0xc | out: lpmodinfo=0x2837198*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0147.705] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.705] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0147.706] CoTaskMemFree (pv=0x5950bd8) [0147.706] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.706] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0147.707] CoTaskMemFree (pv=0x5950bd8) [0147.707] GetModuleInformation (in: hProcess=0x640, hModule=0x747d0000, lpmodinfo=0x28392b0, cb=0xc | out: lpmodinfo=0x28392b0*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0147.709] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.709] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0147.710] CoTaskMemFree (pv=0x5950bd8) [0147.710] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.710] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0147.711] CoTaskMemFree (pv=0x5950bd8) [0147.711] GetModuleInformation (in: hProcess=0x640, hModule=0x747c0000, lpmodinfo=0x283b3d0, cb=0xc | out: lpmodinfo=0x283b3d0*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0147.712] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.712] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0147.714] CoTaskMemFree (pv=0x5950bd8) [0147.714] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.714] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0147.715] CoTaskMemFree (pv=0x5950bd8) [0147.715] GetModuleInformation (in: hProcess=0x640, hModule=0x6d590000, lpmodinfo=0x283d4e8, cb=0xc | out: lpmodinfo=0x283d4e8*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0147.717] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.717] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0147.718] CoTaskMemFree (pv=0x5950bd8) [0147.718] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.718] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0147.719] CoTaskMemFree (pv=0x5950bd8) [0147.719] GetModuleInformation (in: hProcess=0x640, hModule=0x6f900000, lpmodinfo=0x283f600, cb=0xc | out: lpmodinfo=0x283f600*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0147.721] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.721] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0147.722] CoTaskMemFree (pv=0x5950bd8) [0147.722] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.722] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0147.723] CoTaskMemFree (pv=0x5950bd8) [0147.723] GetModuleInformation (in: hProcess=0x640, hModule=0x74930000, lpmodinfo=0x2841710, cb=0xc | out: lpmodinfo=0x2841710*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0147.725] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.725] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0147.726] CoTaskMemFree (pv=0x5950bd8) [0147.726] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.726] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0147.727] CoTaskMemFree (pv=0x5950bd8) [0147.727] GetModuleInformation (in: hProcess=0x640, hModule=0x74830000, lpmodinfo=0x2843828, cb=0xc | out: lpmodinfo=0x2843828*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0147.729] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.729] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0147.730] CoTaskMemFree (pv=0x5950bd8) [0147.730] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.730] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0147.732] CoTaskMemFree (pv=0x5950bd8) [0147.732] GetModuleInformation (in: hProcess=0x640, hModule=0x74820000, lpmodinfo=0x2845948, cb=0xc | out: lpmodinfo=0x2845948*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0147.733] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.733] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0147.735] CoTaskMemFree (pv=0x5950bd8) [0147.735] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.735] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0147.736] CoTaskMemFree (pv=0x5950bd8) [0147.736] GetModuleInformation (in: hProcess=0x640, hModule=0x74940000, lpmodinfo=0x2847a60, cb=0xc | out: lpmodinfo=0x2847a60*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0147.737] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.737] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0147.739] CoTaskMemFree (pv=0x5950bd8) [0147.739] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.739] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0147.740] CoTaskMemFree (pv=0x5950bd8) [0147.740] GetModuleInformation (in: hProcess=0x640, hModule=0x6d550000, lpmodinfo=0x2849b80, cb=0xc | out: lpmodinfo=0x2849b80*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0147.742] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.742] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0147.743] CoTaskMemFree (pv=0x5950bd8) [0147.743] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.743] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0147.745] CoTaskMemFree (pv=0x5950bd8) [0147.745] GetModuleInformation (in: hProcess=0x640, hModule=0x747a0000, lpmodinfo=0x284bca0, cb=0xc | out: lpmodinfo=0x284bca0*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0147.747] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.747] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0147.749] CoTaskMemFree (pv=0x5950bd8) [0147.749] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.749] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0147.750] CoTaskMemFree (pv=0x5950bd8) [0147.750] GetModuleInformation (in: hProcess=0x640, hModule=0x74850000, lpmodinfo=0x284ddc8, cb=0xc | out: lpmodinfo=0x284ddc8*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0147.752] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.752] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0147.753] CoTaskMemFree (pv=0x5950bd8) [0147.753] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.753] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0147.755] CoTaskMemFree (pv=0x5950bd8) [0147.755] GetModuleInformation (in: hProcess=0x640, hModule=0x747b0000, lpmodinfo=0x284fee0, cb=0xc | out: lpmodinfo=0x284fee0*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0147.756] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.756] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0147.758] CoTaskMemFree (pv=0x5950bd8) [0147.758] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.758] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0147.759] CoTaskMemFree (pv=0x5950bd8) [0147.759] GetModuleInformation (in: hProcess=0x640, hModule=0x6d510000, lpmodinfo=0x2852000, cb=0xc | out: lpmodinfo=0x2852000*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0147.761] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.761] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0147.762] CoTaskMemFree (pv=0x5950bd8) [0147.762] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.762] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0147.764] CoTaskMemFree (pv=0x5950bd8) [0147.764] GetModuleInformation (in: hProcess=0x640, hModule=0x6d580000, lpmodinfo=0x2854120, cb=0xc | out: lpmodinfo=0x2854120*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0147.765] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.765] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0147.767] CoTaskMemFree (pv=0x5950bd8) [0147.767] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.767] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0147.768] CoTaskMemFree (pv=0x5950bd8) [0147.768] GetModuleInformation (in: hProcess=0x640, hModule=0x6d4d0000, lpmodinfo=0x2856238, cb=0xc | out: lpmodinfo=0x2856238*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0147.770] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.770] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0147.771] CoTaskMemFree (pv=0x5950bd8) [0147.771] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.771] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0147.773] CoTaskMemFree (pv=0x5950bd8) [0147.773] GetModuleInformation (in: hProcess=0x640, hModule=0x74ab0000, lpmodinfo=0x2858564, cb=0xc | out: lpmodinfo=0x2858564*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0147.775] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.775] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0147.776] CoTaskMemFree (pv=0x5950bd8) [0147.776] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.776] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0147.778] CoTaskMemFree (pv=0x5950bd8) [0147.778] GetModuleInformation (in: hProcess=0x640, hModule=0x76ed0000, lpmodinfo=0x285a67c, cb=0xc | out: lpmodinfo=0x285a67c*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0147.779] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.779] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0147.781] CoTaskMemFree (pv=0x5950bd8) [0147.781] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.781] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0147.783] CoTaskMemFree (pv=0x5950bd8) [0147.783] GetModuleInformation (in: hProcess=0x640, hModule=0x6d490000, lpmodinfo=0x285c794, cb=0xc | out: lpmodinfo=0x285c794*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0147.784] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.784] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0147.786] CoTaskMemFree (pv=0x5950bd8) [0147.786] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.786] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0147.787] CoTaskMemFree (pv=0x5950bd8) [0147.788] GetModuleInformation (in: hProcess=0x640, hModule=0x6d450000, lpmodinfo=0x285e8ac, cb=0xc | out: lpmodinfo=0x285e8ac*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0147.789] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.789] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0147.791] CoTaskMemFree (pv=0x5950bd8) [0147.791] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.791] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0147.792] CoTaskMemFree (pv=0x5950bd8) [0147.792] GetModuleInformation (in: hProcess=0x640, hModule=0x6d430000, lpmodinfo=0x28609ec, cb=0xc | out: lpmodinfo=0x28609ec*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0147.794] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.794] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0147.796] CoTaskMemFree (pv=0x5950bd8) [0147.796] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.796] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0147.797] CoTaskMemFree (pv=0x5950bd8) [0147.797] GetModuleInformation (in: hProcess=0x640, hModule=0x6d410000, lpmodinfo=0x2862b04, cb=0xc | out: lpmodinfo=0x2862b04*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0147.799] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.799] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0147.801] CoTaskMemFree (pv=0x5950bd8) [0147.801] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.801] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0147.802] CoTaskMemFree (pv=0x5950bd8) [0147.802] GetModuleInformation (in: hProcess=0x640, hModule=0x6d380000, lpmodinfo=0x2864c14, cb=0xc | out: lpmodinfo=0x2864c14*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0147.804] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.804] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0147.806] CoTaskMemFree (pv=0x5950bd8) [0147.806] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.806] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0147.808] CoTaskMemFree (pv=0x5950bd8) [0147.808] GetModuleInformation (in: hProcess=0x640, hModule=0x6d1f0000, lpmodinfo=0x2866df4, cb=0xc | out: lpmodinfo=0x2866df4*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0147.809] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.809] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0147.811] CoTaskMemFree (pv=0x5950bd8) [0147.811] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.811] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0147.813] CoTaskMemFree (pv=0x5950bd8) [0147.813] GetModuleInformation (in: hProcess=0x640, hModule=0x6d0f0000, lpmodinfo=0x2868fb0, cb=0xc | out: lpmodinfo=0x2868fb0*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0147.815] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.815] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0147.816] CoTaskMemFree (pv=0x5950bd8) [0147.816] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.816] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0147.818] CoTaskMemFree (pv=0x5950bd8) [0147.818] GetModuleInformation (in: hProcess=0x640, hModule=0x6c320000, lpmodinfo=0x286b0e0, cb=0xc | out: lpmodinfo=0x286b0e0*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0147.820] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.820] GetModuleBaseNameW (in: hProcess=0x640, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0147.822] CoTaskMemFree (pv=0x5950bd8) [0147.822] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0147.822] GetModuleFileNameExW (in: hProcess=0x640, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0147.823] CoTaskMemFree (pv=0x5950bd8) [0147.824] CloseHandle (hObject=0x640) returned 1 [0147.824] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0147.824] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0147.824] lstrlenA (lpString="ActivateActCtx") returned 14 [0147.824] lstrlenA (lpString="AddAtomA") returned 8 [0147.824] lstrlenA (lpString="AddAtomW") returned 8 [0147.825] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0147.825] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0147.825] lstrlenA (lpString="AddDllDirectory") returned 15 [0147.825] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0147.825] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0147.825] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0147.825] lstrlenA (lpString="AddRefActCtx") returned 12 [0147.825] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0147.825] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0147.825] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0147.826] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0147.826] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0147.826] lstrlenA (lpString="AllocConsole") returned 12 [0147.826] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0147.826] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0147.826] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0147.826] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0147.826] lstrlenA (lpString="AreFileApisANSI") returned 15 [0147.826] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0147.827] lstrlenA (lpString="AttachConsole") returned 13 [0147.827] lstrlenA (lpString="BackupRead") returned 10 [0147.827] lstrlenA (lpString="BackupSeek") returned 10 [0147.827] lstrlenA (lpString="BackupWrite") returned 11 [0147.827] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0147.827] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0147.827] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0147.827] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0147.827] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0147.827] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0147.828] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0147.828] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0147.828] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0147.828] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0147.828] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0147.828] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0147.828] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0147.828] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0147.828] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0147.828] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0147.829] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0147.829] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0147.829] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0147.829] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0147.829] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0147.829] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0147.829] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0147.829] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0147.829] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0147.830] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0147.830] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0147.830] lstrlenA (lpString="Beep") returned 4 [0147.830] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0147.830] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0147.830] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0147.830] lstrlenA (lpString="BuildCommDCBA") returned 13 [0147.830] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0147.830] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0147.830] lstrlenA (lpString="BuildCommDCBW") returned 13 [0147.831] lstrlenA (lpString="CallNamedPipeA") returned 14 [0147.831] lstrlenA (lpString="CallNamedPipeW") returned 14 [0147.831] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0147.831] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0147.831] lstrlenA (lpString="CancelIo") returned 8 [0147.831] lstrlenA (lpString="CancelIoEx") returned 10 [0147.831] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0147.831] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0147.831] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0147.831] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0147.832] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0147.832] lstrlenA (lpString="CheckElevation") returned 14 [0147.832] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0147.832] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0147.832] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0147.832] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0147.832] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0147.832] lstrlenA (lpString="ClearCommBreak") returned 14 [0147.832] lstrlenA (lpString="ClearCommError") returned 14 [0147.832] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0147.833] lstrlenA (lpString="CloseHandle") returned 11 [0147.833] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0147.833] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0147.833] lstrlenA (lpString="CloseThreadpool") returned 15 [0147.833] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0147.833] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0147.833] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0147.833] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0147.833] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0147.833] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0147.834] lstrlenA (lpString="CmdBatNotification") returned 18 [0147.834] lstrlenA (lpString="CommConfigDialogA") returned 17 [0147.834] lstrlenA (lpString="CommConfigDialogW") returned 17 [0147.834] lstrlenA (lpString="CompareCalendarDates") returned 20 [0147.834] lstrlenA (lpString="CompareFileTime") returned 15 [0147.834] lstrlenA (lpString="CompareStringA") returned 14 [0147.834] lstrlenA (lpString="CompareStringEx") returned 15 [0147.834] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0147.834] lstrlenA (lpString="CompareStringW") returned 14 [0147.834] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0147.835] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0147.835] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0147.835] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0147.835] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0147.835] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0147.835] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0147.835] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0147.835] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0147.835] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0147.835] lstrlenA (lpString="CopyContext") returned 11 [0147.836] lstrlenA (lpString="CopyFileA") returned 9 [0147.836] lstrlenA (lpString="CopyFileExA") returned 11 [0147.836] lstrlenA (lpString="CopyFileExW") returned 11 [0147.836] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0147.836] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0147.836] lstrlenA (lpString="CopyFileW") returned 9 [0147.836] lstrlenA (lpString="CopyLZFile") returned 10 [0147.836] lstrlenA (lpString="CreateActCtxA") returned 13 [0147.836] lstrlenA (lpString="CreateActCtxW") returned 13 [0147.836] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0147.837] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0147.837] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0147.837] lstrlenA (lpString="CreateDirectoryA") returned 16 [0147.837] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0147.837] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0147.837] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0147.837] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0147.837] lstrlenA (lpString="CreateDirectoryW") returned 16 [0147.837] lstrlenA (lpString="CreateEventA") returned 12 [0147.837] lstrlenA (lpString="CreateEventExA") returned 14 [0147.837] lstrlenA (lpString="CreateEventExW") returned 14 [0147.837] lstrlenA (lpString="CreateEventW") returned 12 [0147.838] lstrlenA (lpString="CreateFiber") returned 11 [0147.838] lstrlenA (lpString="CreateFiberEx") returned 13 [0147.838] lstrlenA (lpString="CreateFileA") returned 11 [0147.838] lstrlenA (lpString="CreateFileMappingA") returned 18 [0147.838] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0147.838] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0147.838] lstrlenA (lpString="CreateFileMappingW") returned 18 [0147.838] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0147.838] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0147.838] lstrlenA (lpString="CreateFileW") returned 11 [0147.838] lstrlenA (lpString="CreateHardLinkA") returned 15 [0147.838] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0147.838] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0147.838] lstrlenA (lpString="CreateHardLinkW") returned 15 [0147.839] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0147.839] lstrlenA (lpString="CreateJobObjectA") returned 16 [0147.839] lstrlenA (lpString="CreateJobObjectW") returned 16 [0147.839] lstrlenA (lpString="CreateJobSet") returned 12 [0147.839] lstrlenA (lpString="CreateMailslotA") returned 15 [0147.839] lstrlenA (lpString="CreateMailslotW") returned 15 [0147.839] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0147.839] lstrlenA (lpString="CreateMutexA") returned 12 [0147.839] lstrlenA (lpString="CreateMutexExA") returned 14 [0147.839] lstrlenA (lpString="CreateMutexExW") returned 14 [0147.839] lstrlenA (lpString="CreateMutexW") returned 12 [0147.839] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0147.839] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0147.839] lstrlenA (lpString="CreatePipe") returned 10 [0147.839] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0147.840] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0147.840] lstrlenA (lpString="CreateProcessA") returned 14 [0147.840] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0147.840] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0147.840] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0147.840] lstrlenA (lpString="CreateProcessW") returned 14 [0147.840] lstrlenA (lpString="CreateRemoteThread") returned 18 [0147.840] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0147.840] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0147.840] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0147.840] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0147.840] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0147.840] lstrlenA (lpString="CreateSocketHandle") returned 18 [0147.840] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0147.841] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0147.841] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0147.841] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0147.841] lstrlenA (lpString="CreateTapePartition") returned 19 [0147.841] lstrlenA (lpString="CreateThread") returned 12 [0147.841] lstrlenA (lpString="CreateThreadpool") returned 16 [0147.841] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0147.841] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0147.841] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0147.841] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0147.841] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0147.842] lstrlenA (lpString="CreateTimerQueue") returned 16 [0147.842] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0147.842] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0147.842] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0147.842] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0147.842] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0147.842] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0147.842] lstrlenA (lpString="CtrlRoutine") returned 11 [0147.842] lstrlenA (lpString="DeactivateActCtx") returned 16 [0147.842] lstrlenA (lpString="DebugActiveProcess") returned 18 [0147.842] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0147.842] lstrlenA (lpString="DebugBreak") returned 10 [0147.842] lstrlenA (lpString="DebugBreakProcess") returned 17 [0147.842] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0147.843] lstrlenA (lpString="DecodePointer") returned 13 [0147.843] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0147.843] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0147.843] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0147.843] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0147.843] lstrlenA (lpString="DeleteAtom") returned 10 [0147.843] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0147.843] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0147.843] lstrlenA (lpString="DeleteFiber") returned 11 [0147.843] lstrlenA (lpString="DeleteFileA") returned 11 [0147.843] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0147.843] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0147.843] lstrlenA (lpString="DeleteFileW") returned 11 [0147.843] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0147.843] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0147.844] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0147.844] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0147.844] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0147.844] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0147.844] lstrlenA (lpString="DeviceIoControl") returned 15 [0147.844] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0147.844] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0147.844] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0147.844] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0147.844] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0147.844] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0147.844] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0147.844] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0147.844] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0147.845] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0147.845] lstrlenA (lpString="DuplicateHandle") returned 15 [0147.845] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0147.845] lstrlenA (lpString="EncodePointer") returned 13 [0147.845] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0147.845] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0147.845] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0147.845] lstrlenA (lpString="EnterCriticalSection") returned 20 [0147.845] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0147.845] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0147.845] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0147.845] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0147.845] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0147.845] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0147.846] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0147.846] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0147.846] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0147.846] WriteProcessMemory (in: hProcess=0x638, lpBaseAddress=0x7efde008, lpBuffer=0x27c97f0*, nSize=0x4, lpNumberOfBytesWritten=0x287f670 | out: lpBuffer=0x27c97f0*, lpNumberOfBytesWritten=0x287f670*=0x4) returned 1 [0147.852] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x640 [0147.855] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7d0, cHandles=0x1, pHandles=0x2dc7d4*=0x640, lpdwindex=0x2dc5f8 | out: lpdwindex=0x2dc5f8) returned 0x80010115 [0149.870] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x63c [0149.870] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x1f4, cHandles=0x1, pHandles=0x2dc7d4*=0x63c, lpdwindex=0x2dc5f8 | out: lpdwindex=0x2dc5f8) returned 0x80010115 [0150.473] EnumProcessModules (in: hProcess=0x644, lphModule=0x2886da4, cb=0x100, lpcbNeeded=0x2dc654 | out: lphModule=0x2886da4, lpcbNeeded=0x2dc654) returned 1 [0150.475] EnumProcessModules (in: hProcess=0x644, lphModule=0x2886eb0, cb=0x200, lpcbNeeded=0x2dc654 | out: lphModule=0x2886eb0, lpcbNeeded=0x2dc654) returned 1 [0150.476] GetModuleInformation (in: hProcess=0x644, hModule=0x10b0000, lpmodinfo=0x28870f0, cb=0xc | out: lpmodinfo=0x28870f0*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0150.477] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.477] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x10b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0150.477] CoTaskMemFree (pv=0x5950bd8) [0150.477] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.477] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x10b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0150.477] CoTaskMemFree (pv=0x5950bd8) [0150.477] GetModuleInformation (in: hProcess=0x644, hModule=0x76f00000, lpmodinfo=0x2889240, cb=0xc | out: lpmodinfo=0x2889240*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0150.478] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.478] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76f00000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.478] CoTaskMemFree (pv=0x5950bd8) [0150.478] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.478] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76f00000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0150.478] CoTaskMemFree (pv=0x5950bd8) [0150.478] GetModuleInformation (in: hProcess=0x644, hModule=0x73500000, lpmodinfo=0x288b350, cb=0xc | out: lpmodinfo=0x288b350*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0150.478] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.478] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73500000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0150.479] CoTaskMemFree (pv=0x5950bd8) [0150.479] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.479] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73500000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0150.479] CoTaskMemFree (pv=0x5950bd8) [0150.479] GetModuleInformation (in: hProcess=0x644, hModule=0x752b0000, lpmodinfo=0x288d468, cb=0xc | out: lpmodinfo=0x288d468*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0150.479] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.479] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x752b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0150.480] CoTaskMemFree (pv=0x5950bd8) [0150.480] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.480] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x752b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0150.480] CoTaskMemFree (pv=0x5950bd8) [0150.480] GetModuleInformation (in: hProcess=0x644, hModule=0x753c0000, lpmodinfo=0x288f588, cb=0xc | out: lpmodinfo=0x288f588*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0150.480] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.480] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x753c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0150.481] CoTaskMemFree (pv=0x5950bd8) [0150.481] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.481] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x753c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0150.481] CoTaskMemFree (pv=0x5950bd8) [0150.481] GetModuleInformation (in: hProcess=0x644, hModule=0x76a60000, lpmodinfo=0x28916dc, cb=0xc | out: lpmodinfo=0x28916dc*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0150.481] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.481] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76a60000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0150.482] CoTaskMemFree (pv=0x5950bd8) [0150.482] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.482] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76a60000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0150.482] CoTaskMemFree (pv=0x5950bd8) [0150.482] GetModuleInformation (in: hProcess=0x644, hModule=0x75410000, lpmodinfo=0x28937fc, cb=0xc | out: lpmodinfo=0x28937fc*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0150.483] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.483] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0150.483] CoTaskMemFree (pv=0x5950bd8) [0150.483] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.483] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0150.483] CoTaskMemFree (pv=0x5950bd8) [0150.483] GetModuleInformation (in: hProcess=0x644, hModule=0x759a0000, lpmodinfo=0x2895914, cb=0xc | out: lpmodinfo=0x2895914*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0150.484] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.484] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x759a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0150.484] CoTaskMemFree (pv=0x5950bd8) [0150.484] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.484] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x759a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0150.485] CoTaskMemFree (pv=0x5950bd8) [0150.485] GetModuleInformation (in: hProcess=0x644, hModule=0x76970000, lpmodinfo=0x2897a2c, cb=0xc | out: lpmodinfo=0x2897a2c*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0150.485] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.485] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0150.485] CoTaskMemFree (pv=0x5950bd8) [0150.485] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.485] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0150.486] CoTaskMemFree (pv=0x5950bd8) [0150.486] GetModuleInformation (in: hProcess=0x644, hModule=0x74a50000, lpmodinfo=0x2899b90, cb=0xc | out: lpmodinfo=0x2899b90*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0150.486] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.486] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74a50000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0150.487] CoTaskMemFree (pv=0x5950bd8) [0150.487] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.487] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74a50000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0150.487] CoTaskMemFree (pv=0x5950bd8) [0150.487] GetModuleInformation (in: hProcess=0x644, hModule=0x74a40000, lpmodinfo=0x289bca8, cb=0xc | out: lpmodinfo=0x289bca8*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0150.488] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.488] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74a40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0150.488] CoTaskMemFree (pv=0x5950bd8) [0150.488] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.488] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74a40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0150.489] CoTaskMemFree (pv=0x5950bd8) [0150.489] GetModuleInformation (in: hProcess=0x644, hModule=0x733b0000, lpmodinfo=0x289ddc8, cb=0xc | out: lpmodinfo=0x289ddc8*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0150.489] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.489] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x733b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0150.490] CoTaskMemFree (pv=0x5950bd8) [0150.490] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.490] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x733b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0150.490] CoTaskMemFree (pv=0x5950bd8) [0150.490] GetModuleInformation (in: hProcess=0x644, hModule=0x734f0000, lpmodinfo=0x289ff1c, cb=0xc | out: lpmodinfo=0x289ff1c*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0150.490] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.491] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x734f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0150.491] CoTaskMemFree (pv=0x5950bd8) [0150.491] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.491] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x734f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0150.492] CoTaskMemFree (pv=0x5950bd8) [0150.492] GetModuleInformation (in: hProcess=0x644, hModule=0x751c0000, lpmodinfo=0x28a208c, cb=0xc | out: lpmodinfo=0x28a208c*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0150.492] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.492] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x751c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0150.493] CoTaskMemFree (pv=0x5950bd8) [0150.493] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.493] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x751c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0150.493] CoTaskMemFree (pv=0x5950bd8) [0150.493] GetModuleInformation (in: hProcess=0x644, hModule=0x75220000, lpmodinfo=0x28a41a4, cb=0xc | out: lpmodinfo=0x28a41a4*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0150.494] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.494] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75220000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0150.494] CoTaskMemFree (pv=0x5950bd8) [0150.495] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.495] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75220000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0150.495] CoTaskMemFree (pv=0x5950bd8) [0150.495] GetModuleInformation (in: hProcess=0x644, hModule=0x76860000, lpmodinfo=0x28a62b4, cb=0xc | out: lpmodinfo=0x28a62b4*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0150.496] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.496] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76860000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0150.496] CoTaskMemFree (pv=0x5950bd8) [0150.496] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.496] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76860000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0150.497] CoTaskMemFree (pv=0x5950bd8) [0150.497] GetModuleInformation (in: hProcess=0x644, hModule=0x759c0000, lpmodinfo=0x28a83cc, cb=0xc | out: lpmodinfo=0x28a83cc*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0150.497] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.497] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x759c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0150.498] CoTaskMemFree (pv=0x5950bd8) [0150.498] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.498] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x759c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0150.498] CoTaskMemFree (pv=0x5950bd8) [0150.499] GetModuleInformation (in: hProcess=0x644, hModule=0x74d40000, lpmodinfo=0x28aa560, cb=0xc | out: lpmodinfo=0x28aa560*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0150.499] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.499] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74d40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0150.500] CoTaskMemFree (pv=0x5950bd8) [0150.500] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.500] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74d40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0150.500] CoTaskMemFree (pv=0x5950bd8) [0150.500] GetModuleInformation (in: hProcess=0x644, hModule=0x75550000, lpmodinfo=0x28ac670, cb=0xc | out: lpmodinfo=0x28ac670*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0150.501] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.501] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0150.502] CoTaskMemFree (pv=0x5950bd8) [0150.502] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.502] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0150.502] CoTaskMemFree (pv=0x5950bd8) [0150.502] GetModuleInformation (in: hProcess=0x644, hModule=0x74c40000, lpmodinfo=0x28ae780, cb=0xc | out: lpmodinfo=0x28ae780*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0150.503] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.503] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74c40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0150.503] CoTaskMemFree (pv=0x5950bd8) [0150.503] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.504] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74c40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0150.504] CoTaskMemFree (pv=0x5950bd8) [0150.504] GetModuleInformation (in: hProcess=0x644, hModule=0x733a0000, lpmodinfo=0x28b0890, cb=0xc | out: lpmodinfo=0x28b0890*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0150.505] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.505] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x733a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0150.505] CoTaskMemFree (pv=0x5950bd8) [0150.505] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.505] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x733a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0150.506] CoTaskMemFree (pv=0x5950bd8) [0150.506] GetModuleInformation (in: hProcess=0x644, hModule=0x71770000, lpmodinfo=0x28b29a8, cb=0xc | out: lpmodinfo=0x28b29a8*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0150.507] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.507] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x71770000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0150.507] CoTaskMemFree (pv=0x5950bd8) [0150.507] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.507] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x71770000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0150.508] CoTaskMemFree (pv=0x5950bd8) [0150.508] GetModuleInformation (in: hProcess=0x644, hModule=0x73600000, lpmodinfo=0x28b4ae4, cb=0xc | out: lpmodinfo=0x28b4ae4*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0150.509] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.509] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73600000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0150.509] CoTaskMemFree (pv=0x5950bd8) [0150.509] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.509] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73600000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0150.510] CoTaskMemFree (pv=0x5950bd8) [0150.510] GetModuleInformation (in: hProcess=0x644, hModule=0x73550000, lpmodinfo=0x28b6c34, cb=0xc | out: lpmodinfo=0x28b6c34*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0150.511] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.511] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0150.512] CoTaskMemFree (pv=0x5950bd8) [0150.512] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.512] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0150.512] CoTaskMemFree (pv=0x5950bd8) [0150.512] GetModuleInformation (in: hProcess=0x644, hModule=0x70360000, lpmodinfo=0x28b8d80, cb=0xc | out: lpmodinfo=0x28b8d80*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0150.513] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.513] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x70360000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0150.514] CoTaskMemFree (pv=0x5950bd8) [0150.514] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.514] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x70360000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0150.515] CoTaskMemFree (pv=0x5950bd8) [0150.515] GetModuleInformation (in: hProcess=0x644, hModule=0x75740000, lpmodinfo=0x28baf34, cb=0xc | out: lpmodinfo=0x28baf34*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0150.515] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.515] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75740000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0150.516] CoTaskMemFree (pv=0x5950bd8) [0150.516] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.516] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75740000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0150.517] CoTaskMemFree (pv=0x5950bd8) [0150.517] GetModuleInformation (in: hProcess=0x644, hModule=0x73a10000, lpmodinfo=0x28bd044, cb=0xc | out: lpmodinfo=0x28bd044*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0150.518] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.518] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73a10000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0150.518] CoTaskMemFree (pv=0x5950bd8) [0150.518] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.519] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73a10000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0150.519] CoTaskMemFree (pv=0x5950bd8) [0150.519] GetModuleInformation (in: hProcess=0x644, hModule=0x74a20000, lpmodinfo=0x28bf15c, cb=0xc | out: lpmodinfo=0x28bf15c*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0150.520] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.520] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74a20000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0150.521] CoTaskMemFree (pv=0x5950bd8) [0150.521] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.521] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74a20000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0150.522] CoTaskMemFree (pv=0x5950bd8) [0150.522] GetModuleInformation (in: hProcess=0x644, hModule=0x74990000, lpmodinfo=0x28c12cc, cb=0xc | out: lpmodinfo=0x28c12cc*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0150.523] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.523] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0150.523] CoTaskMemFree (pv=0x5950bd8) [0150.523] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.523] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0150.524] CoTaskMemFree (pv=0x5950bd8) [0150.524] GetModuleInformation (in: hProcess=0x644, hModule=0x75130000, lpmodinfo=0x28c3418, cb=0xc | out: lpmodinfo=0x28c3418*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0150.525] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.525] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75130000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0150.526] CoTaskMemFree (pv=0x5950bd8) [0150.526] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.526] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75130000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0150.527] CoTaskMemFree (pv=0x5950bd8) [0150.527] GetModuleInformation (in: hProcess=0x644, hModule=0x6eea0000, lpmodinfo=0x28c5538, cb=0xc | out: lpmodinfo=0x28c5538*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0150.528] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.528] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6eea0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0150.528] CoTaskMemFree (pv=0x5950bd8) [0150.529] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.529] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6eea0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0150.529] CoTaskMemFree (pv=0x5950bd8) [0150.529] GetModuleInformation (in: hProcess=0x644, hModule=0x6fb40000, lpmodinfo=0x28c76e0, cb=0xc | out: lpmodinfo=0x28c76e0*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0150.530] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.530] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6fb40000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0150.531] CoTaskMemFree (pv=0x5950bd8) [0150.531] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.531] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6fb40000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0150.532] CoTaskMemFree (pv=0x5950bd8) [0150.532] GetModuleInformation (in: hProcess=0x644, hModule=0x6f950000, lpmodinfo=0x28c98a8, cb=0xc | out: lpmodinfo=0x28c98a8*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0150.533] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.533] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6f950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0150.534] CoTaskMemFree (pv=0x5950bd8) [0150.534] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.534] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6f950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0150.535] CoTaskMemFree (pv=0x5950bd8) [0150.535] GetModuleInformation (in: hProcess=0x644, hModule=0x6ecf0000, lpmodinfo=0x28cbbb4, cb=0xc | out: lpmodinfo=0x28cbbb4*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0150.536] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.536] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6ecf0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0150.537] CoTaskMemFree (pv=0x5950bd8) [0150.537] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.537] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6ecf0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0150.538] CoTaskMemFree (pv=0x5950bd8) [0150.538] GetModuleInformation (in: hProcess=0x644, hModule=0x6de80000, lpmodinfo=0x28cdd8c, cb=0xc | out: lpmodinfo=0x28cdd8c*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0150.539] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.539] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6de80000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0150.540] CoTaskMemFree (pv=0x5950bd8) [0150.540] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.540] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6de80000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0150.541] CoTaskMemFree (pv=0x5950bd8) [0150.541] GetModuleInformation (in: hProcess=0x644, hModule=0x6dd70000, lpmodinfo=0x28cff88, cb=0xc | out: lpmodinfo=0x28cff88*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0150.541] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.541] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6dd70000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0150.542] CoTaskMemFree (pv=0x5950bd8) [0150.542] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.543] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6dd70000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0150.543] CoTaskMemFree (pv=0x5950bd8) [0150.543] GetModuleInformation (in: hProcess=0x644, hModule=0x6d5f0000, lpmodinfo=0x28d2184, cb=0xc | out: lpmodinfo=0x28d2184*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0150.544] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.544] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d5f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0150.545] CoTaskMemFree (pv=0x5950bd8) [0150.545] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.545] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d5f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0150.546] CoTaskMemFree (pv=0x5950bd8) [0150.546] GetModuleInformation (in: hProcess=0x644, hModule=0x74950000, lpmodinfo=0x28d4344, cb=0xc | out: lpmodinfo=0x28d4344*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0150.547] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.547] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0150.548] CoTaskMemFree (pv=0x5950bd8) [0150.548] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.548] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0150.549] CoTaskMemFree (pv=0x5950bd8) [0150.549] GetModuleInformation (in: hProcess=0x644, hModule=0x75be0000, lpmodinfo=0x28d64a0, cb=0xc | out: lpmodinfo=0x28d64a0*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0150.550] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.550] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75be0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0150.551] CoTaskMemFree (pv=0x5950bd8) [0150.552] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.552] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75be0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0150.552] CoTaskMemFree (pv=0x5950bd8) [0150.553] GetModuleInformation (in: hProcess=0x644, hModule=0x748d0000, lpmodinfo=0x28d85b8, cb=0xc | out: lpmodinfo=0x28d85b8*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0150.553] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.554] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x748d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0150.555] CoTaskMemFree (pv=0x5950bd8) [0150.555] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.555] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x748d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0150.555] CoTaskMemFree (pv=0x5950bd8) [0150.555] GetModuleInformation (in: hProcess=0x644, hModule=0x74970000, lpmodinfo=0x28da6d0, cb=0xc | out: lpmodinfo=0x28da6d0*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0150.556] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.556] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0150.557] CoTaskMemFree (pv=0x5950bd8) [0150.557] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.557] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0150.558] CoTaskMemFree (pv=0x5950bd8) [0150.558] GetModuleInformation (in: hProcess=0x644, hModule=0x738e0000, lpmodinfo=0x28dc7e8, cb=0xc | out: lpmodinfo=0x28dc7e8*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0150.559] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.559] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x738e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0150.560] CoTaskMemFree (pv=0x5950bd8) [0150.560] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.560] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x738e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0150.561] CoTaskMemFree (pv=0x5950bd8) [0150.561] GetModuleInformation (in: hProcess=0x644, hModule=0x738a0000, lpmodinfo=0x28de900, cb=0xc | out: lpmodinfo=0x28de900*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0150.562] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.562] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x738a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0150.563] CoTaskMemFree (pv=0x5950bd8) [0150.563] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.563] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x738a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0150.564] CoTaskMemFree (pv=0x5950bd8) [0150.564] GetModuleInformation (in: hProcess=0x644, hModule=0x75950000, lpmodinfo=0x28e0a18, cb=0xc | out: lpmodinfo=0x28e0a18*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0150.565] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.565] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75950000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0150.569] CoTaskMemFree (pv=0x5950bd8) [0150.569] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.569] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75950000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0150.570] CoTaskMemFree (pv=0x5950bd8) [0150.570] GetModuleInformation (in: hProcess=0x644, hModule=0x73990000, lpmodinfo=0x28e2b28, cb=0xc | out: lpmodinfo=0x28e2b28*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0150.571] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.571] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73990000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0150.572] CoTaskMemFree (pv=0x5950bd8) [0150.572] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.572] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73990000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0150.573] CoTaskMemFree (pv=0x5950bd8) [0150.574] GetModuleInformation (in: hProcess=0x644, hModule=0x73970000, lpmodinfo=0x28e4c48, cb=0xc | out: lpmodinfo=0x28e4c48*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0150.575] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.575] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73970000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0150.576] CoTaskMemFree (pv=0x5950bd8) [0150.576] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.576] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73970000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0150.577] CoTaskMemFree (pv=0x5950bd8) [0150.577] GetModuleInformation (in: hProcess=0x644, hModule=0x75960000, lpmodinfo=0x28e6d6c, cb=0xc | out: lpmodinfo=0x28e6d6c*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0150.578] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.578] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x75960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0150.579] CoTaskMemFree (pv=0x5950bd8) [0150.580] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.580] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x75960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0150.581] CoTaskMemFree (pv=0x5950bd8) [0150.581] GetModuleInformation (in: hProcess=0x644, hModule=0x76960000, lpmodinfo=0x28e8e84, cb=0xc | out: lpmodinfo=0x28e8e84*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0150.582] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.582] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0150.583] CoTaskMemFree (pv=0x5950bd8) [0150.583] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.583] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0150.584] CoTaskMemFree (pv=0x5950bd8) [0150.584] GetModuleInformation (in: hProcess=0x644, hModule=0x73960000, lpmodinfo=0x28eaf8c, cb=0xc | out: lpmodinfo=0x28eaf8c*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0150.586] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.586] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x73960000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0150.587] CoTaskMemFree (pv=0x5950bd8) [0150.628] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.628] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x73960000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0150.629] CoTaskMemFree (pv=0x5950bd8) [0150.629] GetModuleInformation (in: hProcess=0x644, hModule=0x747e0000, lpmodinfo=0x265a8a0, cb=0xc | out: lpmodinfo=0x265a8a0*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0150.630] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.630] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x747e0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0150.632] CoTaskMemFree (pv=0x5950bd8) [0150.632] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.632] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x747e0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0150.633] CoTaskMemFree (pv=0x5950bd8) [0150.633] GetModuleInformation (in: hProcess=0x644, hModule=0x747d0000, lpmodinfo=0x265c9b8, cb=0xc | out: lpmodinfo=0x265c9b8*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0150.634] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.634] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x747d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0150.636] CoTaskMemFree (pv=0x5950bd8) [0150.636] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.636] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x747d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0150.637] CoTaskMemFree (pv=0x5950bd8) [0150.637] GetModuleInformation (in: hProcess=0x644, hModule=0x747c0000, lpmodinfo=0x265ead8, cb=0xc | out: lpmodinfo=0x265ead8*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0150.638] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.638] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x747c0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0150.640] CoTaskMemFree (pv=0x5950bd8) [0150.640] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.640] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x747c0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0150.641] CoTaskMemFree (pv=0x5950bd8) [0150.641] GetModuleInformation (in: hProcess=0x644, hModule=0x6d590000, lpmodinfo=0x2660bf0, cb=0xc | out: lpmodinfo=0x2660bf0*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0150.642] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.642] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d590000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0150.644] CoTaskMemFree (pv=0x5950bd8) [0150.644] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.644] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d590000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0150.645] CoTaskMemFree (pv=0x5950bd8) [0150.645] GetModuleInformation (in: hProcess=0x644, hModule=0x6f900000, lpmodinfo=0x2662d08, cb=0xc | out: lpmodinfo=0x2662d08*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0150.646] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.646] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6f900000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0150.653] CoTaskMemFree (pv=0x5950bd8) [0150.653] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.653] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6f900000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0150.654] CoTaskMemFree (pv=0x5950bd8) [0150.654] GetModuleInformation (in: hProcess=0x644, hModule=0x74930000, lpmodinfo=0x2664e18, cb=0xc | out: lpmodinfo=0x2664e18*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0150.655] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.655] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74930000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0150.657] CoTaskMemFree (pv=0x5950bd8) [0150.657] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.657] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74930000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0150.658] CoTaskMemFree (pv=0x5950bd8) [0150.658] GetModuleInformation (in: hProcess=0x644, hModule=0x74830000, lpmodinfo=0x2666f30, cb=0xc | out: lpmodinfo=0x2666f30*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0150.659] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.659] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74830000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0150.661] CoTaskMemFree (pv=0x5950bd8) [0150.661] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.661] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74830000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0150.662] CoTaskMemFree (pv=0x5950bd8) [0150.662] GetModuleInformation (in: hProcess=0x644, hModule=0x74820000, lpmodinfo=0x2669050, cb=0xc | out: lpmodinfo=0x2669050*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0150.664] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.664] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74820000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0150.665] CoTaskMemFree (pv=0x5950bd8) [0150.665] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.665] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74820000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0150.667] CoTaskMemFree (pv=0x5950bd8) [0150.667] GetModuleInformation (in: hProcess=0x644, hModule=0x74940000, lpmodinfo=0x266b168, cb=0xc | out: lpmodinfo=0x266b168*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0150.668] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.668] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74940000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0150.670] CoTaskMemFree (pv=0x5950bd8) [0150.670] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.670] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74940000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0150.671] CoTaskMemFree (pv=0x5950bd8) [0150.671] GetModuleInformation (in: hProcess=0x644, hModule=0x6d550000, lpmodinfo=0x266d288, cb=0xc | out: lpmodinfo=0x266d288*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0150.673] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.673] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d550000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0150.674] CoTaskMemFree (pv=0x5950bd8) [0150.674] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.674] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d550000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0150.675] CoTaskMemFree (pv=0x5950bd8) [0150.675] GetModuleInformation (in: hProcess=0x644, hModule=0x747a0000, lpmodinfo=0x266f3a8, cb=0xc | out: lpmodinfo=0x266f3a8*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0150.677] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.677] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x747a0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0150.681] CoTaskMemFree (pv=0x5950bd8) [0150.681] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.681] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x747a0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0150.683] CoTaskMemFree (pv=0x5950bd8) [0150.683] GetModuleInformation (in: hProcess=0x644, hModule=0x74850000, lpmodinfo=0x26714d0, cb=0xc | out: lpmodinfo=0x26714d0*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0150.685] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.685] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74850000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0150.686] CoTaskMemFree (pv=0x5950bd8) [0150.686] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.686] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74850000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0150.688] CoTaskMemFree (pv=0x5950bd8) [0150.688] GetModuleInformation (in: hProcess=0x644, hModule=0x747b0000, lpmodinfo=0x26735e8, cb=0xc | out: lpmodinfo=0x26735e8*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0150.689] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.689] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x747b0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0150.691] CoTaskMemFree (pv=0x5950bd8) [0150.691] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.691] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x747b0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0150.692] CoTaskMemFree (pv=0x5950bd8) [0150.692] GetModuleInformation (in: hProcess=0x644, hModule=0x6d510000, lpmodinfo=0x2675708, cb=0xc | out: lpmodinfo=0x2675708*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0150.694] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.694] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d510000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0150.695] CoTaskMemFree (pv=0x5950bd8) [0150.695] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.695] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d510000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0150.697] CoTaskMemFree (pv=0x5950bd8) [0150.697] GetModuleInformation (in: hProcess=0x644, hModule=0x6d580000, lpmodinfo=0x2677834, cb=0xc | out: lpmodinfo=0x2677834*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0150.699] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.699] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d580000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0150.700] CoTaskMemFree (pv=0x5950bd8) [0150.700] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.700] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d580000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0150.702] CoTaskMemFree (pv=0x5950bd8) [0150.702] GetModuleInformation (in: hProcess=0x644, hModule=0x6d4d0000, lpmodinfo=0x267994c, cb=0xc | out: lpmodinfo=0x267994c*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0150.703] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.704] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d4d0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0150.705] CoTaskMemFree (pv=0x5950bd8) [0150.705] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.705] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d4d0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0150.707] CoTaskMemFree (pv=0x5950bd8) [0150.707] GetModuleInformation (in: hProcess=0x644, hModule=0x74ab0000, lpmodinfo=0x267bc78, cb=0xc | out: lpmodinfo=0x267bc78*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0150.708] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.708] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x74ab0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0150.710] CoTaskMemFree (pv=0x5950bd8) [0150.710] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.710] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x74ab0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0150.712] CoTaskMemFree (pv=0x5950bd8) [0150.712] GetModuleInformation (in: hProcess=0x644, hModule=0x76ed0000, lpmodinfo=0x267dd90, cb=0xc | out: lpmodinfo=0x267dd90*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0150.713] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.713] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x76ed0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0150.715] CoTaskMemFree (pv=0x5950bd8) [0150.715] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.715] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x76ed0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0150.717] CoTaskMemFree (pv=0x5950bd8) [0150.717] GetModuleInformation (in: hProcess=0x644, hModule=0x6d490000, lpmodinfo=0x267fea8, cb=0xc | out: lpmodinfo=0x267fea8*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0150.718] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.718] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d490000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0150.720] CoTaskMemFree (pv=0x5950bd8) [0150.720] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.720] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d490000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0150.722] CoTaskMemFree (pv=0x5950bd8) [0150.722] GetModuleInformation (in: hProcess=0x644, hModule=0x6d450000, lpmodinfo=0x2681fc0, cb=0xc | out: lpmodinfo=0x2681fc0*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0150.723] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.723] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d450000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0150.725] CoTaskMemFree (pv=0x5950bd8) [0150.725] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.725] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d450000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0150.727] CoTaskMemFree (pv=0x5950bd8) [0150.727] GetModuleInformation (in: hProcess=0x644, hModule=0x6d430000, lpmodinfo=0x2684100, cb=0xc | out: lpmodinfo=0x2684100*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0150.728] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.728] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d430000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0150.730] CoTaskMemFree (pv=0x5950bd8) [0150.730] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.730] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d430000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0150.732] CoTaskMemFree (pv=0x5950bd8) [0150.732] GetModuleInformation (in: hProcess=0x644, hModule=0x6d410000, lpmodinfo=0x2686218, cb=0xc | out: lpmodinfo=0x2686218*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0150.733] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.733] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d410000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0150.735] CoTaskMemFree (pv=0x5950bd8) [0150.735] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.735] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d410000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0150.737] CoTaskMemFree (pv=0x5950bd8) [0150.737] GetModuleInformation (in: hProcess=0x644, hModule=0x6d380000, lpmodinfo=0x2688328, cb=0xc | out: lpmodinfo=0x2688328*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0150.739] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.739] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d380000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0150.740] CoTaskMemFree (pv=0x5950bd8) [0150.741] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.741] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d380000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0150.743] CoTaskMemFree (pv=0x5950bd8) [0150.743] GetModuleInformation (in: hProcess=0x644, hModule=0x6d1f0000, lpmodinfo=0x268a4fc, cb=0xc | out: lpmodinfo=0x268a4fc*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0150.744] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.744] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d1f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0150.746] CoTaskMemFree (pv=0x5950bd8) [0150.746] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.746] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d1f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0150.748] CoTaskMemFree (pv=0x5950bd8) [0150.748] GetModuleInformation (in: hProcess=0x644, hModule=0x6d0f0000, lpmodinfo=0x268c6b8, cb=0xc | out: lpmodinfo=0x268c6b8*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0150.750] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.750] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6d0f0000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0150.752] CoTaskMemFree (pv=0x5950bd8) [0150.752] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.752] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6d0f0000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0150.754] CoTaskMemFree (pv=0x5950bd8) [0150.754] GetModuleInformation (in: hProcess=0x644, hModule=0x6c320000, lpmodinfo=0x268e7e8, cb=0xc | out: lpmodinfo=0x268e7e8*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0150.755] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.755] GetModuleBaseNameW (in: hProcess=0x644, hModule=0x6c320000, lpBaseName=0x5950bd8, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0150.757] CoTaskMemFree (pv=0x5950bd8) [0150.757] CoTaskMemAlloc (cb=0x804) returned 0x5950bd8 [0150.757] GetModuleFileNameExW (in: hProcess=0x644, hModule=0x6c320000, lpFilename=0x5950bd8, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0150.759] CoTaskMemFree (pv=0x5950bd8) [0150.759] CloseHandle (hObject=0x644) returned 1 [0150.772] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0150.772] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0150.772] lstrlenA (lpString="ActivateActCtx") returned 14 [0150.772] lstrlenA (lpString="AddAtomA") returned 8 [0150.772] lstrlenA (lpString="AddAtomW") returned 8 [0150.772] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0150.772] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0150.772] lstrlenA (lpString="AddDllDirectory") returned 15 [0150.773] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0150.773] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0150.773] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0150.773] lstrlenA (lpString="AddRefActCtx") returned 12 [0150.773] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0150.773] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0150.773] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0150.773] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0150.773] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0150.773] lstrlenA (lpString="AllocConsole") returned 12 [0150.774] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0150.774] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0150.774] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0150.774] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0150.774] lstrlenA (lpString="AreFileApisANSI") returned 15 [0150.774] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0150.774] lstrlenA (lpString="AttachConsole") returned 13 [0150.774] lstrlenA (lpString="BackupRead") returned 10 [0150.774] lstrlenA (lpString="BackupSeek") returned 10 [0150.775] lstrlenA (lpString="BackupWrite") returned 11 [0150.775] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0150.775] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0150.775] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0150.775] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0150.775] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0150.775] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0150.775] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0150.775] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0150.775] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0150.776] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0150.776] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0150.776] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0150.776] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0150.776] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0150.776] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0150.776] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0150.776] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0150.776] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0150.776] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0150.777] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0150.777] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0150.777] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0150.777] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0150.777] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0150.777] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0150.777] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0150.777] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0150.777] lstrlenA (lpString="Beep") returned 4 [0150.777] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0150.778] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0150.778] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0150.778] lstrlenA (lpString="BuildCommDCBA") returned 13 [0150.778] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0150.778] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0150.778] lstrlenA (lpString="BuildCommDCBW") returned 13 [0150.778] lstrlenA (lpString="CallNamedPipeA") returned 14 [0150.778] lstrlenA (lpString="CallNamedPipeW") returned 14 [0150.778] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0150.779] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0150.779] lstrlenA (lpString="CancelIo") returned 8 [0150.779] lstrlenA (lpString="CancelIoEx") returned 10 [0150.779] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0150.779] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0150.779] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0150.779] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0150.779] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0150.779] lstrlenA (lpString="CheckElevation") returned 14 [0150.779] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0150.780] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0150.780] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0150.780] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0150.780] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0150.780] lstrlenA (lpString="ClearCommBreak") returned 14 [0150.780] lstrlenA (lpString="ClearCommError") returned 14 [0150.780] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0150.780] lstrlenA (lpString="CloseHandle") returned 11 [0150.780] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0150.780] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0150.781] lstrlenA (lpString="CloseThreadpool") returned 15 [0150.781] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0150.781] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0150.781] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0150.781] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0150.781] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0150.781] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0150.781] lstrlenA (lpString="CmdBatNotification") returned 18 [0150.781] lstrlenA (lpString="CommConfigDialogA") returned 17 [0150.782] lstrlenA (lpString="CommConfigDialogW") returned 17 [0150.782] lstrlenA (lpString="CompareCalendarDates") returned 20 [0150.782] lstrlenA (lpString="CompareFileTime") returned 15 [0150.782] lstrlenA (lpString="CompareStringA") returned 14 [0150.782] lstrlenA (lpString="CompareStringEx") returned 15 [0150.782] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0150.782] lstrlenA (lpString="CompareStringW") returned 14 [0150.782] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0150.782] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0150.782] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0150.783] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0150.783] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0150.783] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0150.783] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0150.783] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0150.783] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0150.783] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0150.783] lstrlenA (lpString="CopyContext") returned 11 [0150.783] lstrlenA (lpString="CopyFileA") returned 9 [0150.783] lstrlenA (lpString="CopyFileExA") returned 11 [0150.784] lstrlenA (lpString="CopyFileExW") returned 11 [0150.784] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0150.784] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0150.784] lstrlenA (lpString="CopyFileW") returned 9 [0150.784] lstrlenA (lpString="CopyLZFile") returned 10 [0150.784] lstrlenA (lpString="CreateActCtxA") returned 13 [0150.784] lstrlenA (lpString="CreateActCtxW") returned 13 [0150.784] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0150.784] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0150.785] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0150.785] lstrlenA (lpString="CreateDirectoryA") returned 16 [0150.785] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0150.785] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0150.785] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0150.785] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0150.785] lstrlenA (lpString="CreateDirectoryW") returned 16 [0150.785] lstrlenA (lpString="CreateEventA") returned 12 [0150.785] lstrlenA (lpString="CreateEventExA") returned 14 [0150.785] lstrlenA (lpString="CreateEventExW") returned 14 [0150.785] lstrlenA (lpString="CreateEventW") returned 12 [0150.785] lstrlenA (lpString="CreateFiber") returned 11 [0150.785] lstrlenA (lpString="CreateFiberEx") returned 13 [0150.786] lstrlenA (lpString="CreateFileA") returned 11 [0150.786] lstrlenA (lpString="CreateFileMappingA") returned 18 [0150.786] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0150.786] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0150.786] lstrlenA (lpString="CreateFileMappingW") returned 18 [0150.786] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0150.786] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0150.786] lstrlenA (lpString="CreateFileW") returned 11 [0150.786] lstrlenA (lpString="CreateHardLinkA") returned 15 [0150.786] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0150.786] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0150.787] lstrlenA (lpString="CreateHardLinkW") returned 15 [0150.787] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0150.787] lstrlenA (lpString="CreateJobObjectA") returned 16 [0150.787] lstrlenA (lpString="CreateJobObjectW") returned 16 [0150.787] lstrlenA (lpString="CreateJobSet") returned 12 [0150.787] lstrlenA (lpString="CreateMailslotA") returned 15 [0150.787] lstrlenA (lpString="CreateMailslotW") returned 15 [0150.787] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0150.787] lstrlenA (lpString="CreateMutexA") returned 12 [0150.787] lstrlenA (lpString="CreateMutexExA") returned 14 [0150.787] lstrlenA (lpString="CreateMutexExW") returned 14 [0150.787] lstrlenA (lpString="CreateMutexW") returned 12 [0150.787] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0150.787] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0150.787] lstrlenA (lpString="CreatePipe") returned 10 [0150.788] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0150.788] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0150.788] lstrlenA (lpString="CreateProcessA") returned 14 [0150.788] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0150.788] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0150.788] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0150.788] lstrlenA (lpString="CreateProcessW") returned 14 [0150.788] lstrlenA (lpString="CreateRemoteThread") returned 18 [0150.788] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0150.788] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0150.788] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0150.788] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0150.788] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0150.789] lstrlenA (lpString="CreateSocketHandle") returned 18 [0150.789] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0150.789] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0150.789] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0150.789] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0150.789] lstrlenA (lpString="CreateTapePartition") returned 19 [0150.789] lstrlenA (lpString="CreateThread") returned 12 [0150.789] lstrlenA (lpString="CreateThreadpool") returned 16 [0150.789] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0150.789] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0150.789] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0150.789] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0150.789] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0150.790] lstrlenA (lpString="CreateTimerQueue") returned 16 [0150.790] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0150.790] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0150.790] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0150.790] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0150.790] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0150.790] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0150.790] lstrlenA (lpString="CtrlRoutine") returned 11 [0150.790] lstrlenA (lpString="DeactivateActCtx") returned 16 [0150.790] lstrlenA (lpString="DebugActiveProcess") returned 18 [0150.790] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0150.790] lstrlenA (lpString="DebugBreak") returned 10 [0150.790] lstrlenA (lpString="DebugBreakProcess") returned 17 [0150.790] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0150.791] lstrlenA (lpString="DecodePointer") returned 13 [0150.791] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0150.791] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0150.791] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0150.791] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0150.791] lstrlenA (lpString="DeleteAtom") returned 10 [0150.791] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0150.791] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0150.791] lstrlenA (lpString="DeleteFiber") returned 11 [0150.791] lstrlenA (lpString="DeleteFileA") returned 11 [0150.791] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0150.791] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0150.791] lstrlenA (lpString="DeleteFileW") returned 11 [0150.791] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0150.792] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0150.792] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0150.792] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0150.792] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0150.792] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0150.792] lstrlenA (lpString="DeviceIoControl") returned 15 [0150.792] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0150.792] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0150.792] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0150.792] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0150.792] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0150.792] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0150.792] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0150.793] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0150.793] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0150.793] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0150.793] lstrlenA (lpString="DuplicateHandle") returned 15 [0150.793] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0150.793] lstrlenA (lpString="EncodePointer") returned 13 [0150.793] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0150.793] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0150.793] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0150.793] lstrlenA (lpString="EnterCriticalSection") returned 20 [0150.793] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0150.793] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0150.793] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0150.794] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0150.794] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0150.794] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0150.794] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0150.794] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0150.794] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0150.814] VirtualProtectEx (in: hProcess=0x638, lpAddress=0x400000, dwSize=0x3a000, flNewProtect=0x1, lpflOldProtect=0x26a204c | out: lpflOldProtect=0x26a204c*=0x40) returned 1 [0150.816] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x644 [0150.817] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x7530, cHandles=0x1, pHandles=0x2dc7d4*=0x644, lpdwindex=0x2dc5f8 | out: lpdwindex=0x2dc5f8) returned 0x80010115 [0182.702] EnumProcessModules (in: hProcess=0x304, lphModule=0x26a9938, cb=0x100, lpcbNeeded=0x2dc654 | out: lphModule=0x26a9938, lpcbNeeded=0x2dc654) returned 1 [0182.704] EnumProcessModules (in: hProcess=0x304, lphModule=0x26a9a44, cb=0x200, lpcbNeeded=0x2dc654 | out: lphModule=0x26a9a44, lpcbNeeded=0x2dc654) returned 1 [0182.705] GetModuleInformation (in: hProcess=0x304, hModule=0x10b0000, lpmodinfo=0x26a9c84, cb=0xc | out: lpmodinfo=0x26a9c84*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0182.706] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.707] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x10b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0182.707] CoTaskMemFree (pv=0x3dd570) [0182.707] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.707] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x10b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0182.707] CoTaskMemFree (pv=0x3dd570) [0182.707] GetModuleInformation (in: hProcess=0x304, hModule=0x76f00000, lpmodinfo=0x26abdd4, cb=0xc | out: lpmodinfo=0x26abdd4*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0182.707] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.707] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76f00000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0182.708] CoTaskMemFree (pv=0x3dd570) [0182.708] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.708] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76f00000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0182.708] CoTaskMemFree (pv=0x3dd570) [0182.708] GetModuleInformation (in: hProcess=0x304, hModule=0x73500000, lpmodinfo=0x26adee4, cb=0xc | out: lpmodinfo=0x26adee4*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0182.708] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.708] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73500000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0182.708] CoTaskMemFree (pv=0x3dd570) [0182.708] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.708] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73500000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0182.709] CoTaskMemFree (pv=0x3dd570) [0182.709] GetModuleInformation (in: hProcess=0x304, hModule=0x752b0000, lpmodinfo=0x26afffc, cb=0xc | out: lpmodinfo=0x26afffc*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0182.709] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.709] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x752b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0182.709] CoTaskMemFree (pv=0x3dd570) [0182.709] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.709] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x752b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0182.709] CoTaskMemFree (pv=0x3dd570) [0182.709] GetModuleInformation (in: hProcess=0x304, hModule=0x753c0000, lpmodinfo=0x26b211c, cb=0xc | out: lpmodinfo=0x26b211c*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0182.710] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.710] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x753c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0182.710] CoTaskMemFree (pv=0x3dd570) [0182.710] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.710] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x753c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0182.710] CoTaskMemFree (pv=0x3dd570) [0182.710] GetModuleInformation (in: hProcess=0x304, hModule=0x76a60000, lpmodinfo=0x26b4270, cb=0xc | out: lpmodinfo=0x26b4270*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0182.710] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.711] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76a60000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0182.711] CoTaskMemFree (pv=0x3dd570) [0182.711] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.711] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76a60000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0182.711] CoTaskMemFree (pv=0x3dd570) [0182.711] GetModuleInformation (in: hProcess=0x304, hModule=0x75410000, lpmodinfo=0x26b6390, cb=0xc | out: lpmodinfo=0x26b6390*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0182.711] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.711] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75410000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0182.712] CoTaskMemFree (pv=0x3dd570) [0182.712] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.712] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75410000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0182.712] CoTaskMemFree (pv=0x3dd570) [0182.712] GetModuleInformation (in: hProcess=0x304, hModule=0x759a0000, lpmodinfo=0x26b84a8, cb=0xc | out: lpmodinfo=0x26b84a8*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0182.712] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.712] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x759a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0182.713] CoTaskMemFree (pv=0x3dd570) [0182.713] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.713] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x759a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0182.713] CoTaskMemFree (pv=0x3dd570) [0182.713] GetModuleInformation (in: hProcess=0x304, hModule=0x76970000, lpmodinfo=0x26ba5c0, cb=0xc | out: lpmodinfo=0x26ba5c0*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0182.713] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.713] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0182.714] CoTaskMemFree (pv=0x3dd570) [0182.714] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.714] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0182.714] CoTaskMemFree (pv=0x3dd570) [0182.714] GetModuleInformation (in: hProcess=0x304, hModule=0x74a50000, lpmodinfo=0x26bc724, cb=0xc | out: lpmodinfo=0x26bc724*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0182.714] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.714] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a50000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0182.715] CoTaskMemFree (pv=0x3dd570) [0182.715] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.715] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a50000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0182.715] CoTaskMemFree (pv=0x3dd570) [0182.715] GetModuleInformation (in: hProcess=0x304, hModule=0x74a40000, lpmodinfo=0x26be83c, cb=0xc | out: lpmodinfo=0x26be83c*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0182.715] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.716] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0182.716] CoTaskMemFree (pv=0x3dd570) [0182.716] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.716] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0182.716] CoTaskMemFree (pv=0x3dd570) [0182.716] GetModuleInformation (in: hProcess=0x304, hModule=0x733b0000, lpmodinfo=0x26c095c, cb=0xc | out: lpmodinfo=0x26c095c*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0182.717] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.717] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x733b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0182.717] CoTaskMemFree (pv=0x3dd570) [0182.717] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.717] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x733b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0182.717] CoTaskMemFree (pv=0x3dd570) [0182.717] GetModuleInformation (in: hProcess=0x304, hModule=0x734f0000, lpmodinfo=0x26c2ab0, cb=0xc | out: lpmodinfo=0x26c2ab0*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0182.718] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.718] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x734f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0182.718] CoTaskMemFree (pv=0x3dd570) [0182.718] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.718] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x734f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0182.719] CoTaskMemFree (pv=0x3dd570) [0182.719] GetModuleInformation (in: hProcess=0x304, hModule=0x751c0000, lpmodinfo=0x26c4c20, cb=0xc | out: lpmodinfo=0x26c4c20*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0182.719] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.719] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x751c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0182.719] CoTaskMemFree (pv=0x3dd570) [0182.720] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.720] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x751c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0182.720] CoTaskMemFree (pv=0x3dd570) [0182.720] GetModuleInformation (in: hProcess=0x304, hModule=0x75220000, lpmodinfo=0x26c6d38, cb=0xc | out: lpmodinfo=0x26c6d38*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0182.720] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.720] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75220000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0182.721] CoTaskMemFree (pv=0x3dd570) [0182.721] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.721] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75220000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0182.721] CoTaskMemFree (pv=0x3dd570) [0182.721] GetModuleInformation (in: hProcess=0x304, hModule=0x76860000, lpmodinfo=0x26c8e48, cb=0xc | out: lpmodinfo=0x26c8e48*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0182.722] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.722] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76860000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0182.722] CoTaskMemFree (pv=0x3dd570) [0182.722] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.722] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76860000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0182.723] CoTaskMemFree (pv=0x3dd570) [0182.723] GetModuleInformation (in: hProcess=0x304, hModule=0x759c0000, lpmodinfo=0x26caf60, cb=0xc | out: lpmodinfo=0x26caf60*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0182.723] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.723] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x759c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0182.724] CoTaskMemFree (pv=0x3dd570) [0182.724] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.724] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x759c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0182.724] CoTaskMemFree (pv=0x3dd570) [0182.724] GetModuleInformation (in: hProcess=0x304, hModule=0x74d40000, lpmodinfo=0x26cd0f4, cb=0xc | out: lpmodinfo=0x26cd0f4*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0182.725] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.725] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74d40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0182.725] CoTaskMemFree (pv=0x3dd570) [0182.725] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.725] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74d40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0182.726] CoTaskMemFree (pv=0x3dd570) [0182.726] GetModuleInformation (in: hProcess=0x304, hModule=0x75550000, lpmodinfo=0x26cf204, cb=0xc | out: lpmodinfo=0x26cf204*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0182.726] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.726] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0182.727] CoTaskMemFree (pv=0x3dd570) [0182.727] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.727] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0182.727] CoTaskMemFree (pv=0x3dd570) [0182.727] GetModuleInformation (in: hProcess=0x304, hModule=0x74c40000, lpmodinfo=0x26d1314, cb=0xc | out: lpmodinfo=0x26d1314*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0182.728] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.728] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74c40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0182.728] CoTaskMemFree (pv=0x3dd570) [0182.728] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.728] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74c40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0182.729] CoTaskMemFree (pv=0x3dd570) [0182.729] GetModuleInformation (in: hProcess=0x304, hModule=0x733a0000, lpmodinfo=0x26d3424, cb=0xc | out: lpmodinfo=0x26d3424*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0182.729] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.729] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x733a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0182.730] CoTaskMemFree (pv=0x3dd570) [0182.730] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.730] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x733a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0182.730] CoTaskMemFree (pv=0x3dd570) [0182.730] GetModuleInformation (in: hProcess=0x304, hModule=0x71770000, lpmodinfo=0x26d553c, cb=0xc | out: lpmodinfo=0x26d553c*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0182.731] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.731] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71770000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0182.731] CoTaskMemFree (pv=0x3dd570) [0182.731] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.731] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71770000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0182.732] CoTaskMemFree (pv=0x3dd570) [0182.732] GetModuleInformation (in: hProcess=0x304, hModule=0x73600000, lpmodinfo=0x26d7678, cb=0xc | out: lpmodinfo=0x26d7678*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0182.733] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.733] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73600000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0182.733] CoTaskMemFree (pv=0x3dd570) [0182.733] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.733] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73600000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0182.734] CoTaskMemFree (pv=0x3dd570) [0182.734] GetModuleInformation (in: hProcess=0x304, hModule=0x73550000, lpmodinfo=0x26d97c8, cb=0xc | out: lpmodinfo=0x26d97c8*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0182.734] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.734] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0182.735] CoTaskMemFree (pv=0x3dd570) [0182.735] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.735] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0182.735] CoTaskMemFree (pv=0x3dd570) [0182.736] GetModuleInformation (in: hProcess=0x304, hModule=0x70360000, lpmodinfo=0x26db914, cb=0xc | out: lpmodinfo=0x26db914*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0182.736] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.736] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x70360000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0182.737] CoTaskMemFree (pv=0x3dd570) [0182.737] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.737] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x70360000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0182.737] CoTaskMemFree (pv=0x3dd570) [0182.737] GetModuleInformation (in: hProcess=0x304, hModule=0x75740000, lpmodinfo=0x26ddac8, cb=0xc | out: lpmodinfo=0x26ddac8*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0182.738] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.738] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75740000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0182.738] CoTaskMemFree (pv=0x3dd570) [0182.739] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.739] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75740000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0182.739] CoTaskMemFree (pv=0x3dd570) [0182.739] GetModuleInformation (in: hProcess=0x304, hModule=0x73a10000, lpmodinfo=0x26dfbd8, cb=0xc | out: lpmodinfo=0x26dfbd8*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0182.740] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.740] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73a10000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0182.740] CoTaskMemFree (pv=0x3dd570) [0182.740] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.740] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73a10000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0182.741] CoTaskMemFree (pv=0x3dd570) [0182.741] GetModuleInformation (in: hProcess=0x304, hModule=0x74a20000, lpmodinfo=0x26e1cf0, cb=0xc | out: lpmodinfo=0x26e1cf0*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0182.742] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.742] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a20000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0182.742] CoTaskMemFree (pv=0x3dd570) [0182.742] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.742] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a20000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0182.743] CoTaskMemFree (pv=0x3dd570) [0182.743] GetModuleInformation (in: hProcess=0x304, hModule=0x74990000, lpmodinfo=0x26e3e60, cb=0xc | out: lpmodinfo=0x26e3e60*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0182.744] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.744] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74990000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0182.744] CoTaskMemFree (pv=0x3dd570) [0182.744] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.744] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74990000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0182.745] CoTaskMemFree (pv=0x3dd570) [0182.745] GetModuleInformation (in: hProcess=0x304, hModule=0x75130000, lpmodinfo=0x26e5fac, cb=0xc | out: lpmodinfo=0x26e5fac*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0182.746] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.746] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75130000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0182.746] CoTaskMemFree (pv=0x3dd570) [0182.746] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.746] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75130000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0182.747] CoTaskMemFree (pv=0x3dd570) [0182.747] GetModuleInformation (in: hProcess=0x304, hModule=0x6eea0000, lpmodinfo=0x26e80cc, cb=0xc | out: lpmodinfo=0x26e80cc*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0182.748] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.748] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6eea0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0182.748] CoTaskMemFree (pv=0x3dd570) [0182.748] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.749] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6eea0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0182.749] CoTaskMemFree (pv=0x3dd570) [0182.749] GetModuleInformation (in: hProcess=0x304, hModule=0x6fb40000, lpmodinfo=0x26ea274, cb=0xc | out: lpmodinfo=0x26ea274*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0182.750] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.750] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6fb40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0182.751] CoTaskMemFree (pv=0x3dd570) [0182.751] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.751] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6fb40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0182.751] CoTaskMemFree (pv=0x3dd570) [0182.751] GetModuleInformation (in: hProcess=0x304, hModule=0x6f950000, lpmodinfo=0x26ec43c, cb=0xc | out: lpmodinfo=0x26ec43c*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0182.752] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.752] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0182.753] CoTaskMemFree (pv=0x3dd570) [0182.753] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.753] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0182.754] CoTaskMemFree (pv=0x3dd570) [0182.754] GetModuleInformation (in: hProcess=0x304, hModule=0x6ecf0000, lpmodinfo=0x26ee748, cb=0xc | out: lpmodinfo=0x26ee748*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0182.754] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.754] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6ecf0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0182.755] CoTaskMemFree (pv=0x3dd570) [0182.755] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.755] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6ecf0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0182.756] CoTaskMemFree (pv=0x3dd570) [0182.756] GetModuleInformation (in: hProcess=0x304, hModule=0x6de80000, lpmodinfo=0x26f0920, cb=0xc | out: lpmodinfo=0x26f0920*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0182.757] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.757] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6de80000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0182.757] CoTaskMemFree (pv=0x3dd570) [0182.757] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.757] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6de80000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0182.758] CoTaskMemFree (pv=0x3dd570) [0182.758] GetModuleInformation (in: hProcess=0x304, hModule=0x6dd70000, lpmodinfo=0x26f2b1c, cb=0xc | out: lpmodinfo=0x26f2b1c*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0182.759] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.759] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6dd70000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0182.760] CoTaskMemFree (pv=0x3dd570) [0182.760] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.760] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6dd70000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0182.760] CoTaskMemFree (pv=0x3dd570) [0182.760] GetModuleInformation (in: hProcess=0x304, hModule=0x6d5f0000, lpmodinfo=0x26f4d18, cb=0xc | out: lpmodinfo=0x26f4d18*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0182.761] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.761] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d5f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0182.762] CoTaskMemFree (pv=0x3dd570) [0182.762] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.762] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d5f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0182.763] CoTaskMemFree (pv=0x3dd570) [0182.763] GetModuleInformation (in: hProcess=0x304, hModule=0x74950000, lpmodinfo=0x26f6ed8, cb=0xc | out: lpmodinfo=0x26f6ed8*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0182.764] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.764] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0182.765] CoTaskMemFree (pv=0x3dd570) [0182.765] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.765] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0182.766] CoTaskMemFree (pv=0x3dd570) [0182.766] GetModuleInformation (in: hProcess=0x304, hModule=0x75be0000, lpmodinfo=0x26f9034, cb=0xc | out: lpmodinfo=0x26f9034*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0182.767] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.767] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75be0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0182.768] CoTaskMemFree (pv=0x3dd570) [0182.768] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.768] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75be0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0182.769] CoTaskMemFree (pv=0x3dd570) [0182.769] GetModuleInformation (in: hProcess=0x304, hModule=0x748d0000, lpmodinfo=0x26fb14c, cb=0xc | out: lpmodinfo=0x26fb14c*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0182.769] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.770] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x748d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0182.770] CoTaskMemFree (pv=0x3dd570) [0182.770] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.770] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x748d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0182.771] CoTaskMemFree (pv=0x3dd570) [0182.771] GetModuleInformation (in: hProcess=0x304, hModule=0x74970000, lpmodinfo=0x26fd264, cb=0xc | out: lpmodinfo=0x26fd264*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0182.772] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.772] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0182.773] CoTaskMemFree (pv=0x3dd570) [0182.773] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.773] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0182.774] CoTaskMemFree (pv=0x3dd570) [0182.774] GetModuleInformation (in: hProcess=0x304, hModule=0x738e0000, lpmodinfo=0x26ff37c, cb=0xc | out: lpmodinfo=0x26ff37c*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0182.775] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.775] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x738e0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0182.776] CoTaskMemFree (pv=0x3dd570) [0182.776] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.776] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x738e0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0182.777] CoTaskMemFree (pv=0x3dd570) [0182.777] GetModuleInformation (in: hProcess=0x304, hModule=0x738a0000, lpmodinfo=0x2701494, cb=0xc | out: lpmodinfo=0x2701494*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0182.778] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.778] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x738a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0182.779] CoTaskMemFree (pv=0x3dd570) [0182.779] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.779] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x738a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0182.779] CoTaskMemFree (pv=0x3dd570) [0182.780] GetModuleInformation (in: hProcess=0x304, hModule=0x75950000, lpmodinfo=0x27035ac, cb=0xc | out: lpmodinfo=0x27035ac*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0182.780] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.780] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0182.781] CoTaskMemFree (pv=0x3dd570) [0182.781] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.781] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0182.782] CoTaskMemFree (pv=0x3dd570) [0182.782] GetModuleInformation (in: hProcess=0x304, hModule=0x73990000, lpmodinfo=0x27056bc, cb=0xc | out: lpmodinfo=0x27056bc*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0182.783] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.783] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73990000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0182.784] CoTaskMemFree (pv=0x3dd570) [0182.784] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.784] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73990000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0182.785] CoTaskMemFree (pv=0x3dd570) [0182.785] GetModuleInformation (in: hProcess=0x304, hModule=0x73970000, lpmodinfo=0x27077dc, cb=0xc | out: lpmodinfo=0x27077dc*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0182.786] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.786] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0182.787] CoTaskMemFree (pv=0x3dd570) [0182.787] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.787] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0182.788] CoTaskMemFree (pv=0x3dd570) [0182.788] GetModuleInformation (in: hProcess=0x304, hModule=0x75960000, lpmodinfo=0x2709900, cb=0xc | out: lpmodinfo=0x2709900*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0182.789] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.789] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0182.790] CoTaskMemFree (pv=0x3dd570) [0182.790] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.790] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0182.791] CoTaskMemFree (pv=0x3dd570) [0182.791] GetModuleInformation (in: hProcess=0x304, hModule=0x76960000, lpmodinfo=0x270ba18, cb=0xc | out: lpmodinfo=0x270ba18*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0182.791] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.792] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0182.792] CoTaskMemFree (pv=0x3dd570) [0182.792] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.792] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0182.793] CoTaskMemFree (pv=0x3dd570) [0182.793] GetModuleInformation (in: hProcess=0x304, hModule=0x73960000, lpmodinfo=0x270db20, cb=0xc | out: lpmodinfo=0x270db20*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0182.794] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.794] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0182.795] CoTaskMemFree (pv=0x3dd570) [0182.795] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.795] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0182.796] CoTaskMemFree (pv=0x3dd570) [0182.796] GetModuleInformation (in: hProcess=0x304, hModule=0x747e0000, lpmodinfo=0x270fc38, cb=0xc | out: lpmodinfo=0x270fc38*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0182.797] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.797] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747e0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0182.798] CoTaskMemFree (pv=0x3dd570) [0182.798] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.799] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747e0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0182.805] CoTaskMemFree (pv=0x3dd570) [0182.805] GetModuleInformation (in: hProcess=0x304, hModule=0x747d0000, lpmodinfo=0x2711d50, cb=0xc | out: lpmodinfo=0x2711d50*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0182.806] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.806] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0182.807] CoTaskMemFree (pv=0x3dd570) [0182.807] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.807] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0182.808] CoTaskMemFree (pv=0x3dd570) [0182.808] GetModuleInformation (in: hProcess=0x304, hModule=0x747c0000, lpmodinfo=0x2713e70, cb=0xc | out: lpmodinfo=0x2713e70*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0182.809] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.809] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0182.810] CoTaskMemFree (pv=0x3dd570) [0182.810] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.810] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0182.811] CoTaskMemFree (pv=0x3dd570) [0182.812] GetModuleInformation (in: hProcess=0x304, hModule=0x6d590000, lpmodinfo=0x2715f88, cb=0xc | out: lpmodinfo=0x2715f88*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0182.813] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.813] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d590000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0182.814] CoTaskMemFree (pv=0x3dd570) [0182.814] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.814] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d590000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0182.815] CoTaskMemFree (pv=0x3dd570) [0182.815] GetModuleInformation (in: hProcess=0x304, hModule=0x6f900000, lpmodinfo=0x27180a0, cb=0xc | out: lpmodinfo=0x27180a0*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0182.816] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.816] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f900000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0182.817] CoTaskMemFree (pv=0x3dd570) [0182.817] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.817] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f900000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0182.818] CoTaskMemFree (pv=0x3dd570) [0182.818] GetModuleInformation (in: hProcess=0x304, hModule=0x74930000, lpmodinfo=0x271a1b0, cb=0xc | out: lpmodinfo=0x271a1b0*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0182.819] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.819] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74930000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0182.820] CoTaskMemFree (pv=0x3dd570) [0182.820] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.820] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74930000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0182.821] CoTaskMemFree (pv=0x3dd570) [0182.821] GetModuleInformation (in: hProcess=0x304, hModule=0x74830000, lpmodinfo=0x271c2c8, cb=0xc | out: lpmodinfo=0x271c2c8*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0182.822] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.822] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74830000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0182.823] CoTaskMemFree (pv=0x3dd570) [0182.823] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.823] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74830000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0182.824] CoTaskMemFree (pv=0x3dd570) [0182.824] GetModuleInformation (in: hProcess=0x304, hModule=0x74820000, lpmodinfo=0x271e3e8, cb=0xc | out: lpmodinfo=0x271e3e8*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0182.826] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.826] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74820000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0182.827] CoTaskMemFree (pv=0x3dd570) [0182.827] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.827] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74820000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0182.828] CoTaskMemFree (pv=0x3dd570) [0182.828] GetModuleInformation (in: hProcess=0x304, hModule=0x74940000, lpmodinfo=0x2720500, cb=0xc | out: lpmodinfo=0x2720500*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0182.829] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.829] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74940000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0182.830] CoTaskMemFree (pv=0x3dd570) [0182.830] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.830] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74940000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0182.833] CoTaskMemFree (pv=0x3dd570) [0182.833] GetModuleInformation (in: hProcess=0x304, hModule=0x6d550000, lpmodinfo=0x2722620, cb=0xc | out: lpmodinfo=0x2722620*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0182.834] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.834] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0182.835] CoTaskMemFree (pv=0x3dd570) [0182.835] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.835] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0182.836] CoTaskMemFree (pv=0x3dd570) [0182.836] GetModuleInformation (in: hProcess=0x304, hModule=0x747a0000, lpmodinfo=0x2724740, cb=0xc | out: lpmodinfo=0x2724740*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0182.837] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.837] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0182.839] CoTaskMemFree (pv=0x3dd570) [0182.839] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.839] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0182.840] CoTaskMemFree (pv=0x3dd570) [0182.840] GetModuleInformation (in: hProcess=0x304, hModule=0x74850000, lpmodinfo=0x2726868, cb=0xc | out: lpmodinfo=0x2726868*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0182.842] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.842] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74850000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0182.843] CoTaskMemFree (pv=0x3dd570) [0182.843] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.843] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74850000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0182.844] CoTaskMemFree (pv=0x3dd570) [0182.845] GetModuleInformation (in: hProcess=0x304, hModule=0x747b0000, lpmodinfo=0x2728980, cb=0xc | out: lpmodinfo=0x2728980*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0182.846] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.846] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0182.847] CoTaskMemFree (pv=0x3dd570) [0182.847] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.847] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0182.849] CoTaskMemFree (pv=0x3dd570) [0182.849] GetModuleInformation (in: hProcess=0x304, hModule=0x6d510000, lpmodinfo=0x272aaa0, cb=0xc | out: lpmodinfo=0x272aaa0*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0182.850] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.850] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d510000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0182.852] CoTaskMemFree (pv=0x3dd570) [0182.852] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.852] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d510000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0182.853] CoTaskMemFree (pv=0x3dd570) [0182.853] GetModuleInformation (in: hProcess=0x304, hModule=0x6d580000, lpmodinfo=0x272cbc0, cb=0xc | out: lpmodinfo=0x272cbc0*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0182.855] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.855] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d580000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0182.856] CoTaskMemFree (pv=0x3dd570) [0182.856] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.856] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d580000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0182.858] CoTaskMemFree (pv=0x3dd570) [0182.858] GetModuleInformation (in: hProcess=0x304, hModule=0x6d4d0000, lpmodinfo=0x272ecd8, cb=0xc | out: lpmodinfo=0x272ecd8*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0182.859] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.859] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d4d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0182.860] CoTaskMemFree (pv=0x3dd570) [0182.860] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.860] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d4d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0182.861] CoTaskMemFree (pv=0x3dd570) [0182.862] GetModuleInformation (in: hProcess=0x304, hModule=0x74ab0000, lpmodinfo=0x2731004, cb=0xc | out: lpmodinfo=0x2731004*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0182.863] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.863] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ab0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0182.864] CoTaskMemFree (pv=0x3dd570) [0182.864] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.864] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ab0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0182.865] CoTaskMemFree (pv=0x3dd570) [0182.865] GetModuleInformation (in: hProcess=0x304, hModule=0x76ed0000, lpmodinfo=0x273311c, cb=0xc | out: lpmodinfo=0x273311c*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0182.867] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.867] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76ed0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0182.868] CoTaskMemFree (pv=0x3dd570) [0182.868] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.868] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76ed0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0182.869] CoTaskMemFree (pv=0x3dd570) [0182.869] GetModuleInformation (in: hProcess=0x304, hModule=0x6d490000, lpmodinfo=0x2735234, cb=0xc | out: lpmodinfo=0x2735234*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0182.871] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.871] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d490000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0182.872] CoTaskMemFree (pv=0x3dd570) [0182.872] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.872] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d490000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0182.873] CoTaskMemFree (pv=0x3dd570) [0182.873] GetModuleInformation (in: hProcess=0x304, hModule=0x6d450000, lpmodinfo=0x273734c, cb=0xc | out: lpmodinfo=0x273734c*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0182.875] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.875] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d450000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0182.876] CoTaskMemFree (pv=0x3dd570) [0182.876] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.876] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d450000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0182.877] CoTaskMemFree (pv=0x3dd570) [0182.877] GetModuleInformation (in: hProcess=0x304, hModule=0x6d430000, lpmodinfo=0x273948c, cb=0xc | out: lpmodinfo=0x273948c*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0182.879] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.879] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d430000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0182.880] CoTaskMemFree (pv=0x3dd570) [0182.880] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.880] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d430000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0182.881] CoTaskMemFree (pv=0x3dd570) [0182.881] GetModuleInformation (in: hProcess=0x304, hModule=0x6d410000, lpmodinfo=0x273b5a4, cb=0xc | out: lpmodinfo=0x273b5a4*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0182.883] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.883] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d410000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0182.884] CoTaskMemFree (pv=0x3dd570) [0182.884] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.884] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d410000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0182.885] CoTaskMemFree (pv=0x3dd570) [0182.885] GetModuleInformation (in: hProcess=0x304, hModule=0x6d380000, lpmodinfo=0x273d6b4, cb=0xc | out: lpmodinfo=0x273d6b4*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0182.887] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.887] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d380000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0182.888] CoTaskMemFree (pv=0x3dd570) [0182.888] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.888] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d380000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0182.889] CoTaskMemFree (pv=0x3dd570) [0182.889] GetModuleInformation (in: hProcess=0x304, hModule=0x6d1f0000, lpmodinfo=0x273f894, cb=0xc | out: lpmodinfo=0x273f894*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0182.891] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.891] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d1f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0182.892] CoTaskMemFree (pv=0x3dd570) [0182.892] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.892] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d1f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0182.894] CoTaskMemFree (pv=0x3dd570) [0182.894] GetModuleInformation (in: hProcess=0x304, hModule=0x6d0f0000, lpmodinfo=0x2741a50, cb=0xc | out: lpmodinfo=0x2741a50*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0182.895] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.895] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d0f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0182.897] CoTaskMemFree (pv=0x3dd570) [0182.897] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.897] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d0f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0182.898] CoTaskMemFree (pv=0x3dd570) [0182.898] GetModuleInformation (in: hProcess=0x304, hModule=0x6c320000, lpmodinfo=0x2743b80, cb=0xc | out: lpmodinfo=0x2743b80*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0182.899] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.899] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6c320000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0182.901] CoTaskMemFree (pv=0x3dd570) [0182.901] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0182.901] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6c320000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0182.903] CoTaskMemFree (pv=0x3dd570) [0182.903] CloseHandle (hObject=0x304) returned 1 [0182.905] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0182.905] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0182.905] lstrlenA (lpString="ActivateActCtx") returned 14 [0182.905] lstrlenA (lpString="AddAtomA") returned 8 [0182.905] lstrlenA (lpString="AddAtomW") returned 8 [0182.905] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0182.905] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0182.906] lstrlenA (lpString="AddDllDirectory") returned 15 [0182.906] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0182.906] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0182.906] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0182.906] lstrlenA (lpString="AddRefActCtx") returned 12 [0182.906] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0182.906] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0182.906] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0182.906] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0182.906] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0182.907] lstrlenA (lpString="AllocConsole") returned 12 [0182.907] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0182.907] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0182.907] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0182.907] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0182.907] lstrlenA (lpString="AreFileApisANSI") returned 15 [0182.907] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0182.907] lstrlenA (lpString="AttachConsole") returned 13 [0182.907] lstrlenA (lpString="BackupRead") returned 10 [0182.908] lstrlenA (lpString="BackupSeek") returned 10 [0182.908] lstrlenA (lpString="BackupWrite") returned 11 [0182.908] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0182.908] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0182.908] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0182.908] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0182.908] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0182.908] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0182.908] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0182.909] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0182.909] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0182.909] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0182.909] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0182.909] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0182.909] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0182.909] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0182.909] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0182.909] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0182.910] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0182.910] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0182.910] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0182.910] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0182.910] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0182.910] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0182.911] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0182.911] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0182.911] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0182.911] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0182.911] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0182.911] lstrlenA (lpString="Beep") returned 4 [0182.911] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0182.911] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0182.911] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0182.911] lstrlenA (lpString="BuildCommDCBA") returned 13 [0182.912] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0182.912] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0182.912] lstrlenA (lpString="BuildCommDCBW") returned 13 [0182.912] lstrlenA (lpString="CallNamedPipeA") returned 14 [0182.912] lstrlenA (lpString="CallNamedPipeW") returned 14 [0182.912] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0182.912] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0182.912] lstrlenA (lpString="CancelIo") returned 8 [0182.912] lstrlenA (lpString="CancelIoEx") returned 10 [0182.912] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0182.913] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0182.913] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0182.913] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0182.913] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0182.913] lstrlenA (lpString="CheckElevation") returned 14 [0182.913] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0182.913] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0182.913] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0182.913] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0182.913] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0182.914] lstrlenA (lpString="ClearCommBreak") returned 14 [0182.914] lstrlenA (lpString="ClearCommError") returned 14 [0182.914] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0182.914] lstrlenA (lpString="CloseHandle") returned 11 [0182.914] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0182.914] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0182.914] lstrlenA (lpString="CloseThreadpool") returned 15 [0182.914] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0182.914] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0182.914] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0182.915] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0182.915] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0182.915] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0182.915] lstrlenA (lpString="CmdBatNotification") returned 18 [0182.915] lstrlenA (lpString="CommConfigDialogA") returned 17 [0182.915] lstrlenA (lpString="CommConfigDialogW") returned 17 [0182.915] lstrlenA (lpString="CompareCalendarDates") returned 20 [0182.915] lstrlenA (lpString="CompareFileTime") returned 15 [0182.915] lstrlenA (lpString="CompareStringA") returned 14 [0182.916] lstrlenA (lpString="CompareStringEx") returned 15 [0182.916] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0182.916] lstrlenA (lpString="CompareStringW") returned 14 [0182.916] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0182.916] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0182.916] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0182.916] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0182.916] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0182.916] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0182.916] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0182.917] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0182.917] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0182.917] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0182.917] lstrlenA (lpString="CopyContext") returned 11 [0182.917] lstrlenA (lpString="CopyFileA") returned 9 [0182.917] lstrlenA (lpString="CopyFileExA") returned 11 [0182.917] lstrlenA (lpString="CopyFileExW") returned 11 [0182.917] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0182.917] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0182.917] lstrlenA (lpString="CopyFileW") returned 9 [0182.918] lstrlenA (lpString="CopyLZFile") returned 10 [0182.918] lstrlenA (lpString="CreateActCtxA") returned 13 [0182.918] lstrlenA (lpString="CreateActCtxW") returned 13 [0182.918] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0182.918] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0182.918] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0182.918] lstrlenA (lpString="CreateDirectoryA") returned 16 [0182.918] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0182.918] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0182.918] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0182.919] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0182.919] lstrlenA (lpString="CreateDirectoryW") returned 16 [0182.919] lstrlenA (lpString="CreateEventA") returned 12 [0182.919] lstrlenA (lpString="CreateEventExA") returned 14 [0182.919] lstrlenA (lpString="CreateEventExW") returned 14 [0182.919] lstrlenA (lpString="CreateEventW") returned 12 [0182.919] lstrlenA (lpString="CreateFiber") returned 11 [0182.919] lstrlenA (lpString="CreateFiberEx") returned 13 [0182.919] lstrlenA (lpString="CreateFileA") returned 11 [0182.919] lstrlenA (lpString="CreateFileMappingA") returned 18 [0182.919] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0182.919] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0182.919] lstrlenA (lpString="CreateFileMappingW") returned 18 [0182.919] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0182.919] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0182.919] lstrlenA (lpString="CreateFileW") returned 11 [0182.920] lstrlenA (lpString="CreateHardLinkA") returned 15 [0182.920] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0182.920] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0182.920] lstrlenA (lpString="CreateHardLinkW") returned 15 [0182.920] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0182.920] lstrlenA (lpString="CreateJobObjectA") returned 16 [0182.920] lstrlenA (lpString="CreateJobObjectW") returned 16 [0182.920] lstrlenA (lpString="CreateJobSet") returned 12 [0182.920] lstrlenA (lpString="CreateMailslotA") returned 15 [0182.920] lstrlenA (lpString="CreateMailslotW") returned 15 [0182.920] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0182.920] lstrlenA (lpString="CreateMutexA") returned 12 [0182.920] lstrlenA (lpString="CreateMutexExA") returned 14 [0182.920] lstrlenA (lpString="CreateMutexExW") returned 14 [0182.920] lstrlenA (lpString="CreateMutexW") returned 12 [0182.921] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0182.921] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0182.921] lstrlenA (lpString="CreatePipe") returned 10 [0182.921] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0182.921] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0182.921] lstrlenA (lpString="CreateProcessA") returned 14 [0182.921] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0182.921] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0182.921] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0182.921] lstrlenA (lpString="CreateProcessW") returned 14 [0182.921] lstrlenA (lpString="CreateRemoteThread") returned 18 [0182.921] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0182.921] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0182.921] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0182.922] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0182.922] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0182.922] lstrlenA (lpString="CreateSocketHandle") returned 18 [0182.922] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0182.922] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0182.922] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0182.922] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0182.922] lstrlenA (lpString="CreateTapePartition") returned 19 [0182.922] lstrlenA (lpString="CreateThread") returned 12 [0182.922] lstrlenA (lpString="CreateThreadpool") returned 16 [0182.922] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0182.922] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0182.922] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0182.922] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0182.923] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0182.923] lstrlenA (lpString="CreateTimerQueue") returned 16 [0182.923] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0182.923] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0182.923] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0182.923] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0182.923] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0182.923] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0182.923] lstrlenA (lpString="CtrlRoutine") returned 11 [0182.923] lstrlenA (lpString="DeactivateActCtx") returned 16 [0182.923] lstrlenA (lpString="DebugActiveProcess") returned 18 [0182.923] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0182.923] lstrlenA (lpString="DebugBreak") returned 10 [0182.923] lstrlenA (lpString="DebugBreakProcess") returned 17 [0182.924] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0182.924] lstrlenA (lpString="DecodePointer") returned 13 [0182.924] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0182.924] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0182.924] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0182.924] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0182.924] lstrlenA (lpString="DeleteAtom") returned 10 [0182.924] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0182.924] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0182.925] lstrlenA (lpString="DeleteFiber") returned 11 [0182.925] lstrlenA (lpString="DeleteFileA") returned 11 [0182.925] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0182.925] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0182.925] lstrlenA (lpString="DeleteFileW") returned 11 [0182.925] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0182.925] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0182.925] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0182.925] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0182.925] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0182.925] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0182.925] lstrlenA (lpString="DeviceIoControl") returned 15 [0182.925] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0182.925] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0182.926] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0182.926] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0182.926] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0182.926] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0182.926] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0182.926] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0182.926] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0182.926] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0182.926] lstrlenA (lpString="DuplicateHandle") returned 15 [0182.926] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0182.926] lstrlenA (lpString="EncodePointer") returned 13 [0182.926] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0182.926] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0182.926] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0182.927] lstrlenA (lpString="EnterCriticalSection") returned 20 [0182.927] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0182.927] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0182.927] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0182.927] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0182.927] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0182.927] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0182.927] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0182.927] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0182.927] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0182.930] VirtualProtectEx (in: hProcess=0x638, lpAddress=0x400000, dwSize=0x3a000, flNewProtect=0x40, lpflOldProtect=0x2757300 | out: lpflOldProtect=0x2757300*=0x1) returned 1 [0183.038] EnumProcessModules (in: hProcess=0x304, lphModule=0x275e9bc, cb=0x100, lpcbNeeded=0x2dc670 | out: lphModule=0x275e9bc, lpcbNeeded=0x2dc670) returned 1 [0183.040] EnumProcessModules (in: hProcess=0x304, lphModule=0x275eac8, cb=0x200, lpcbNeeded=0x2dc670 | out: lphModule=0x275eac8, lpcbNeeded=0x2dc670) returned 1 [0183.041] GetModuleInformation (in: hProcess=0x304, hModule=0x10b0000, lpmodinfo=0x275ed08, cb=0xc | out: lpmodinfo=0x275ed08*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0183.041] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.042] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x10b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0183.042] CoTaskMemFree (pv=0x3dd570) [0183.042] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.042] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x10b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0183.042] CoTaskMemFree (pv=0x3dd570) [0183.042] GetModuleInformation (in: hProcess=0x304, hModule=0x76f00000, lpmodinfo=0x2760e58, cb=0xc | out: lpmodinfo=0x2760e58*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0183.042] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.042] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76f00000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0183.043] CoTaskMemFree (pv=0x3dd570) [0183.043] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.043] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76f00000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0183.043] CoTaskMemFree (pv=0x3dd570) [0183.043] GetModuleInformation (in: hProcess=0x304, hModule=0x73500000, lpmodinfo=0x2762f68, cb=0xc | out: lpmodinfo=0x2762f68*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0183.043] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.043] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73500000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0183.043] CoTaskMemFree (pv=0x3dd570) [0183.043] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.043] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73500000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0183.044] CoTaskMemFree (pv=0x3dd570) [0183.044] GetModuleInformation (in: hProcess=0x304, hModule=0x752b0000, lpmodinfo=0x2765080, cb=0xc | out: lpmodinfo=0x2765080*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0183.044] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.044] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x752b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0183.044] CoTaskMemFree (pv=0x3dd570) [0183.044] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.044] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x752b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0183.044] CoTaskMemFree (pv=0x3dd570) [0183.044] GetModuleInformation (in: hProcess=0x304, hModule=0x753c0000, lpmodinfo=0x27671a0, cb=0xc | out: lpmodinfo=0x27671a0*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0183.045] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.045] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x753c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0183.045] CoTaskMemFree (pv=0x3dd570) [0183.045] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.045] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x753c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0183.045] CoTaskMemFree (pv=0x3dd570) [0183.045] GetModuleInformation (in: hProcess=0x304, hModule=0x76a60000, lpmodinfo=0x27692f4, cb=0xc | out: lpmodinfo=0x27692f4*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0183.046] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.046] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76a60000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0183.046] CoTaskMemFree (pv=0x3dd570) [0183.046] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.046] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76a60000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0183.046] CoTaskMemFree (pv=0x3dd570) [0183.046] GetModuleInformation (in: hProcess=0x304, hModule=0x75410000, lpmodinfo=0x276b414, cb=0xc | out: lpmodinfo=0x276b414*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0183.047] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.047] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75410000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0183.047] CoTaskMemFree (pv=0x3dd570) [0183.047] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.047] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75410000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0183.047] CoTaskMemFree (pv=0x3dd570) [0183.047] GetModuleInformation (in: hProcess=0x304, hModule=0x759a0000, lpmodinfo=0x276d52c, cb=0xc | out: lpmodinfo=0x276d52c*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0183.048] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.048] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x759a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0183.048] CoTaskMemFree (pv=0x3dd570) [0183.048] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.048] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x759a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0183.048] CoTaskMemFree (pv=0x3dd570) [0183.048] GetModuleInformation (in: hProcess=0x304, hModule=0x76970000, lpmodinfo=0x276f644, cb=0xc | out: lpmodinfo=0x276f644*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0183.049] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.049] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0183.049] CoTaskMemFree (pv=0x3dd570) [0183.049] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.049] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0183.050] CoTaskMemFree (pv=0x3dd570) [0183.050] GetModuleInformation (in: hProcess=0x304, hModule=0x74a50000, lpmodinfo=0x27717a8, cb=0xc | out: lpmodinfo=0x27717a8*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0183.050] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.050] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a50000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0183.050] CoTaskMemFree (pv=0x3dd570) [0183.050] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.050] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a50000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0183.051] CoTaskMemFree (pv=0x3dd570) [0183.051] GetModuleInformation (in: hProcess=0x304, hModule=0x74a40000, lpmodinfo=0x27738cc, cb=0xc | out: lpmodinfo=0x27738cc*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0183.051] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.051] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0183.051] CoTaskMemFree (pv=0x3dd570) [0183.051] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.052] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0183.052] CoTaskMemFree (pv=0x3dd570) [0183.052] GetModuleInformation (in: hProcess=0x304, hModule=0x733b0000, lpmodinfo=0x27759ec, cb=0xc | out: lpmodinfo=0x27759ec*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0183.052] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.052] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x733b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0183.053] CoTaskMemFree (pv=0x3dd570) [0183.053] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.053] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x733b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0183.053] CoTaskMemFree (pv=0x3dd570) [0183.053] GetModuleInformation (in: hProcess=0x304, hModule=0x734f0000, lpmodinfo=0x2777b40, cb=0xc | out: lpmodinfo=0x2777b40*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0183.053] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.053] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x734f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0183.054] CoTaskMemFree (pv=0x3dd570) [0183.054] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.054] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x734f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0183.054] CoTaskMemFree (pv=0x3dd570) [0183.054] GetModuleInformation (in: hProcess=0x304, hModule=0x751c0000, lpmodinfo=0x2779cb0, cb=0xc | out: lpmodinfo=0x2779cb0*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0183.055] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.055] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x751c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0183.055] CoTaskMemFree (pv=0x3dd570) [0183.055] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.055] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x751c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0183.056] CoTaskMemFree (pv=0x3dd570) [0183.056] GetModuleInformation (in: hProcess=0x304, hModule=0x75220000, lpmodinfo=0x277bdc8, cb=0xc | out: lpmodinfo=0x277bdc8*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0183.056] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.056] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75220000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0183.057] CoTaskMemFree (pv=0x3dd570) [0183.057] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.057] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75220000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0183.057] CoTaskMemFree (pv=0x3dd570) [0183.057] GetModuleInformation (in: hProcess=0x304, hModule=0x76860000, lpmodinfo=0x277ded8, cb=0xc | out: lpmodinfo=0x277ded8*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0183.058] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.058] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76860000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0183.058] CoTaskMemFree (pv=0x3dd570) [0183.058] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.058] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76860000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0183.059] CoTaskMemFree (pv=0x3dd570) [0183.059] GetModuleInformation (in: hProcess=0x304, hModule=0x759c0000, lpmodinfo=0x277fff0, cb=0xc | out: lpmodinfo=0x277fff0*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0183.059] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.059] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x759c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0183.060] CoTaskMemFree (pv=0x3dd570) [0183.060] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.060] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x759c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0183.060] CoTaskMemFree (pv=0x3dd570) [0183.060] GetModuleInformation (in: hProcess=0x304, hModule=0x74d40000, lpmodinfo=0x2782184, cb=0xc | out: lpmodinfo=0x2782184*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0183.061] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.061] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74d40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0183.061] CoTaskMemFree (pv=0x3dd570) [0183.061] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.061] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74d40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0183.062] CoTaskMemFree (pv=0x3dd570) [0183.062] GetModuleInformation (in: hProcess=0x304, hModule=0x75550000, lpmodinfo=0x2784294, cb=0xc | out: lpmodinfo=0x2784294*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0183.062] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.062] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0183.063] CoTaskMemFree (pv=0x3dd570) [0183.063] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.063] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0183.064] CoTaskMemFree (pv=0x3dd570) [0183.064] GetModuleInformation (in: hProcess=0x304, hModule=0x74c40000, lpmodinfo=0x27863a4, cb=0xc | out: lpmodinfo=0x27863a4*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0183.064] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.064] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74c40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0183.065] CoTaskMemFree (pv=0x3dd570) [0183.065] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.065] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74c40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0183.065] CoTaskMemFree (pv=0x3dd570) [0183.065] GetModuleInformation (in: hProcess=0x304, hModule=0x733a0000, lpmodinfo=0x27884b4, cb=0xc | out: lpmodinfo=0x27884b4*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0183.066] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.066] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x733a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0183.066] CoTaskMemFree (pv=0x3dd570) [0183.067] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.067] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x733a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0183.067] CoTaskMemFree (pv=0x3dd570) [0183.067] GetModuleInformation (in: hProcess=0x304, hModule=0x71770000, lpmodinfo=0x278a5cc, cb=0xc | out: lpmodinfo=0x278a5cc*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0183.068] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.068] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71770000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0183.068] CoTaskMemFree (pv=0x3dd570) [0183.068] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.068] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71770000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0183.069] CoTaskMemFree (pv=0x3dd570) [0183.069] GetModuleInformation (in: hProcess=0x304, hModule=0x73600000, lpmodinfo=0x278c708, cb=0xc | out: lpmodinfo=0x278c708*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0183.069] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.069] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73600000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0183.070] CoTaskMemFree (pv=0x3dd570) [0183.070] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.070] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73600000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0183.071] CoTaskMemFree (pv=0x3dd570) [0183.071] GetModuleInformation (in: hProcess=0x304, hModule=0x73550000, lpmodinfo=0x278e858, cb=0xc | out: lpmodinfo=0x278e858*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0183.071] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.071] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0183.072] CoTaskMemFree (pv=0x3dd570) [0183.072] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.072] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0183.072] CoTaskMemFree (pv=0x3dd570) [0183.072] GetModuleInformation (in: hProcess=0x304, hModule=0x70360000, lpmodinfo=0x2790998, cb=0xc | out: lpmodinfo=0x2790998*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0183.073] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.073] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x70360000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0183.074] CoTaskMemFree (pv=0x3dd570) [0183.074] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.074] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x70360000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0183.074] CoTaskMemFree (pv=0x3dd570) [0183.074] GetModuleInformation (in: hProcess=0x304, hModule=0x75740000, lpmodinfo=0x2792b4c, cb=0xc | out: lpmodinfo=0x2792b4c*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0183.075] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.075] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75740000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0183.076] CoTaskMemFree (pv=0x3dd570) [0183.076] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.076] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75740000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0183.076] CoTaskMemFree (pv=0x3dd570) [0183.076] GetModuleInformation (in: hProcess=0x304, hModule=0x73a10000, lpmodinfo=0x2794c5c, cb=0xc | out: lpmodinfo=0x2794c5c*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0183.089] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.090] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73a10000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0183.091] CoTaskMemFree (pv=0x3dd570) [0183.091] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.091] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73a10000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0183.092] CoTaskMemFree (pv=0x3dd570) [0183.092] GetModuleInformation (in: hProcess=0x304, hModule=0x74a20000, lpmodinfo=0x2796d74, cb=0xc | out: lpmodinfo=0x2796d74*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0183.093] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.093] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a20000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0183.094] CoTaskMemFree (pv=0x3dd570) [0183.094] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.094] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a20000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0183.094] CoTaskMemFree (pv=0x3dd570) [0183.094] GetModuleInformation (in: hProcess=0x304, hModule=0x74990000, lpmodinfo=0x2798ee4, cb=0xc | out: lpmodinfo=0x2798ee4*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0183.095] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.095] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74990000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0183.096] CoTaskMemFree (pv=0x3dd570) [0183.096] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.096] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74990000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0183.096] CoTaskMemFree (pv=0x3dd570) [0183.096] GetModuleInformation (in: hProcess=0x304, hModule=0x75130000, lpmodinfo=0x279b030, cb=0xc | out: lpmodinfo=0x279b030*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0183.097] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.097] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75130000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0183.098] CoTaskMemFree (pv=0x3dd570) [0183.098] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.098] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75130000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0183.099] CoTaskMemFree (pv=0x3dd570) [0183.099] GetModuleInformation (in: hProcess=0x304, hModule=0x6eea0000, lpmodinfo=0x279d150, cb=0xc | out: lpmodinfo=0x279d150*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0183.100] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.100] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6eea0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0183.101] CoTaskMemFree (pv=0x3dd570) [0183.101] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.101] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6eea0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0183.102] CoTaskMemFree (pv=0x3dd570) [0183.102] GetModuleInformation (in: hProcess=0x304, hModule=0x6fb40000, lpmodinfo=0x279f2f8, cb=0xc | out: lpmodinfo=0x279f2f8*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0183.103] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.103] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6fb40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0183.104] CoTaskMemFree (pv=0x3dd570) [0183.104] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.104] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6fb40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0183.104] CoTaskMemFree (pv=0x3dd570) [0183.105] GetModuleInformation (in: hProcess=0x304, hModule=0x6f950000, lpmodinfo=0x27a14c0, cb=0xc | out: lpmodinfo=0x27a14c0*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0183.105] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.105] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0183.106] CoTaskMemFree (pv=0x3dd570) [0183.106] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.106] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0183.107] CoTaskMemFree (pv=0x3dd570) [0183.107] GetModuleInformation (in: hProcess=0x304, hModule=0x6ecf0000, lpmodinfo=0x27a37cc, cb=0xc | out: lpmodinfo=0x27a37cc*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0183.108] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.108] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6ecf0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0183.109] CoTaskMemFree (pv=0x3dd570) [0183.109] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.109] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6ecf0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0183.110] CoTaskMemFree (pv=0x3dd570) [0183.110] GetModuleInformation (in: hProcess=0x304, hModule=0x6de80000, lpmodinfo=0x27a59b0, cb=0xc | out: lpmodinfo=0x27a59b0*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0183.111] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.111] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6de80000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0183.112] CoTaskMemFree (pv=0x3dd570) [0183.112] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.112] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6de80000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0183.113] CoTaskMemFree (pv=0x3dd570) [0183.113] GetModuleInformation (in: hProcess=0x304, hModule=0x6dd70000, lpmodinfo=0x27a7bac, cb=0xc | out: lpmodinfo=0x27a7bac*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0183.114] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.114] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6dd70000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0183.115] CoTaskMemFree (pv=0x3dd570) [0183.115] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.115] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6dd70000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0183.116] CoTaskMemFree (pv=0x3dd570) [0183.116] GetModuleInformation (in: hProcess=0x304, hModule=0x6d5f0000, lpmodinfo=0x27a9da8, cb=0xc | out: lpmodinfo=0x27a9da8*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0183.117] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.117] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d5f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0183.118] CoTaskMemFree (pv=0x3dd570) [0183.118] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.118] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d5f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0183.119] CoTaskMemFree (pv=0x3dd570) [0183.119] GetModuleInformation (in: hProcess=0x304, hModule=0x74950000, lpmodinfo=0x27abf68, cb=0xc | out: lpmodinfo=0x27abf68*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0183.120] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.120] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0183.121] CoTaskMemFree (pv=0x3dd570) [0183.121] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.121] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0183.122] CoTaskMemFree (pv=0x3dd570) [0183.122] GetModuleInformation (in: hProcess=0x304, hModule=0x75be0000, lpmodinfo=0x27ae0c4, cb=0xc | out: lpmodinfo=0x27ae0c4*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0183.123] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.123] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75be0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0183.124] CoTaskMemFree (pv=0x3dd570) [0183.124] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.124] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75be0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0183.125] CoTaskMemFree (pv=0x3dd570) [0183.125] GetModuleInformation (in: hProcess=0x304, hModule=0x748d0000, lpmodinfo=0x27b01dc, cb=0xc | out: lpmodinfo=0x27b01dc*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0183.126] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.126] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x748d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0183.127] CoTaskMemFree (pv=0x3dd570) [0183.127] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.127] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x748d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0183.128] CoTaskMemFree (pv=0x3dd570) [0183.128] GetModuleInformation (in: hProcess=0x304, hModule=0x74970000, lpmodinfo=0x27b22f4, cb=0xc | out: lpmodinfo=0x27b22f4*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0183.129] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.129] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0183.130] CoTaskMemFree (pv=0x3dd570) [0183.130] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.130] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0183.131] CoTaskMemFree (pv=0x3dd570) [0183.131] GetModuleInformation (in: hProcess=0x304, hModule=0x738e0000, lpmodinfo=0x27b440c, cb=0xc | out: lpmodinfo=0x27b440c*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0183.132] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.132] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x738e0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0183.133] CoTaskMemFree (pv=0x3dd570) [0183.133] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.133] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x738e0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0183.134] CoTaskMemFree (pv=0x3dd570) [0183.134] GetModuleInformation (in: hProcess=0x304, hModule=0x738a0000, lpmodinfo=0x27b6524, cb=0xc | out: lpmodinfo=0x27b6524*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0183.135] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.135] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x738a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0183.136] CoTaskMemFree (pv=0x3dd570) [0183.136] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.136] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x738a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0183.137] CoTaskMemFree (pv=0x3dd570) [0183.137] GetModuleInformation (in: hProcess=0x304, hModule=0x75950000, lpmodinfo=0x27b863c, cb=0xc | out: lpmodinfo=0x27b863c*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0183.138] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.138] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0183.139] CoTaskMemFree (pv=0x3dd570) [0183.139] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.139] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0183.140] CoTaskMemFree (pv=0x3dd570) [0183.140] GetModuleInformation (in: hProcess=0x304, hModule=0x73990000, lpmodinfo=0x27ba74c, cb=0xc | out: lpmodinfo=0x27ba74c*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0183.141] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.141] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73990000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0183.142] CoTaskMemFree (pv=0x3dd570) [0183.143] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.143] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73990000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0183.144] CoTaskMemFree (pv=0x3dd570) [0183.144] GetModuleInformation (in: hProcess=0x304, hModule=0x73970000, lpmodinfo=0x27bc86c, cb=0xc | out: lpmodinfo=0x27bc86c*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0183.145] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.145] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0183.146] CoTaskMemFree (pv=0x3dd570) [0183.146] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.146] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0183.148] CoTaskMemFree (pv=0x3dd570) [0183.148] GetModuleInformation (in: hProcess=0x304, hModule=0x75960000, lpmodinfo=0x27be984, cb=0xc | out: lpmodinfo=0x27be984*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0183.149] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.149] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0183.150] CoTaskMemFree (pv=0x3dd570) [0183.150] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.150] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0183.151] CoTaskMemFree (pv=0x3dd570) [0183.151] GetModuleInformation (in: hProcess=0x304, hModule=0x76960000, lpmodinfo=0x27c0a9c, cb=0xc | out: lpmodinfo=0x27c0a9c*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0183.152] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.152] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0183.153] CoTaskMemFree (pv=0x3dd570) [0183.153] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.153] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0183.154] CoTaskMemFree (pv=0x3dd570) [0183.154] GetModuleInformation (in: hProcess=0x304, hModule=0x73960000, lpmodinfo=0x27c2ba4, cb=0xc | out: lpmodinfo=0x27c2ba4*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0183.155] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.155] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0183.156] CoTaskMemFree (pv=0x3dd570) [0183.157] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.157] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0183.158] CoTaskMemFree (pv=0x3dd570) [0183.158] GetModuleInformation (in: hProcess=0x304, hModule=0x747e0000, lpmodinfo=0x27c4cbc, cb=0xc | out: lpmodinfo=0x27c4cbc*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0183.159] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.159] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747e0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0183.160] CoTaskMemFree (pv=0x3dd570) [0183.160] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.161] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747e0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0183.162] CoTaskMemFree (pv=0x3dd570) [0183.162] GetModuleInformation (in: hProcess=0x304, hModule=0x747d0000, lpmodinfo=0x27c6dd4, cb=0xc | out: lpmodinfo=0x27c6dd4*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0183.163] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.163] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0183.164] CoTaskMemFree (pv=0x3dd570) [0183.164] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.164] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0183.166] CoTaskMemFree (pv=0x3dd570) [0183.166] GetModuleInformation (in: hProcess=0x304, hModule=0x747c0000, lpmodinfo=0x27c8ef4, cb=0xc | out: lpmodinfo=0x27c8ef4*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0183.167] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.167] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0183.168] CoTaskMemFree (pv=0x3dd570) [0183.168] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.168] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0183.169] CoTaskMemFree (pv=0x3dd570) [0183.170] GetModuleInformation (in: hProcess=0x304, hModule=0x6d590000, lpmodinfo=0x27cb00c, cb=0xc | out: lpmodinfo=0x27cb00c*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0183.171] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.171] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d590000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0183.172] CoTaskMemFree (pv=0x3dd570) [0183.172] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.172] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d590000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0183.173] CoTaskMemFree (pv=0x3dd570) [0183.174] GetModuleInformation (in: hProcess=0x304, hModule=0x6f900000, lpmodinfo=0x27cd124, cb=0xc | out: lpmodinfo=0x27cd124*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0183.175] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.175] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f900000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0183.176] CoTaskMemFree (pv=0x3dd570) [0183.176] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.176] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f900000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0183.178] CoTaskMemFree (pv=0x3dd570) [0183.178] GetModuleInformation (in: hProcess=0x304, hModule=0x74930000, lpmodinfo=0x27cf234, cb=0xc | out: lpmodinfo=0x27cf234*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0183.179] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.179] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74930000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0183.180] CoTaskMemFree (pv=0x3dd570) [0183.181] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.181] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74930000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0183.182] CoTaskMemFree (pv=0x3dd570) [0183.182] GetModuleInformation (in: hProcess=0x304, hModule=0x74830000, lpmodinfo=0x27d134c, cb=0xc | out: lpmodinfo=0x27d134c*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0183.183] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.183] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74830000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0183.185] CoTaskMemFree (pv=0x3dd570) [0183.185] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.185] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74830000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0183.186] CoTaskMemFree (pv=0x3dd570) [0183.186] GetModuleInformation (in: hProcess=0x304, hModule=0x74820000, lpmodinfo=0x27d346c, cb=0xc | out: lpmodinfo=0x27d346c*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0183.187] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.187] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74820000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0183.189] CoTaskMemFree (pv=0x3dd570) [0183.189] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.189] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74820000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0183.190] CoTaskMemFree (pv=0x3dd570) [0183.190] GetModuleInformation (in: hProcess=0x304, hModule=0x74940000, lpmodinfo=0x27d5584, cb=0xc | out: lpmodinfo=0x27d5584*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0183.192] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.192] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74940000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0183.193] CoTaskMemFree (pv=0x3dd570) [0183.193] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.193] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74940000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0183.195] CoTaskMemFree (pv=0x3dd570) [0183.195] GetModuleInformation (in: hProcess=0x304, hModule=0x6d550000, lpmodinfo=0x27d76a4, cb=0xc | out: lpmodinfo=0x27d76a4*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0183.196] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.196] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0183.197] CoTaskMemFree (pv=0x3dd570) [0183.197] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.197] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0183.199] CoTaskMemFree (pv=0x3dd570) [0183.199] GetModuleInformation (in: hProcess=0x304, hModule=0x747a0000, lpmodinfo=0x27d97c4, cb=0xc | out: lpmodinfo=0x27d97c4*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0183.200] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.200] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0183.202] CoTaskMemFree (pv=0x3dd570) [0183.202] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.202] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0183.203] CoTaskMemFree (pv=0x3dd570) [0183.203] GetModuleInformation (in: hProcess=0x304, hModule=0x74850000, lpmodinfo=0x27db8f8, cb=0xc | out: lpmodinfo=0x27db8f8*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0183.206] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.206] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74850000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0183.207] CoTaskMemFree (pv=0x3dd570) [0183.207] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.207] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74850000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0183.209] CoTaskMemFree (pv=0x3dd570) [0183.209] GetModuleInformation (in: hProcess=0x304, hModule=0x747b0000, lpmodinfo=0x27dda10, cb=0xc | out: lpmodinfo=0x27dda10*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0183.210] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.210] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0183.212] CoTaskMemFree (pv=0x3dd570) [0183.212] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.212] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0183.214] CoTaskMemFree (pv=0x3dd570) [0183.214] GetModuleInformation (in: hProcess=0x304, hModule=0x6d510000, lpmodinfo=0x27dfb30, cb=0xc | out: lpmodinfo=0x27dfb30*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0183.215] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.215] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d510000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0183.216] CoTaskMemFree (pv=0x3dd570) [0183.216] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.217] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d510000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0183.218] CoTaskMemFree (pv=0x3dd570) [0183.218] GetModuleInformation (in: hProcess=0x304, hModule=0x6d580000, lpmodinfo=0x27e1c50, cb=0xc | out: lpmodinfo=0x27e1c50*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0183.220] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.220] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d580000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0183.221] CoTaskMemFree (pv=0x3dd570) [0183.221] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.222] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d580000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0183.223] CoTaskMemFree (pv=0x3dd570) [0183.223] GetModuleInformation (in: hProcess=0x304, hModule=0x6d4d0000, lpmodinfo=0x27e3d68, cb=0xc | out: lpmodinfo=0x27e3d68*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0183.225] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.225] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d4d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0183.226] CoTaskMemFree (pv=0x3dd570) [0183.226] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.226] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d4d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0183.228] CoTaskMemFree (pv=0x3dd570) [0183.228] GetModuleInformation (in: hProcess=0x304, hModule=0x74ab0000, lpmodinfo=0x27e6094, cb=0xc | out: lpmodinfo=0x27e6094*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0183.229] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.229] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ab0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0183.231] CoTaskMemFree (pv=0x3dd570) [0183.231] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.231] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ab0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0183.233] CoTaskMemFree (pv=0x3dd570) [0183.233] GetModuleInformation (in: hProcess=0x304, hModule=0x76ed0000, lpmodinfo=0x27e81ac, cb=0xc | out: lpmodinfo=0x27e81ac*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0183.234] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.234] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76ed0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0183.236] CoTaskMemFree (pv=0x3dd570) [0183.236] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.236] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76ed0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0183.238] CoTaskMemFree (pv=0x3dd570) [0183.238] GetModuleInformation (in: hProcess=0x304, hModule=0x6d490000, lpmodinfo=0x27ea2c4, cb=0xc | out: lpmodinfo=0x27ea2c4*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0183.239] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.239] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d490000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0183.241] CoTaskMemFree (pv=0x3dd570) [0183.241] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.241] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d490000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0183.242] CoTaskMemFree (pv=0x3dd570) [0183.242] GetModuleInformation (in: hProcess=0x304, hModule=0x6d450000, lpmodinfo=0x27ec3dc, cb=0xc | out: lpmodinfo=0x27ec3dc*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0183.244] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.244] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d450000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0183.246] CoTaskMemFree (pv=0x3dd570) [0183.246] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.246] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d450000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0183.247] CoTaskMemFree (pv=0x3dd570) [0183.247] GetModuleInformation (in: hProcess=0x304, hModule=0x6d430000, lpmodinfo=0x27ee51c, cb=0xc | out: lpmodinfo=0x27ee51c*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0183.249] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.249] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d430000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0183.251] CoTaskMemFree (pv=0x3dd570) [0183.251] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.251] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d430000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0183.252] CoTaskMemFree (pv=0x3dd570) [0183.252] GetModuleInformation (in: hProcess=0x304, hModule=0x6d410000, lpmodinfo=0x27f0634, cb=0xc | out: lpmodinfo=0x27f0634*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0183.254] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.254] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d410000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0183.256] CoTaskMemFree (pv=0x3dd570) [0183.256] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.256] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d410000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0183.257] CoTaskMemFree (pv=0x3dd570) [0183.257] GetModuleInformation (in: hProcess=0x304, hModule=0x6d380000, lpmodinfo=0x27f2744, cb=0xc | out: lpmodinfo=0x27f2744*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0183.259] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.259] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d380000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0183.261] CoTaskMemFree (pv=0x3dd570) [0183.261] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.261] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d380000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0183.262] CoTaskMemFree (pv=0x3dd570) [0183.262] GetModuleInformation (in: hProcess=0x304, hModule=0x6d1f0000, lpmodinfo=0x27f4918, cb=0xc | out: lpmodinfo=0x27f4918*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0183.264] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.264] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d1f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0183.265] CoTaskMemFree (pv=0x3dd570) [0183.265] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.265] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d1f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0183.267] CoTaskMemFree (pv=0x3dd570) [0183.267] GetModuleInformation (in: hProcess=0x304, hModule=0x6d0f0000, lpmodinfo=0x27f6ad4, cb=0xc | out: lpmodinfo=0x27f6ad4*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0183.282] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.282] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d0f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0183.283] CoTaskMemFree (pv=0x3dd570) [0183.283] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.284] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d0f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0183.285] CoTaskMemFree (pv=0x3dd570) [0183.285] GetModuleInformation (in: hProcess=0x304, hModule=0x6c320000, lpmodinfo=0x27f8c04, cb=0xc | out: lpmodinfo=0x27f8c04*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0183.287] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.287] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6c320000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0183.289] CoTaskMemFree (pv=0x3dd570) [0183.289] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.289] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6c320000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0183.291] CoTaskMemFree (pv=0x3dd570) [0183.291] CloseHandle (hObject=0x304) returned 1 [0183.292] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0183.292] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0183.293] lstrlenA (lpString="ActivateActCtx") returned 14 [0183.293] lstrlenA (lpString="AddAtomA") returned 8 [0183.293] lstrlenA (lpString="AddAtomW") returned 8 [0183.293] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0183.293] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0183.293] lstrlenA (lpString="AddDllDirectory") returned 15 [0183.293] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0183.293] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0183.293] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0183.293] lstrlenA (lpString="AddRefActCtx") returned 12 [0183.293] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0183.293] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0183.294] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0183.294] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0183.294] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0183.294] lstrlenA (lpString="AllocConsole") returned 12 [0183.294] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0183.294] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0183.294] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0183.294] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0183.294] lstrlenA (lpString="AreFileApisANSI") returned 15 [0183.294] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0183.294] lstrlenA (lpString="AttachConsole") returned 13 [0183.294] lstrlenA (lpString="BackupRead") returned 10 [0183.294] lstrlenA (lpString="BackupSeek") returned 10 [0183.295] lstrlenA (lpString="BackupWrite") returned 11 [0183.295] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0183.295] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0183.295] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0183.295] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0183.295] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0183.295] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0183.295] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0183.295] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0183.295] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0183.295] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0183.295] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0183.296] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0183.296] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0183.296] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0183.296] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0183.296] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0183.296] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0183.296] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0183.296] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0183.296] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0183.296] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0183.296] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0183.296] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0183.296] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0183.297] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0183.297] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0183.297] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0183.297] lstrlenA (lpString="Beep") returned 4 [0183.297] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0183.297] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0183.297] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0183.297] lstrlenA (lpString="BuildCommDCBA") returned 13 [0183.297] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0183.297] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0183.298] lstrlenA (lpString="BuildCommDCBW") returned 13 [0183.298] lstrlenA (lpString="CallNamedPipeA") returned 14 [0183.298] lstrlenA (lpString="CallNamedPipeW") returned 14 [0183.298] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0183.298] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0183.298] lstrlenA (lpString="CancelIo") returned 8 [0183.298] lstrlenA (lpString="CancelIoEx") returned 10 [0183.298] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0183.298] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0183.299] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0183.299] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0183.299] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0183.299] lstrlenA (lpString="CheckElevation") returned 14 [0183.299] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0183.299] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0183.299] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0183.299] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0183.299] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0183.299] lstrlenA (lpString="ClearCommBreak") returned 14 [0183.300] lstrlenA (lpString="ClearCommError") returned 14 [0183.300] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0183.300] lstrlenA (lpString="CloseHandle") returned 11 [0183.300] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0183.300] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0183.300] lstrlenA (lpString="CloseThreadpool") returned 15 [0183.300] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0183.300] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0183.300] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0183.300] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0183.301] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0183.301] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0183.301] lstrlenA (lpString="CmdBatNotification") returned 18 [0183.301] lstrlenA (lpString="CommConfigDialogA") returned 17 [0183.301] lstrlenA (lpString="CommConfigDialogW") returned 17 [0183.301] lstrlenA (lpString="CompareCalendarDates") returned 20 [0183.301] lstrlenA (lpString="CompareFileTime") returned 15 [0183.301] lstrlenA (lpString="CompareStringA") returned 14 [0183.301] lstrlenA (lpString="CompareStringEx") returned 15 [0183.301] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0183.302] lstrlenA (lpString="CompareStringW") returned 14 [0183.302] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0183.302] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0183.302] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0183.302] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0183.302] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0183.302] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0183.302] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0183.302] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0183.302] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0183.303] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0183.303] lstrlenA (lpString="CopyContext") returned 11 [0183.303] lstrlenA (lpString="CopyFileA") returned 9 [0183.303] lstrlenA (lpString="CopyFileExA") returned 11 [0183.303] lstrlenA (lpString="CopyFileExW") returned 11 [0183.303] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0183.303] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0183.303] lstrlenA (lpString="CopyFileW") returned 9 [0183.303] lstrlenA (lpString="CopyLZFile") returned 10 [0183.303] lstrlenA (lpString="CreateActCtxA") returned 13 [0183.303] lstrlenA (lpString="CreateActCtxW") returned 13 [0183.304] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0183.304] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0183.304] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0183.304] lstrlenA (lpString="CreateDirectoryA") returned 16 [0183.304] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0183.304] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0183.304] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0183.304] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0183.305] lstrlenA (lpString="CreateDirectoryW") returned 16 [0183.305] lstrlenA (lpString="CreateEventA") returned 12 [0183.305] lstrlenA (lpString="CreateEventExA") returned 14 [0183.305] lstrlenA (lpString="CreateEventExW") returned 14 [0183.305] lstrlenA (lpString="CreateEventW") returned 12 [0183.305] lstrlenA (lpString="CreateFiber") returned 11 [0183.305] lstrlenA (lpString="CreateFiberEx") returned 13 [0183.305] lstrlenA (lpString="CreateFileA") returned 11 [0183.305] lstrlenA (lpString="CreateFileMappingA") returned 18 [0183.305] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0183.305] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0183.305] lstrlenA (lpString="CreateFileMappingW") returned 18 [0183.305] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0183.305] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0183.305] lstrlenA (lpString="CreateFileW") returned 11 [0183.306] lstrlenA (lpString="CreateHardLinkA") returned 15 [0183.306] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0183.306] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0183.306] lstrlenA (lpString="CreateHardLinkW") returned 15 [0183.306] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0183.306] lstrlenA (lpString="CreateJobObjectA") returned 16 [0183.306] lstrlenA (lpString="CreateJobObjectW") returned 16 [0183.306] lstrlenA (lpString="CreateJobSet") returned 12 [0183.306] lstrlenA (lpString="CreateMailslotA") returned 15 [0183.306] lstrlenA (lpString="CreateMailslotW") returned 15 [0183.306] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0183.306] lstrlenA (lpString="CreateMutexA") returned 12 [0183.306] lstrlenA (lpString="CreateMutexExA") returned 14 [0183.306] lstrlenA (lpString="CreateMutexExW") returned 14 [0183.306] lstrlenA (lpString="CreateMutexW") returned 12 [0183.306] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0183.307] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0183.307] lstrlenA (lpString="CreatePipe") returned 10 [0183.307] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0183.307] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0183.307] lstrlenA (lpString="CreateProcessA") returned 14 [0183.307] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0183.307] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0183.307] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0183.307] lstrlenA (lpString="CreateProcessW") returned 14 [0183.307] lstrlenA (lpString="CreateRemoteThread") returned 18 [0183.307] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0183.307] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0183.307] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0183.307] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0183.307] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0183.308] lstrlenA (lpString="CreateSocketHandle") returned 18 [0183.308] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0183.308] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0183.308] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0183.308] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0183.308] lstrlenA (lpString="CreateTapePartition") returned 19 [0183.308] lstrlenA (lpString="CreateThread") returned 12 [0183.308] lstrlenA (lpString="CreateThreadpool") returned 16 [0183.308] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0183.308] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0183.308] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0183.308] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0183.308] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0183.308] lstrlenA (lpString="CreateTimerQueue") returned 16 [0183.308] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0183.309] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0183.309] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0183.309] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0183.309] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0183.309] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0183.309] lstrlenA (lpString="CtrlRoutine") returned 11 [0183.309] lstrlenA (lpString="DeactivateActCtx") returned 16 [0183.309] lstrlenA (lpString="DebugActiveProcess") returned 18 [0183.309] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0183.309] lstrlenA (lpString="DebugBreak") returned 10 [0183.309] lstrlenA (lpString="DebugBreakProcess") returned 17 [0183.309] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0183.309] lstrlenA (lpString="DecodePointer") returned 13 [0183.309] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0183.309] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0183.310] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0183.310] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0183.310] lstrlenA (lpString="DeleteAtom") returned 10 [0183.310] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0183.310] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0183.310] lstrlenA (lpString="DeleteFiber") returned 11 [0183.310] lstrlenA (lpString="DeleteFileA") returned 11 [0183.310] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0183.310] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0183.310] lstrlenA (lpString="DeleteFileW") returned 11 [0183.310] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0183.310] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0183.310] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0183.310] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0183.310] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0183.311] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0183.311] lstrlenA (lpString="DeviceIoControl") returned 15 [0183.311] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0183.311] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0183.311] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0183.311] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0183.311] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0183.311] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0183.311] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0183.311] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0183.311] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0183.311] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0183.311] lstrlenA (lpString="DuplicateHandle") returned 15 [0183.311] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0183.311] lstrlenA (lpString="EncodePointer") returned 13 [0183.311] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0183.312] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0183.312] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0183.312] lstrlenA (lpString="EnterCriticalSection") returned 20 [0183.312] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0183.312] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0183.312] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0183.312] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0183.312] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0183.312] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0183.312] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0183.312] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0183.312] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0183.324] SetThreadContext (hThread=0x634, lpContext=0x264a5fc*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x7efde000, Edx=0x0, Ecx=0x0, Eax=0x435d3e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0183.403] EnumProcessModules (in: hProcess=0x304, lphModule=0x28126a8, cb=0x100, lpcbNeeded=0x2dc674 | out: lphModule=0x28126a8, lpcbNeeded=0x2dc674) returned 1 [0183.405] EnumProcessModules (in: hProcess=0x304, lphModule=0x28127b4, cb=0x200, lpcbNeeded=0x2dc674 | out: lphModule=0x28127b4, lpcbNeeded=0x2dc674) returned 1 [0183.407] GetModuleInformation (in: hProcess=0x304, hModule=0x10b0000, lpmodinfo=0x28129f4, cb=0xc | out: lpmodinfo=0x28129f4*(lpBaseOfDll=0x10b0000, SizeOfImage=0xa2000, EntryPoint=0x114ddbe)) returned 1 [0183.407] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.407] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x10b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="noise.exe") returned 0x9 [0183.407] CoTaskMemFree (pv=0x3dd570) [0183.407] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.407] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x10b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Users\\kEecfMwgj\\AppData\\Local\\Temp\\noise.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\temp\\noise.exe")) returned 0x2f [0183.407] CoTaskMemFree (pv=0x3dd570) [0183.407] GetModuleInformation (in: hProcess=0x304, hModule=0x76f00000, lpmodinfo=0x2814b44, cb=0xc | out: lpmodinfo=0x2814b44*(lpBaseOfDll=0x76f00000, SizeOfImage=0x180000, EntryPoint=0x0)) returned 1 [0183.409] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.409] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76f00000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0183.410] CoTaskMemFree (pv=0x3dd570) [0183.410] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.410] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76f00000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0183.410] CoTaskMemFree (pv=0x3dd570) [0183.410] GetModuleInformation (in: hProcess=0x304, hModule=0x73500000, lpmodinfo=0x2816c54, cb=0xc | out: lpmodinfo=0x2816c54*(lpBaseOfDll=0x73500000, SizeOfImage=0x4a000, EntryPoint=0x73502e54)) returned 1 [0183.410] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.410] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73500000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0183.411] CoTaskMemFree (pv=0x3dd570) [0183.411] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.411] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73500000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0183.411] CoTaskMemFree (pv=0x3dd570) [0183.411] GetModuleInformation (in: hProcess=0x304, hModule=0x752b0000, lpmodinfo=0x2818d6c, cb=0xc | out: lpmodinfo=0x2818d6c*(lpBaseOfDll=0x752b0000, SizeOfImage=0x110000, EntryPoint=0x752c3283)) returned 1 [0183.411] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.411] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x752b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0183.412] CoTaskMemFree (pv=0x3dd570) [0183.412] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.412] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x752b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0183.412] CoTaskMemFree (pv=0x3dd570) [0183.412] GetModuleInformation (in: hProcess=0x304, hModule=0x753c0000, lpmodinfo=0x281ae8c, cb=0xc | out: lpmodinfo=0x281ae8c*(lpBaseOfDll=0x753c0000, SizeOfImage=0x47000, EntryPoint=0x753c74c1)) returned 1 [0183.412] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.412] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x753c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0183.412] CoTaskMemFree (pv=0x3dd570) [0183.412] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.412] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x753c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0183.413] CoTaskMemFree (pv=0x3dd570) [0183.413] GetModuleInformation (in: hProcess=0x304, hModule=0x76a60000, lpmodinfo=0x281cfe0, cb=0xc | out: lpmodinfo=0x281cfe0*(lpBaseOfDll=0x76a60000, SizeOfImage=0xa0000, EntryPoint=0x76a749e5)) returned 1 [0183.413] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.413] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76a60000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0183.413] CoTaskMemFree (pv=0x3dd570) [0183.413] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.413] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76a60000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0183.414] CoTaskMemFree (pv=0x3dd570) [0183.414] GetModuleInformation (in: hProcess=0x304, hModule=0x75410000, lpmodinfo=0x281f100, cb=0xc | out: lpmodinfo=0x281f100*(lpBaseOfDll=0x75410000, SizeOfImage=0xac000, EntryPoint=0x7541a472)) returned 1 [0183.414] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.414] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75410000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0183.414] CoTaskMemFree (pv=0x3dd570) [0183.414] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.414] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75410000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0183.415] CoTaskMemFree (pv=0x3dd570) [0183.415] GetModuleInformation (in: hProcess=0x304, hModule=0x759a0000, lpmodinfo=0x2821218, cb=0xc | out: lpmodinfo=0x2821218*(lpBaseOfDll=0x759a0000, SizeOfImage=0x19000, EntryPoint=0x759a4975)) returned 1 [0183.415] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.415] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x759a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0183.415] CoTaskMemFree (pv=0x3dd570) [0183.415] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.415] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x759a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0183.416] CoTaskMemFree (pv=0x3dd570) [0183.416] GetModuleInformation (in: hProcess=0x304, hModule=0x76970000, lpmodinfo=0x2823330, cb=0xc | out: lpmodinfo=0x2823330*(lpBaseOfDll=0x76970000, SizeOfImage=0xf0000, EntryPoint=0x76980569)) returned 1 [0183.416] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.416] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0183.416] CoTaskMemFree (pv=0x3dd570) [0183.416] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.416] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0183.417] CoTaskMemFree (pv=0x3dd570) [0183.417] GetModuleInformation (in: hProcess=0x304, hModule=0x74a50000, lpmodinfo=0x2825494, cb=0xc | out: lpmodinfo=0x2825494*(lpBaseOfDll=0x74a50000, SizeOfImage=0x60000, EntryPoint=0x74a6a3b3)) returned 1 [0183.417] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.417] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a50000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0183.418] CoTaskMemFree (pv=0x3dd570) [0183.418] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.418] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a50000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0183.418] CoTaskMemFree (pv=0x3dd570) [0183.418] GetModuleInformation (in: hProcess=0x304, hModule=0x74a40000, lpmodinfo=0x28275ac, cb=0xc | out: lpmodinfo=0x28275ac*(lpBaseOfDll=0x74a40000, SizeOfImage=0xc000, EntryPoint=0x74a410e1)) returned 1 [0183.419] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.419] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0183.419] CoTaskMemFree (pv=0x3dd570) [0183.419] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.419] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0183.420] CoTaskMemFree (pv=0x3dd570) [0183.420] GetModuleInformation (in: hProcess=0x304, hModule=0x733b0000, lpmodinfo=0x28296cc, cb=0xc | out: lpmodinfo=0x28296cc*(lpBaseOfDll=0x733b0000, SizeOfImage=0x8d000, EntryPoint=0x733c2860)) returned 1 [0183.420] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.420] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x733b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0183.421] CoTaskMemFree (pv=0x3dd570) [0183.421] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.421] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x733b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0183.421] CoTaskMemFree (pv=0x3dd570) [0183.421] GetModuleInformation (in: hProcess=0x304, hModule=0x734f0000, lpmodinfo=0x282b82c, cb=0xc | out: lpmodinfo=0x282b82c*(lpBaseOfDll=0x734f0000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0183.422] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.422] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x734f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="api-ms-win-core-synch-l1-2-0.DLL") returned 0x20 [0183.422] CoTaskMemFree (pv=0x3dd570) [0183.422] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.422] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x734f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-synch-l1-2-0.DLL" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll")) returned 0x34 [0183.423] CoTaskMemFree (pv=0x3dd570) [0183.423] GetModuleInformation (in: hProcess=0x304, hModule=0x751c0000, lpmodinfo=0x282d99c, cb=0xc | out: lpmodinfo=0x282d99c*(lpBaseOfDll=0x751c0000, SizeOfImage=0x57000, EntryPoint=0x751d9ba6)) returned 1 [0183.424] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.424] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x751c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0183.424] CoTaskMemFree (pv=0x3dd570) [0183.424] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.424] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x751c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0183.425] CoTaskMemFree (pv=0x3dd570) [0183.425] GetModuleInformation (in: hProcess=0x304, hModule=0x75220000, lpmodinfo=0x282fab4, cb=0xc | out: lpmodinfo=0x282fab4*(lpBaseOfDll=0x75220000, SizeOfImage=0x90000, EntryPoint=0x75236343)) returned 1 [0183.425] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.425] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75220000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0183.426] CoTaskMemFree (pv=0x3dd570) [0183.426] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.426] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75220000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0183.426] CoTaskMemFree (pv=0x3dd570) [0183.426] GetModuleInformation (in: hProcess=0x304, hModule=0x76860000, lpmodinfo=0x2831bc4, cb=0xc | out: lpmodinfo=0x2831bc4*(lpBaseOfDll=0x76860000, SizeOfImage=0x100000, EntryPoint=0x7687b6ed)) returned 1 [0183.427] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.427] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76860000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0183.428] CoTaskMemFree (pv=0x3dd570) [0183.428] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.428] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76860000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0183.428] CoTaskMemFree (pv=0x3dd570) [0183.428] GetModuleInformation (in: hProcess=0x304, hModule=0x759c0000, lpmodinfo=0x2833cdc, cb=0xc | out: lpmodinfo=0x2833cdc*(lpBaseOfDll=0x759c0000, SizeOfImage=0xa000, EntryPoint=0x759c36a0)) returned 1 [0183.429] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.429] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x759c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="LPK.dll") returned 0x7 [0183.430] CoTaskMemFree (pv=0x3dd570) [0183.430] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.430] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x759c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\LPK.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll")) returned 0x1b [0183.430] CoTaskMemFree (pv=0x3dd570) [0183.430] GetModuleInformation (in: hProcess=0x304, hModule=0x74d40000, lpmodinfo=0x2835e70, cb=0xc | out: lpmodinfo=0x2835e70*(lpBaseOfDll=0x74d40000, SizeOfImage=0x9d000, EntryPoint=0x74d73fd7)) returned 1 [0183.431] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.431] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74d40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USP10.dll") returned 0x9 [0183.432] CoTaskMemFree (pv=0x3dd570) [0183.432] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.432] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74d40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\USP10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll")) returned 0x1d [0183.432] CoTaskMemFree (pv=0x3dd570) [0183.432] GetModuleInformation (in: hProcess=0x304, hModule=0x75550000, lpmodinfo=0x2837f80, cb=0xc | out: lpmodinfo=0x2837f80*(lpBaseOfDll=0x75550000, SizeOfImage=0x60000, EntryPoint=0x7556158f)) returned 1 [0183.433] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.433] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0183.433] CoTaskMemFree (pv=0x3dd570) [0183.434] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.434] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0183.434] CoTaskMemFree (pv=0x3dd570) [0183.434] GetModuleInformation (in: hProcess=0x304, hModule=0x74c40000, lpmodinfo=0x283a090, cb=0xc | out: lpmodinfo=0x283a090*(lpBaseOfDll=0x74c40000, SizeOfImage=0xcc000, EntryPoint=0x74c4168b)) returned 1 [0183.435] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.435] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74c40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0183.436] CoTaskMemFree (pv=0x3dd570) [0183.436] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.436] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74c40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSCTF.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")) returned 0x1d [0183.436] CoTaskMemFree (pv=0x3dd570) [0183.436] GetModuleInformation (in: hProcess=0x304, hModule=0x733a0000, lpmodinfo=0x283c1a0, cb=0xc | out: lpmodinfo=0x283c1a0*(lpBaseOfDll=0x733a0000, SizeOfImage=0x9000, EntryPoint=0x733a1220)) returned 1 [0183.437] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.437] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x733a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0183.438] CoTaskMemFree (pv=0x3dd570) [0183.438] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.438] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x733a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0183.439] CoTaskMemFree (pv=0x3dd570) [0183.439] GetModuleInformation (in: hProcess=0x304, hModule=0x71770000, lpmodinfo=0x283e2b8, cb=0xc | out: lpmodinfo=0x283e2b8*(lpBaseOfDll=0x71770000, SizeOfImage=0x7af000, EntryPoint=0x7178d0d0)) returned 1 [0183.439] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.439] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x71770000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0183.440] CoTaskMemFree (pv=0x3dd570) [0183.440] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.440] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x71770000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0183.441] CoTaskMemFree (pv=0x3dd570) [0183.441] GetModuleInformation (in: hProcess=0x304, hModule=0x73600000, lpmodinfo=0x28403f4, cb=0xc | out: lpmodinfo=0x28403f4*(lpBaseOfDll=0x73600000, SizeOfImage=0x14000, EntryPoint=0x7360ac00)) returned 1 [0183.442] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.442] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73600000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="VCRUNTIME140_CLR0400.dll") returned 0x18 [0183.442] CoTaskMemFree (pv=0x3dd570) [0183.442] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.443] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73600000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VCRUNTIME140_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll")) returned 0x2c [0183.443] CoTaskMemFree (pv=0x3dd570) [0183.443] GetModuleInformation (in: hProcess=0x304, hModule=0x73550000, lpmodinfo=0x2842544, cb=0xc | out: lpmodinfo=0x2842544*(lpBaseOfDll=0x73550000, SizeOfImage=0xab000, EntryPoint=0x735e5f20)) returned 1 [0183.444] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.444] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ucrtbase_clr0400.dll") returned 0x14 [0183.445] CoTaskMemFree (pv=0x3dd570) [0183.445] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.445] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll")) returned 0x28 [0183.446] CoTaskMemFree (pv=0x3dd570) [0183.446] GetModuleInformation (in: hProcess=0x304, hModule=0x70360000, lpmodinfo=0x2844684, cb=0xc | out: lpmodinfo=0x2844684*(lpBaseOfDll=0x70360000, SizeOfImage=0x140b000, EntryPoint=0x0)) returned 1 [0183.446] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.446] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x70360000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0183.447] CoTaskMemFree (pv=0x3dd570) [0183.447] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.447] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x70360000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll")) returned 0x68 [0183.448] CoTaskMemFree (pv=0x3dd570) [0183.448] GetModuleInformation (in: hProcess=0x304, hModule=0x75740000, lpmodinfo=0x2846838, cb=0xc | out: lpmodinfo=0x2846838*(lpBaseOfDll=0x75740000, SizeOfImage=0x15c000, EntryPoint=0x7578ba3d)) returned 1 [0183.449] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.449] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75740000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0183.450] CoTaskMemFree (pv=0x3dd570) [0183.450] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.450] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75740000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0183.451] CoTaskMemFree (pv=0x3dd570) [0183.451] GetModuleInformation (in: hProcess=0x304, hModule=0x73a10000, lpmodinfo=0x2848948, cb=0xc | out: lpmodinfo=0x2848948*(lpBaseOfDll=0x73a10000, SizeOfImage=0x80000, EntryPoint=0x73a237c9)) returned 1 [0183.451] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.451] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73a10000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0183.452] CoTaskMemFree (pv=0x3dd570) [0183.452] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.452] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73a10000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0183.453] CoTaskMemFree (pv=0x3dd570) [0183.453] GetModuleInformation (in: hProcess=0x304, hModule=0x74a20000, lpmodinfo=0x284aa60, cb=0xc | out: lpmodinfo=0x284aa60*(lpBaseOfDll=0x74a20000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0183.454] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.454] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74a20000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="api-ms-win-core-xstate-l2-1-0.dll") returned 0x21 [0183.456] CoTaskMemFree (pv=0x3dd570) [0183.456] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.456] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74a20000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll")) returned 0x35 [0183.457] CoTaskMemFree (pv=0x3dd570) [0183.457] GetModuleInformation (in: hProcess=0x304, hModule=0x74990000, lpmodinfo=0x284cbd0, cb=0xc | out: lpmodinfo=0x284cbd0*(lpBaseOfDll=0x74990000, SizeOfImage=0x89000, EntryPoint=0x74991130)) returned 1 [0183.458] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.458] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74990000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0183.459] CoTaskMemFree (pv=0x3dd570) [0183.459] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.459] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74990000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0183.460] CoTaskMemFree (pv=0x3dd570) [0183.460] GetModuleInformation (in: hProcess=0x304, hModule=0x75130000, lpmodinfo=0x284ed1c, cb=0xc | out: lpmodinfo=0x284ed1c*(lpBaseOfDll=0x75130000, SizeOfImage=0x8f000, EntryPoint=0x75133fb1)) returned 1 [0183.460] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.461] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75130000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0183.461] CoTaskMemFree (pv=0x3dd570) [0183.461] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.461] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75130000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0183.462] CoTaskMemFree (pv=0x3dd570) [0183.462] GetModuleInformation (in: hProcess=0x304, hModule=0x6eea0000, lpmodinfo=0x2850e3c, cb=0xc | out: lpmodinfo=0x2850e3c*(lpBaseOfDll=0x6eea0000, SizeOfImage=0xa55000, EntryPoint=0x0)) returned 1 [0183.463] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.463] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6eea0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0183.464] CoTaskMemFree (pv=0x3dd570) [0183.464] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.464] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6eea0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll")) returned 0x64 [0183.465] CoTaskMemFree (pv=0x3dd570) [0183.465] GetModuleInformation (in: hProcess=0x304, hModule=0x6fb40000, lpmodinfo=0x2852fe4, cb=0xc | out: lpmodinfo=0x2852fe4*(lpBaseOfDll=0x6fb40000, SizeOfImage=0x818000, EntryPoint=0x0)) returned 1 [0183.466] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.466] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6fb40000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0183.467] CoTaskMemFree (pv=0x3dd570) [0183.467] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.467] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6fb40000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll")) returned 0x6e [0183.468] CoTaskMemFree (pv=0x3dd570) [0183.468] GetModuleInformation (in: hProcess=0x304, hModule=0x6f950000, lpmodinfo=0x28551ac, cb=0xc | out: lpmodinfo=0x28551ac*(lpBaseOfDll=0x6f950000, SizeOfImage=0x1e2000, EntryPoint=0x0)) returned 1 [0183.469] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.469] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="Microsoft.VisualBasic.ni.dll") returned 0x1c [0183.470] CoTaskMemFree (pv=0x3dd570) [0183.470] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.470] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll")) returned 0x81 [0183.476] CoTaskMemFree (pv=0x3dd570) [0183.476] GetModuleInformation (in: hProcess=0x304, hModule=0x6ecf0000, lpmodinfo=0x28574b8, cb=0xc | out: lpmodinfo=0x28574b8*(lpBaseOfDll=0x6ecf0000, SizeOfImage=0x1a3000, EntryPoint=0x0)) returned 1 [0183.477] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.477] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6ecf0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0183.478] CoTaskMemFree (pv=0x3dd570) [0183.478] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.478] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6ecf0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll")) returned 0x74 [0183.479] CoTaskMemFree (pv=0x3dd570) [0183.479] GetModuleInformation (in: hProcess=0x304, hModule=0x6de80000, lpmodinfo=0x2859690, cb=0xc | out: lpmodinfo=0x2859690*(lpBaseOfDll=0x6de80000, SizeOfImage=0xe66000, EntryPoint=0x0)) returned 1 [0183.480] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.480] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6de80000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0183.497] CoTaskMemFree (pv=0x3dd570) [0183.497] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.497] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6de80000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll")) returned 0x80 [0183.498] CoTaskMemFree (pv=0x3dd570) [0183.498] GetModuleInformation (in: hProcess=0x304, hModule=0x6dd70000, lpmodinfo=0x2667e8c, cb=0xc | out: lpmodinfo=0x2667e8c*(lpBaseOfDll=0x6dd70000, SizeOfImage=0x105000, EntryPoint=0x0)) returned 1 [0183.499] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.499] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6dd70000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0183.500] CoTaskMemFree (pv=0x3dd570) [0183.500] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.500] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6dd70000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll")) returned 0x80 [0183.501] CoTaskMemFree (pv=0x3dd570) [0183.501] GetModuleInformation (in: hProcess=0x304, hModule=0x6d5f0000, lpmodinfo=0x266a088, cb=0xc | out: lpmodinfo=0x266a088*(lpBaseOfDll=0x6d5f0000, SizeOfImage=0x774000, EntryPoint=0x0)) returned 1 [0183.502] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.502] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d5f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0183.503] CoTaskMemFree (pv=0x3dd570) [0183.503] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.503] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d5f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll")) returned 0x6c [0183.504] CoTaskMemFree (pv=0x3dd570) [0183.504] GetModuleInformation (in: hProcess=0x304, hModule=0x74950000, lpmodinfo=0x266c248, cb=0xc | out: lpmodinfo=0x266c248*(lpBaseOfDll=0x74950000, SizeOfImage=0x13000, EntryPoint=0x7495d900)) returned 1 [0183.505] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.505] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="nlssorting.dll") returned 0xe [0183.506] CoTaskMemFree (pv=0x3dd570) [0183.506] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.506] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll")) returned 0x3c [0183.507] CoTaskMemFree (pv=0x3dd570) [0183.507] GetModuleInformation (in: hProcess=0x304, hModule=0x75be0000, lpmodinfo=0x266e3a4, cb=0xc | out: lpmodinfo=0x266e3a4*(lpBaseOfDll=0x75be0000, SizeOfImage=0xc4a000, EntryPoint=0x75c61601)) returned 1 [0183.508] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.509] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75be0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0183.510] CoTaskMemFree (pv=0x3dd570) [0183.510] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.510] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75be0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0183.511] CoTaskMemFree (pv=0x3dd570) [0183.511] GetModuleInformation (in: hProcess=0x304, hModule=0x748d0000, lpmodinfo=0x26704c8, cb=0xc | out: lpmodinfo=0x26704c8*(lpBaseOfDll=0x748d0000, SizeOfImage=0xb000, EntryPoint=0x748d1992)) returned 1 [0183.512] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.512] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x748d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0183.513] CoTaskMemFree (pv=0x3dd570) [0183.513] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.513] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x748d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0183.514] CoTaskMemFree (pv=0x3dd570) [0183.514] GetModuleInformation (in: hProcess=0x304, hModule=0x74970000, lpmodinfo=0x26725e0, cb=0xc | out: lpmodinfo=0x26725e0*(lpBaseOfDll=0x74970000, SizeOfImage=0x17000, EntryPoint=0x749735fa)) returned 1 [0183.515] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.515] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0183.516] CoTaskMemFree (pv=0x3dd570) [0183.516] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.516] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0183.518] CoTaskMemFree (pv=0x3dd570) [0183.518] GetModuleInformation (in: hProcess=0x304, hModule=0x738e0000, lpmodinfo=0x26746f8, cb=0xc | out: lpmodinfo=0x26746f8*(lpBaseOfDll=0x738e0000, SizeOfImage=0x17000, EntryPoint=0x738e3573)) returned 1 [0183.519] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.519] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x738e0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0183.520] CoTaskMemFree (pv=0x3dd570) [0183.520] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.520] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x738e0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")) returned 0x1f [0183.521] CoTaskMemFree (pv=0x3dd570) [0183.521] GetModuleInformation (in: hProcess=0x304, hModule=0x738a0000, lpmodinfo=0x2676810, cb=0xc | out: lpmodinfo=0x2676810*(lpBaseOfDll=0x738a0000, SizeOfImage=0x3b000, EntryPoint=0x738a128d)) returned 1 [0183.522] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.522] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x738a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0183.523] CoTaskMemFree (pv=0x3dd570) [0183.524] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.524] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x738a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")) returned 0x1e [0183.525] CoTaskMemFree (pv=0x3dd570) [0183.525] GetModuleInformation (in: hProcess=0x304, hModule=0x75950000, lpmodinfo=0x2678928, cb=0xc | out: lpmodinfo=0x2678928*(lpBaseOfDll=0x75950000, SizeOfImage=0x5000, EntryPoint=0x75951438)) returned 1 [0183.526] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.526] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75950000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0183.527] CoTaskMemFree (pv=0x3dd570) [0183.527] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.527] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75950000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0183.528] CoTaskMemFree (pv=0x3dd570) [0183.528] GetModuleInformation (in: hProcess=0x304, hModule=0x73990000, lpmodinfo=0x267aa38, cb=0xc | out: lpmodinfo=0x267aa38*(lpBaseOfDll=0x73990000, SizeOfImage=0x52000, EntryPoint=0x739914be)) returned 1 [0183.530] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.530] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73990000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0183.531] CoTaskMemFree (pv=0x3dd570) [0183.531] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.531] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73990000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0183.532] CoTaskMemFree (pv=0x3dd570) [0183.532] GetModuleInformation (in: hProcess=0x304, hModule=0x73970000, lpmodinfo=0x267cb58, cb=0xc | out: lpmodinfo=0x267cb58*(lpBaseOfDll=0x73970000, SizeOfImage=0x15000, EntryPoint=0x739712de)) returned 1 [0183.534] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.534] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73970000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0183.535] CoTaskMemFree (pv=0x3dd570) [0183.535] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.535] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73970000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0183.536] CoTaskMemFree (pv=0x3dd570) [0183.536] GetModuleInformation (in: hProcess=0x304, hModule=0x75960000, lpmodinfo=0x267ec70, cb=0xc | out: lpmodinfo=0x267ec70*(lpBaseOfDll=0x75960000, SizeOfImage=0x35000, EntryPoint=0x7596145d)) returned 1 [0183.537] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.537] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x75960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0183.538] CoTaskMemFree (pv=0x3dd570) [0183.539] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.539] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x75960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\WS2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0183.540] CoTaskMemFree (pv=0x3dd570) [0183.540] GetModuleInformation (in: hProcess=0x304, hModule=0x76960000, lpmodinfo=0x2680d88, cb=0xc | out: lpmodinfo=0x2680d88*(lpBaseOfDll=0x76960000, SizeOfImage=0x6000, EntryPoint=0x76961782)) returned 1 [0183.541] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.541] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0183.542] CoTaskMemFree (pv=0x3dd570) [0183.542] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.542] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0183.544] CoTaskMemFree (pv=0x3dd570) [0183.544] GetModuleInformation (in: hProcess=0x304, hModule=0x73960000, lpmodinfo=0x2682e90, cb=0xc | out: lpmodinfo=0x2682e90*(lpBaseOfDll=0x73960000, SizeOfImage=0xd000, EntryPoint=0x73961326)) returned 1 [0183.545] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.545] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x73960000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0183.546] CoTaskMemFree (pv=0x3dd570) [0183.546] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.546] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x73960000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0183.547] CoTaskMemFree (pv=0x3dd570) [0183.548] GetModuleInformation (in: hProcess=0x304, hModule=0x747e0000, lpmodinfo=0x2684fa8, cb=0xc | out: lpmodinfo=0x2684fa8*(lpBaseOfDll=0x747e0000, SizeOfImage=0x3c000, EntryPoint=0x747e145d)) returned 1 [0183.549] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.549] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747e0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0183.550] CoTaskMemFree (pv=0x3dd570) [0183.550] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.550] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747e0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0183.551] CoTaskMemFree (pv=0x3dd570) [0183.551] GetModuleInformation (in: hProcess=0x304, hModule=0x747d0000, lpmodinfo=0x26870c0, cb=0xc | out: lpmodinfo=0x26870c0*(lpBaseOfDll=0x747d0000, SizeOfImage=0x5000, EntryPoint=0x747d15df)) returned 1 [0183.552] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.552] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="wshtcpip.dll") returned 0xc [0183.553] CoTaskMemFree (pv=0x3dd570) [0183.554] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.554] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wshtcpip.dll" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll")) returned 0x20 [0183.555] CoTaskMemFree (pv=0x3dd570) [0183.555] GetModuleInformation (in: hProcess=0x304, hModule=0x747c0000, lpmodinfo=0x26891e0, cb=0xc | out: lpmodinfo=0x26891e0*(lpBaseOfDll=0x747c0000, SizeOfImage=0x6000, EntryPoint=0x747c1673)) returned 1 [0183.556] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.556] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747c0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0183.557] CoTaskMemFree (pv=0x3dd570) [0183.557] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.557] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747c0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll")) returned 0x1e [0183.559] CoTaskMemFree (pv=0x3dd570) [0183.559] GetModuleInformation (in: hProcess=0x304, hModule=0x6d590000, lpmodinfo=0x268b2f8, cb=0xc | out: lpmodinfo=0x268b2f8*(lpBaseOfDll=0x6d590000, SizeOfImage=0x58000, EntryPoint=0x6d5913b4)) returned 1 [0183.560] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.560] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d590000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0183.561] CoTaskMemFree (pv=0x3dd570) [0183.561] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.562] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d590000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0183.563] CoTaskMemFree (pv=0x3dd570) [0183.563] GetModuleInformation (in: hProcess=0x304, hModule=0x6f900000, lpmodinfo=0x268d410, cb=0xc | out: lpmodinfo=0x268d410*(lpBaseOfDll=0x6f900000, SizeOfImage=0x4f000, EntryPoint=0x6f901452)) returned 1 [0183.564] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.564] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6f900000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0183.565] CoTaskMemFree (pv=0x3dd570) [0183.566] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.566] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6f900000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll")) returned 0x1d [0183.567] CoTaskMemFree (pv=0x3dd570) [0183.567] GetModuleInformation (in: hProcess=0x304, hModule=0x74930000, lpmodinfo=0x268f520, cb=0xc | out: lpmodinfo=0x268f520*(lpBaseOfDll=0x74930000, SizeOfImage=0x8000, EntryPoint=0x749334d3)) returned 1 [0183.568] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.568] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74930000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="credssp.dll") returned 0xb [0183.570] CoTaskMemFree (pv=0x3dd570) [0183.570] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.570] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74930000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll")) returned 0x1f [0183.571] CoTaskMemFree (pv=0x3dd570) [0183.571] GetModuleInformation (in: hProcess=0x304, hModule=0x74830000, lpmodinfo=0x2691638, cb=0xc | out: lpmodinfo=0x2691638*(lpBaseOfDll=0x74830000, SizeOfImage=0x1c000, EntryPoint=0x7483a431)) returned 1 [0183.572] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.572] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74830000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0183.574] CoTaskMemFree (pv=0x3dd570) [0183.574] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.574] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74830000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0183.575] CoTaskMemFree (pv=0x3dd570) [0183.575] GetModuleInformation (in: hProcess=0x304, hModule=0x74820000, lpmodinfo=0x2693758, cb=0xc | out: lpmodinfo=0x2693758*(lpBaseOfDll=0x74820000, SizeOfImage=0x7000, EntryPoint=0x7482128d)) returned 1 [0183.577] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.577] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74820000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0183.578] CoTaskMemFree (pv=0x3dd570) [0183.578] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.578] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74820000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0183.581] CoTaskMemFree (pv=0x3dd570) [0183.581] GetModuleInformation (in: hProcess=0x304, hModule=0x74940000, lpmodinfo=0x2695870, cb=0xc | out: lpmodinfo=0x2695870*(lpBaseOfDll=0x74940000, SizeOfImage=0xd000, EntryPoint=0x74942012)) returned 1 [0183.583] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.583] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74940000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0183.585] CoTaskMemFree (pv=0x3dd570) [0183.585] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.585] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74940000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0183.586] CoTaskMemFree (pv=0x3dd570) [0183.586] GetModuleInformation (in: hProcess=0x304, hModule=0x6d550000, lpmodinfo=0x2697990, cb=0xc | out: lpmodinfo=0x2697990*(lpBaseOfDll=0x6d550000, SizeOfImage=0x12000, EntryPoint=0x6d553271)) returned 1 [0183.588] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.588] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d550000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0183.589] CoTaskMemFree (pv=0x3dd570) [0183.589] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.589] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d550000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0183.591] CoTaskMemFree (pv=0x3dd570) [0183.591] GetModuleInformation (in: hProcess=0x304, hModule=0x747a0000, lpmodinfo=0x2699ab0, cb=0xc | out: lpmodinfo=0x2699ab0*(lpBaseOfDll=0x747a0000, SizeOfImage=0xe000, EntryPoint=0x747a1235)) returned 1 [0183.592] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.592] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747a0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0183.594] CoTaskMemFree (pv=0x3dd570) [0183.594] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.594] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747a0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll")) returned 0x23 [0183.595] CoTaskMemFree (pv=0x3dd570) [0183.595] GetModuleInformation (in: hProcess=0x304, hModule=0x74850000, lpmodinfo=0x269bbd8, cb=0xc | out: lpmodinfo=0x269bbd8*(lpBaseOfDll=0x74850000, SizeOfImage=0x44000, EntryPoint=0x748663f9)) returned 1 [0183.597] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.597] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74850000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0183.599] CoTaskMemFree (pv=0x3dd570) [0183.599] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.599] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74850000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0183.600] CoTaskMemFree (pv=0x3dd570) [0183.600] GetModuleInformation (in: hProcess=0x304, hModule=0x747b0000, lpmodinfo=0x269dcf0, cb=0xc | out: lpmodinfo=0x269dcf0*(lpBaseOfDll=0x747b0000, SizeOfImage=0x6000, EntryPoint=0x747b14b2)) returned 1 [0183.602] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.602] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x747b0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0183.603] CoTaskMemFree (pv=0x3dd570) [0183.603] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.603] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x747b0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0183.605] CoTaskMemFree (pv=0x3dd570) [0183.605] GetModuleInformation (in: hProcess=0x304, hModule=0x6d510000, lpmodinfo=0x269fe10, cb=0xc | out: lpmodinfo=0x269fe10*(lpBaseOfDll=0x6d510000, SizeOfImage=0x38000, EntryPoint=0x6d51990e)) returned 1 [0183.606] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.606] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d510000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0183.608] CoTaskMemFree (pv=0x3dd570) [0183.608] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.608] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d510000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0183.609] CoTaskMemFree (pv=0x3dd570) [0183.609] GetModuleInformation (in: hProcess=0x304, hModule=0x6d580000, lpmodinfo=0x26a1f30, cb=0xc | out: lpmodinfo=0x26a1f30*(lpBaseOfDll=0x6d580000, SizeOfImage=0x8000, EntryPoint=0x6d5810e9)) returned 1 [0183.611] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.611] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d580000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0183.612] CoTaskMemFree (pv=0x3dd570) [0183.612] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.612] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d580000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0183.614] CoTaskMemFree (pv=0x3dd570) [0183.614] GetModuleInformation (in: hProcess=0x304, hModule=0x6d4d0000, lpmodinfo=0x26a4048, cb=0xc | out: lpmodinfo=0x26a4048*(lpBaseOfDll=0x6d4d0000, SizeOfImage=0x3f000, EntryPoint=0x6d4d2351)) returned 1 [0183.616] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.616] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d4d0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0183.618] CoTaskMemFree (pv=0x3dd570) [0183.618] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.618] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d4d0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0183.619] CoTaskMemFree (pv=0x3dd570) [0183.619] GetModuleInformation (in: hProcess=0x304, hModule=0x74ab0000, lpmodinfo=0x26a6374, cb=0xc | out: lpmodinfo=0x26a6374*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x121000, EntryPoint=0x74ab158e)) returned 1 [0183.621] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.621] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x74ab0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0183.622] CoTaskMemFree (pv=0x3dd570) [0183.622] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.622] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x74ab0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0183.624] CoTaskMemFree (pv=0x3dd570) [0183.624] GetModuleInformation (in: hProcess=0x304, hModule=0x76ed0000, lpmodinfo=0x26a848c, cb=0xc | out: lpmodinfo=0x26a848c*(lpBaseOfDll=0x76ed0000, SizeOfImage=0xc000, EntryPoint=0x76ed238e)) returned 1 [0183.626] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.626] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x76ed0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0183.627] CoTaskMemFree (pv=0x3dd570) [0183.627] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.627] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x76ed0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\syswow64\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0183.629] CoTaskMemFree (pv=0x3dd570) [0183.629] GetModuleInformation (in: hProcess=0x304, hModule=0x6d490000, lpmodinfo=0x26aa5b0, cb=0xc | out: lpmodinfo=0x26aa5b0*(lpBaseOfDll=0x6d490000, SizeOfImage=0x38000, EntryPoint=0x6d491489)) returned 1 [0183.631] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.631] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d490000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0183.632] CoTaskMemFree (pv=0x3dd570) [0183.632] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.632] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d490000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0183.634] CoTaskMemFree (pv=0x3dd570) [0183.634] GetModuleInformation (in: hProcess=0x304, hModule=0x6d450000, lpmodinfo=0x26ac6c8, cb=0xc | out: lpmodinfo=0x26ac6c8*(lpBaseOfDll=0x6d450000, SizeOfImage=0x3d000, EntryPoint=0x6d4510f5)) returned 1 [0183.636] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.636] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d450000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0183.637] CoTaskMemFree (pv=0x3dd570) [0183.637] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.637] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d450000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0183.639] CoTaskMemFree (pv=0x3dd570) [0183.639] GetModuleInformation (in: hProcess=0x304, hModule=0x6d430000, lpmodinfo=0x26ae808, cb=0xc | out: lpmodinfo=0x26ae808*(lpBaseOfDll=0x6d430000, SizeOfImage=0x17000, EntryPoint=0x6d431c9d)) returned 1 [0183.641] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.641] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d430000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0183.643] CoTaskMemFree (pv=0x3dd570) [0183.643] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.643] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d430000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll")) returned 0x1f [0183.645] CoTaskMemFree (pv=0x3dd570) [0183.645] GetModuleInformation (in: hProcess=0x304, hModule=0x6d410000, lpmodinfo=0x26b0920, cb=0xc | out: lpmodinfo=0x26b0920*(lpBaseOfDll=0x6d410000, SizeOfImage=0x16000, EntryPoint=0x6d412061)) returned 1 [0183.646] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.646] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d410000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="GPAPI.dll") returned 0x9 [0183.648] CoTaskMemFree (pv=0x3dd570) [0183.648] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.648] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d410000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GPAPI.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll")) returned 0x1d [0183.650] CoTaskMemFree (pv=0x3dd570) [0183.650] GetModuleInformation (in: hProcess=0x304, hModule=0x6d380000, lpmodinfo=0x26b2a30, cb=0xc | out: lpmodinfo=0x26b2a30*(lpBaseOfDll=0x6d380000, SizeOfImage=0x84000, EntryPoint=0x6d3819a9)) returned 1 [0183.652] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.652] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d380000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0183.654] CoTaskMemFree (pv=0x3dd570) [0183.654] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.654] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d380000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll")) returned 0x7b [0183.656] CoTaskMemFree (pv=0x3dd570) [0183.656] GetModuleInformation (in: hProcess=0x304, hModule=0x6d1f0000, lpmodinfo=0x26b4c04, cb=0xc | out: lpmodinfo=0x26b4c04*(lpBaseOfDll=0x6d1f0000, SizeOfImage=0x190000, EntryPoint=0x6d28d026)) returned 1 [0183.658] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.658] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d1f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0183.659] CoTaskMemFree (pv=0x3dd570) [0183.659] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.659] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d1f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll")) returned 0x71 [0183.661] CoTaskMemFree (pv=0x3dd570) [0183.661] GetModuleInformation (in: hProcess=0x304, hModule=0x6d0f0000, lpmodinfo=0x26b6dc0, cb=0xc | out: lpmodinfo=0x26b6dc0*(lpBaseOfDll=0x6d0f0000, SizeOfImage=0xfb000, EntryPoint=0x6d1017e1)) returned 1 [0183.663] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.663] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6d0f0000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0183.664] CoTaskMemFree (pv=0x3dd570) [0183.665] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.665] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6d0f0000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")) returned 0x25 [0183.671] CoTaskMemFree (pv=0x3dd570) [0183.671] GetModuleInformation (in: hProcess=0x304, hModule=0x6c320000, lpmodinfo=0x26b8ef0, cb=0xc | out: lpmodinfo=0x26b8ef0*(lpBaseOfDll=0x6c320000, SizeOfImage=0xdcd000, EntryPoint=0x0)) returned 1 [0183.672] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.672] GetModuleBaseNameW (in: hProcess=0x304, hModule=0x6c320000, lpBaseName=0x3dd570, nSize=0x800 | out: lpBaseName="System.Web.ni.dll") returned 0x11 [0183.674] CoTaskMemFree (pv=0x3dd570) [0183.674] CoTaskMemAlloc (cb=0x804) returned 0x3dd570 [0183.674] GetModuleFileNameExW (in: hProcess=0x304, hModule=0x6c320000, lpFilename=0x3dd570, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Web\\8e86e9948f7dcebce93d5df6073700ba\\System.Web.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.web\\8e86e9948f7dcebce93d5df6073700ba\\system.web.ni.dll")) returned 0x6c [0183.676] CoTaskMemFree (pv=0x3dd570) [0183.676] CloseHandle (hObject=0x304) returned 1 [0183.688] lstrlenA (lpString="AcquireSRWLockExclusive") returned 23 [0183.688] lstrlenA (lpString="AcquireSRWLockShared") returned 20 [0183.688] lstrlenA (lpString="ActivateActCtx") returned 14 [0183.688] lstrlenA (lpString="AddAtomA") returned 8 [0183.688] lstrlenA (lpString="AddAtomW") returned 8 [0183.689] lstrlenA (lpString="AddConsoleAliasA") returned 16 [0183.689] lstrlenA (lpString="AddConsoleAliasW") returned 16 [0183.689] lstrlenA (lpString="AddDllDirectory") returned 15 [0183.689] lstrlenA (lpString="AddIntegrityLabelToBoundaryDescriptor") returned 37 [0183.689] lstrlenA (lpString="AddLocalAlternateComputerNameA") returned 30 [0183.689] lstrlenA (lpString="AddLocalAlternateComputerNameW") returned 30 [0183.689] lstrlenA (lpString="AddRefActCtx") returned 12 [0183.689] lstrlenA (lpString="AddSIDToBoundaryDescriptor") returned 26 [0183.689] lstrlenA (lpString="AddSecureMemoryCacheCallback") returned 28 [0183.690] lstrlenA (lpString="AddVectoredContinueHandler") returned 26 [0183.690] lstrlenA (lpString="AddVectoredExceptionHandler") returned 27 [0183.690] lstrlenA (lpString="AdjustCalendarDate") returned 18 [0183.690] lstrlenA (lpString="AllocConsole") returned 12 [0183.690] lstrlenA (lpString="AllocateUserPhysicalPages") returned 25 [0183.690] lstrlenA (lpString="AllocateUserPhysicalPagesNuma") returned 29 [0183.690] lstrlenA (lpString="ApplicationRecoveryFinished") returned 27 [0183.690] lstrlenA (lpString="ApplicationRecoveryInProgress") returned 29 [0183.691] lstrlenA (lpString="AreFileApisANSI") returned 15 [0183.691] lstrlenA (lpString="AssignProcessToJobObject") returned 24 [0183.691] lstrlenA (lpString="AttachConsole") returned 13 [0183.691] lstrlenA (lpString="BackupRead") returned 10 [0183.691] lstrlenA (lpString="BackupSeek") returned 10 [0183.691] lstrlenA (lpString="BackupWrite") returned 11 [0183.691] lstrlenA (lpString="BaseCheckAppcompatCache") returned 23 [0183.691] lstrlenA (lpString="BaseCheckAppcompatCacheEx") returned 25 [0183.691] lstrlenA (lpString="BaseCheckRunApp") returned 15 [0183.692] lstrlenA (lpString="BaseCleanupAppcompatCacheSupport") returned 32 [0183.692] lstrlenA (lpString="BaseDllReadWriteIniFile") returned 23 [0183.692] lstrlenA (lpString="BaseDumpAppcompatCache") returned 22 [0183.692] lstrlenA (lpString="BaseFlushAppcompatCache") returned 23 [0183.692] lstrlenA (lpString="BaseFormatObjectAttributes") returned 26 [0183.692] lstrlenA (lpString="BaseFormatTimeOut") returned 17 [0183.692] lstrlenA (lpString="BaseGenerateAppCompatData") returned 25 [0183.692] lstrlenA (lpString="BaseGetNamedObjectDirectory") returned 27 [0183.693] lstrlenA (lpString="BaseInitAppcompatCacheSupport") returned 29 [0183.693] lstrlenA (lpString="BaseIsAppcompatInfrastructureDisabled") returned 37 [0183.693] lstrlenA (lpString="BaseQueryModuleData") returned 19 [0183.693] lstrlenA (lpString="BaseSetLastNTError") returned 18 [0183.693] lstrlenA (lpString="BaseThreadInitThunk") returned 19 [0183.693] lstrlenA (lpString="BaseUpdateAppcompatCache") returned 24 [0183.693] lstrlenA (lpString="BaseVerifyUnicodeString") returned 23 [0183.693] lstrlenA (lpString="Basep8BitStringToDynamicUnicodeString") returned 37 [0183.693] lstrlenA (lpString="BasepAllocateActivationContextActivationBlock") returned 45 [0183.693] lstrlenA (lpString="BasepAnsiStringToDynamicUnicodeString") returned 37 [0183.694] lstrlenA (lpString="BasepCheckAppCompat") returned 19 [0183.694] lstrlenA (lpString="BasepCheckBadapp") returned 16 [0183.694] lstrlenA (lpString="BasepCheckWinSaferRestrictions") returned 30 [0183.694] lstrlenA (lpString="BasepFreeActivationContextActivationBlock") returned 41 [0183.694] lstrlenA (lpString="BasepFreeAppCompatData") returned 22 [0183.694] lstrlenA (lpString="BasepMapModuleHandle") returned 20 [0183.694] lstrlenA (lpString="Beep") returned 4 [0183.694] lstrlenA (lpString="BeginUpdateResourceA") returned 20 [0183.694] lstrlenA (lpString="BeginUpdateResourceW") returned 20 [0183.694] lstrlenA (lpString="BindIoCompletionCallback") returned 24 [0183.695] lstrlenA (lpString="BuildCommDCBA") returned 13 [0183.695] lstrlenA (lpString="BuildCommDCBAndTimeoutsA") returned 24 [0183.695] lstrlenA (lpString="BuildCommDCBAndTimeoutsW") returned 24 [0183.695] lstrlenA (lpString="BuildCommDCBW") returned 13 [0183.695] lstrlenA (lpString="CallNamedPipeA") returned 14 [0183.695] lstrlenA (lpString="CallNamedPipeW") returned 14 [0183.695] lstrlenA (lpString="CallbackMayRunLong") returned 18 [0183.695] lstrlenA (lpString="CancelDeviceWakeupRequest") returned 25 [0183.695] lstrlenA (lpString="CancelIo") returned 8 [0183.695] lstrlenA (lpString="CancelIoEx") returned 10 [0183.696] lstrlenA (lpString="CancelSynchronousIo") returned 19 [0183.696] lstrlenA (lpString="CancelThreadpoolIo") returned 18 [0183.696] lstrlenA (lpString="CancelTimerQueueTimer") returned 21 [0183.696] lstrlenA (lpString="CancelWaitableTimer") returned 19 [0183.696] lstrlenA (lpString="ChangeTimerQueueTimer") returned 21 [0183.696] lstrlenA (lpString="CheckElevation") returned 14 [0183.696] lstrlenA (lpString="CheckElevationEnabled") returned 21 [0183.696] lstrlenA (lpString="CheckForReadOnlyResource") returned 24 [0183.696] lstrlenA (lpString="CheckNameLegalDOS8Dot3A") returned 23 [0183.696] lstrlenA (lpString="CheckNameLegalDOS8Dot3W") returned 23 [0183.696] lstrlenA (lpString="CheckRemoteDebuggerPresent") returned 26 [0183.697] lstrlenA (lpString="ClearCommBreak") returned 14 [0183.697] lstrlenA (lpString="ClearCommError") returned 14 [0183.697] lstrlenA (lpString="CloseConsoleHandle") returned 18 [0183.697] lstrlenA (lpString="CloseHandle") returned 11 [0183.697] lstrlenA (lpString="ClosePrivateNamespace") returned 21 [0183.697] lstrlenA (lpString="CloseProfileUserMapping") returned 23 [0183.697] lstrlenA (lpString="CloseThreadpool") returned 15 [0183.697] lstrlenA (lpString="CloseThreadpoolCleanupGroup") returned 27 [0183.697] lstrlenA (lpString="CloseThreadpoolCleanupGroupMembers") returned 34 [0183.698] lstrlenA (lpString="CloseThreadpoolIo") returned 17 [0183.698] lstrlenA (lpString="CloseThreadpoolTimer") returned 20 [0183.698] lstrlenA (lpString="CloseThreadpoolWait") returned 19 [0183.698] lstrlenA (lpString="CloseThreadpoolWork") returned 19 [0183.698] lstrlenA (lpString="CmdBatNotification") returned 18 [0183.698] lstrlenA (lpString="CommConfigDialogA") returned 17 [0183.698] lstrlenA (lpString="CommConfigDialogW") returned 17 [0183.698] lstrlenA (lpString="CompareCalendarDates") returned 20 [0183.698] lstrlenA (lpString="CompareFileTime") returned 15 [0183.698] lstrlenA (lpString="CompareStringA") returned 14 [0183.698] lstrlenA (lpString="CompareStringEx") returned 15 [0183.699] lstrlenA (lpString="CompareStringOrdinal") returned 20 [0183.699] lstrlenA (lpString="CompareStringW") returned 14 [0183.699] lstrlenA (lpString="ConnectNamedPipe") returned 16 [0183.699] lstrlenA (lpString="ConsoleMenuControl") returned 18 [0183.699] lstrlenA (lpString="ContinueDebugEvent") returned 18 [0183.699] lstrlenA (lpString="ConvertCalDateTimeToSystemTime") returned 30 [0183.699] lstrlenA (lpString="ConvertDefaultLocale") returned 20 [0183.699] lstrlenA (lpString="ConvertFiberToThread") returned 20 [0183.699] lstrlenA (lpString="ConvertNLSDayOfWeekToWin32DayOfWeek") returned 35 [0183.700] lstrlenA (lpString="ConvertSystemTimeToCalDateTime") returned 30 [0183.700] lstrlenA (lpString="ConvertThreadToFiber") returned 20 [0183.700] lstrlenA (lpString="ConvertThreadToFiberEx") returned 22 [0183.700] lstrlenA (lpString="CopyContext") returned 11 [0183.700] lstrlenA (lpString="CopyFileA") returned 9 [0183.700] lstrlenA (lpString="CopyFileExA") returned 11 [0183.700] lstrlenA (lpString="CopyFileExW") returned 11 [0183.700] lstrlenA (lpString="CopyFileTransactedA") returned 19 [0183.700] lstrlenA (lpString="CopyFileTransactedW") returned 19 [0183.700] lstrlenA (lpString="CopyFileW") returned 9 [0183.701] lstrlenA (lpString="CopyLZFile") returned 10 [0183.701] lstrlenA (lpString="CreateActCtxA") returned 13 [0183.701] lstrlenA (lpString="CreateActCtxW") returned 13 [0183.701] lstrlenA (lpString="CreateBoundaryDescriptorA") returned 25 [0183.701] lstrlenA (lpString="CreateBoundaryDescriptorW") returned 25 [0183.701] lstrlenA (lpString="CreateConsoleScreenBuffer") returned 25 [0183.701] lstrlenA (lpString="CreateDirectoryA") returned 16 [0183.701] lstrlenA (lpString="CreateDirectoryExA") returned 18 [0183.701] lstrlenA (lpString="CreateDirectoryExW") returned 18 [0183.701] lstrlenA (lpString="CreateDirectoryTransactedA") returned 26 [0183.701] lstrlenA (lpString="CreateDirectoryTransactedW") returned 26 [0183.702] lstrlenA (lpString="CreateDirectoryW") returned 16 [0183.702] lstrlenA (lpString="CreateEventA") returned 12 [0183.702] lstrlenA (lpString="CreateEventExA") returned 14 [0183.702] lstrlenA (lpString="CreateEventExW") returned 14 [0183.702] lstrlenA (lpString="CreateEventW") returned 12 [0183.702] lstrlenA (lpString="CreateFiber") returned 11 [0183.702] lstrlenA (lpString="CreateFiberEx") returned 13 [0183.702] lstrlenA (lpString="CreateFileA") returned 11 [0183.702] lstrlenA (lpString="CreateFileMappingA") returned 18 [0183.702] lstrlenA (lpString="CreateFileMappingNumaA") returned 22 [0183.702] lstrlenA (lpString="CreateFileMappingNumaW") returned 22 [0183.702] lstrlenA (lpString="CreateFileMappingW") returned 18 [0183.702] lstrlenA (lpString="CreateFileTransactedA") returned 21 [0183.702] lstrlenA (lpString="CreateFileTransactedW") returned 21 [0183.703] lstrlenA (lpString="CreateFileW") returned 11 [0183.703] lstrlenA (lpString="CreateHardLinkA") returned 15 [0183.703] lstrlenA (lpString="CreateHardLinkTransactedA") returned 25 [0183.703] lstrlenA (lpString="CreateHardLinkTransactedW") returned 25 [0183.703] lstrlenA (lpString="CreateHardLinkW") returned 15 [0183.703] lstrlenA (lpString="CreateIoCompletionPort") returned 22 [0183.703] lstrlenA (lpString="CreateJobObjectA") returned 16 [0183.703] lstrlenA (lpString="CreateJobObjectW") returned 16 [0183.703] lstrlenA (lpString="CreateJobSet") returned 12 [0183.703] lstrlenA (lpString="CreateMailslotA") returned 15 [0183.703] lstrlenA (lpString="CreateMailslotW") returned 15 [0183.703] lstrlenA (lpString="CreateMemoryResourceNotification") returned 32 [0183.703] lstrlenA (lpString="CreateMutexA") returned 12 [0183.703] lstrlenA (lpString="CreateMutexExA") returned 14 [0183.703] lstrlenA (lpString="CreateMutexExW") returned 14 [0183.704] lstrlenA (lpString="CreateMutexW") returned 12 [0183.704] lstrlenA (lpString="CreateNamedPipeA") returned 16 [0183.704] lstrlenA (lpString="CreateNamedPipeW") returned 16 [0183.704] lstrlenA (lpString="CreatePipe") returned 10 [0183.704] lstrlenA (lpString="CreatePrivateNamespaceA") returned 23 [0183.705] lstrlenA (lpString="CreatePrivateNamespaceW") returned 23 [0183.705] lstrlenA (lpString="CreateProcessA") returned 14 [0183.705] lstrlenA (lpString="CreateProcessAsUserW") returned 20 [0183.705] lstrlenA (lpString="CreateProcessInternalA") returned 22 [0183.705] lstrlenA (lpString="CreateProcessInternalW") returned 22 [0183.706] lstrlenA (lpString="CreateProcessW") returned 14 [0183.706] lstrlenA (lpString="CreateRemoteThread") returned 18 [0183.706] lstrlenA (lpString="CreateRemoteThreadEx") returned 20 [0183.706] lstrlenA (lpString="CreateSemaphoreA") returned 16 [0183.706] lstrlenA (lpString="CreateSemaphoreExA") returned 18 [0183.706] lstrlenA (lpString="CreateSemaphoreExW") returned 18 [0183.706] lstrlenA (lpString="CreateSemaphoreW") returned 16 [0183.706] lstrlenA (lpString="CreateSocketHandle") returned 18 [0183.706] lstrlenA (lpString="CreateSymbolicLinkA") returned 19 [0183.706] lstrlenA (lpString="CreateSymbolicLinkTransactedA") returned 29 [0183.706] lstrlenA (lpString="CreateSymbolicLinkTransactedW") returned 29 [0183.707] lstrlenA (lpString="CreateSymbolicLinkW") returned 19 [0183.707] lstrlenA (lpString="CreateTapePartition") returned 19 [0183.707] lstrlenA (lpString="CreateThread") returned 12 [0183.707] lstrlenA (lpString="CreateThreadpool") returned 16 [0183.707] lstrlenA (lpString="CreateThreadpoolCleanupGroup") returned 28 [0183.707] lstrlenA (lpString="CreateThreadpoolIo") returned 18 [0183.707] lstrlenA (lpString="CreateThreadpoolTimer") returned 21 [0183.707] lstrlenA (lpString="CreateThreadpoolWait") returned 20 [0183.707] lstrlenA (lpString="CreateThreadpoolWork") returned 20 [0183.707] lstrlenA (lpString="CreateTimerQueue") returned 16 [0183.707] lstrlenA (lpString="CreateTimerQueueTimer") returned 21 [0183.707] lstrlenA (lpString="CreateToolhelp32Snapshot") returned 24 [0183.707] lstrlenA (lpString="CreateWaitableTimerA") returned 20 [0183.707] lstrlenA (lpString="CreateWaitableTimerExA") returned 22 [0183.708] lstrlenA (lpString="CreateWaitableTimerExW") returned 22 [0183.708] lstrlenA (lpString="CreateWaitableTimerW") returned 20 [0183.708] lstrlenA (lpString="CtrlRoutine") returned 11 [0183.708] lstrlenA (lpString="DeactivateActCtx") returned 16 [0183.708] lstrlenA (lpString="DebugActiveProcess") returned 18 [0183.708] lstrlenA (lpString="DebugActiveProcessStop") returned 22 [0183.708] lstrlenA (lpString="DebugBreak") returned 10 [0183.708] lstrlenA (lpString="DebugBreakProcess") returned 17 [0183.708] lstrlenA (lpString="DebugSetProcessKillOnExit") returned 25 [0183.708] lstrlenA (lpString="DecodePointer") returned 13 [0183.708] lstrlenA (lpString="DecodeSystemPointer") returned 19 [0183.708] lstrlenA (lpString="DefineDosDeviceA") returned 16 [0183.708] lstrlenA (lpString="DefineDosDeviceW") returned 16 [0183.708] lstrlenA (lpString="DelayLoadFailureHook") returned 20 [0183.708] lstrlenA (lpString="DeleteAtom") returned 10 [0183.709] lstrlenA (lpString="DeleteBoundaryDescriptor") returned 24 [0183.709] lstrlenA (lpString="DeleteCriticalSection") returned 21 [0183.709] lstrlenA (lpString="DeleteFiber") returned 11 [0183.709] lstrlenA (lpString="DeleteFileA") returned 11 [0183.709] lstrlenA (lpString="DeleteFileTransactedA") returned 21 [0183.709] lstrlenA (lpString="DeleteFileTransactedW") returned 21 [0183.709] lstrlenA (lpString="DeleteFileW") returned 11 [0183.709] lstrlenA (lpString="DeleteProcThreadAttributeList") returned 29 [0183.709] lstrlenA (lpString="DeleteTimerQueue") returned 16 [0183.709] lstrlenA (lpString="DeleteTimerQueueEx") returned 18 [0183.709] lstrlenA (lpString="DeleteTimerQueueTimer") returned 21 [0183.709] lstrlenA (lpString="DeleteVolumeMountPointA") returned 23 [0183.709] lstrlenA (lpString="DeleteVolumeMountPointW") returned 23 [0183.709] lstrlenA (lpString="DeviceIoControl") returned 15 [0183.710] lstrlenA (lpString="DisableThreadLibraryCalls") returned 25 [0183.710] lstrlenA (lpString="DisableThreadProfiling") returned 22 [0183.710] lstrlenA (lpString="DisassociateCurrentThreadFromCallback") returned 37 [0183.710] lstrlenA (lpString="DisconnectNamedPipe") returned 19 [0183.710] lstrlenA (lpString="DnsHostnameToComputerNameA") returned 26 [0183.710] lstrlenA (lpString="DnsHostnameToComputerNameW") returned 26 [0183.710] lstrlenA (lpString="DosDateTimeToFileTime") returned 21 [0183.710] lstrlenA (lpString="DosPathToSessionPathA") returned 21 [0183.710] lstrlenA (lpString="DosPathToSessionPathW") returned 21 [0183.710] lstrlenA (lpString="DuplicateConsoleHandle") returned 22 [0183.710] lstrlenA (lpString="DuplicateHandle") returned 15 [0183.710] lstrlenA (lpString="EnableThreadProfiling") returned 21 [0183.710] lstrlenA (lpString="EncodePointer") returned 13 [0183.710] lstrlenA (lpString="EncodeSystemPointer") returned 19 [0183.711] lstrlenA (lpString="EndUpdateResourceA") returned 18 [0183.711] lstrlenA (lpString="EndUpdateResourceW") returned 18 [0183.711] lstrlenA (lpString="EnterCriticalSection") returned 20 [0183.711] lstrlenA (lpString="EnumCalendarInfoA") returned 17 [0183.711] lstrlenA (lpString="EnumCalendarInfoExA") returned 19 [0183.711] lstrlenA (lpString="EnumCalendarInfoExEx") returned 20 [0183.711] lstrlenA (lpString="EnumCalendarInfoExW") returned 19 [0183.711] lstrlenA (lpString="EnumCalendarInfoW") returned 17 [0183.711] lstrlenA (lpString="EnumDateFormatsA") returned 16 [0183.711] lstrlenA (lpString="EnumDateFormatsExA") returned 18 [0183.711] lstrlenA (lpString="EnumDateFormatsExEx") returned 19 [0183.711] lstrlenA (lpString="EnumDateFormatsExW") returned 18 [0183.734] ResumeThread (hThread=0x634) returned 0x1 [0183.919] CoGetContextToken (in: pToken=0x2df758 | out: pToken=0x2df758) returned 0x0 [0183.919] CObjectContext::QueryInterface () returned 0x0 [0183.920] CObjectContext::GetCurrentThreadType () returned 0x0 [0183.920] Release () returned 0x0 [0183.921] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x357300*=0xac, lpdwindex=0x2df604 | out: lpdwindex=0x2df604) returned 0x0 Thread: id = 75 os_tid = 0xf34 Thread: id = 76 os_tid = 0xf38 [0101.666] CoGetContextToken (in: pToken=0x101f9fc | out: pToken=0x101f9fc) returned 0x800401f0 [0101.667] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0105.332] CertCloseStore (hCertStore=0x3a5570, dwFlags=0x0) returned 1 [0105.332] CertFreeCRLContext (pCrlContext=0x3ebfe8) returned 1 [0105.333] CertFreeCRLContext (pCrlContext=0x591cad8) returned 1 [0105.333] CertFreeCRLContext (pCrlContext=0x3ebfe8) returned 1 [0105.333] CertFreeCRLContext (pCrlContext=0x3ec038) returned 1 [0105.333] CertFreeCRLContext (pCrlContext=0x3ec088) returned 1 [0105.334] CertFreeCRLContext (pCrlContext=0x591cb28) returned 1 [0105.334] CertFreeCRLContext (pCrlContext=0x591ca38) returned 1 [0109.481] GdipDisposeImage (image=0x6010408) returned 0x0 [0109.482] GdipDisposeImage (image=0x60100c0) returned 0x0 [0109.483] GdipDisposeImage (image=0x600fd78) returned 0x0 [0109.484] GdipDisposeImage (image=0x600fa30) returned 0x0 [0109.484] GdipDisposeImage (image=0x600f6e8) returned 0x0 [0109.484] GdipDisposeImage (image=0x60058d8) returned 0x0 [0109.488] GdipDisposeImage (image=0x5fff980) returned 0x0 [0109.489] GdipDisposeImage (image=0x5ff7a28) returned 0x0 [0142.634] GdipDisposeImage (image=0x5fe5890) returned 0x0 [0142.635] GdipDisposeImage (image=0x5fdf808) returned 0x0 [0142.635] GdipDisposeImage (image=0x5fd9780) returned 0x0 [0142.635] GdipDisposeImage (image=0x5fd36c0) returned 0x0 [0142.635] GdipDisposeImage (image=0x5fcd600) returned 0x0 [0142.636] GdipDisposeImage (image=0x5fc7540) returned 0x0 [0142.639] GdipDisposeImage (image=0x5fc1480) returned 0x0 [0142.640] GdipDisposeImage (image=0x5fbb3c0) returned 0x0 [0142.640] GdipDisposeImage (image=0x5fb5300) returned 0x0 [0142.640] GdipDisposeImage (image=0x5faf278) returned 0x0 [0142.640] GdipDisposeImage (image=0x5ddfab0) returned 0x0 [0142.647] GdipDisposeImage (image=0x5dc9170) returned 0x0 [0142.649] GdipDisposeImage (image=0x6010750) returned 0x0 [0142.651] GdipDisposeImage (image=0x5ff19a0) returned 0x0 [0142.651] GdipDisposeImage (image=0x6010408) returned 0x0 [0142.651] GdipDisposeImage (image=0x60100c0) returned 0x0 [0142.656] GdipDisposeImage (image=0x600fd78) returned 0x0 [0142.658] GdipDisposeImage (image=0x600fa30) returned 0x0 [0142.660] GdipDisposeImage (image=0x600f6e8) returned 0x0 [0142.670] GdipDisposeImage (image=0x5feb918) returned 0x0 [0150.626] CloseHandle (hObject=0x63c) returned 1 [0150.627] CloseHandle (hObject=0x640) returned 1 [0183.496] CloseHandle (hObject=0x644) returned 1 [0183.927] EtwEventUnregister () returned 0x0 [0183.928] EtwEventUnregister () returned 0x0 [0183.928] EtwEventUnregister () returned 0x0 [0183.928] SetWindowLongW (hWnd=0x50182, nIndex=-4, dwNewLong=1995646429) returned 82446350 [0183.931] SetClassLongW (hWnd=0x50182, nIndex=-24, dwNewLong=1995646429) returned 0x4ea07e6 [0183.932] PostMessageW (hWnd=0x50182, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0183.933] GetModuleHandleW (lpModuleName=0x0) returned 0x10b0000 [0183.933] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.1a0e24_r14_ad1", hInstance=0x10b0000) returned 0 [0183.936] IsWindow (hWnd=0x9004e) returned 1 [0183.937] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000 [0183.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x101f77c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\roÙqº{Dþwqüù\x01\x01\x01", lpUsedDefaultChar=0x0) returned 14 [0183.938] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd [0183.939] SetWindowLongW (hWnd=0x9004e, nIndex=-4, dwNewLong=1995646429) returned 82446430 [0183.939] SetClassLongW (hWnd=0x9004e, nIndex=-24, dwNewLong=1995646429) returned 0x4ea085e [0183.939] IsWindow (hWnd=0x9004e) returned 1 [0183.940] DestroyWindow (hWnd=0x9004e) returned 0 [0183.940] PostMessageW (hWnd=0x9004e, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0183.940] SetConsoleCtrlHandler (HandlerRoutine=0x4ea0836, Add=0) returned 1 [0183.989] GdipDeletePen (pen=0x5d931e8) returned 0x0 [0183.994] GdipDeleteFont (font=0x5d40960) returned 0x0 [0183.995] GdipDeleteBrush (brush=0x5d40130) returned 0x0 [0184.003] CloseHandle (hObject=0x59c) returned 1 [0184.007] DeleteSecurityContext (phContext=0x2594b4c) returned 0x0 [0184.010] setsockopt (s=0x364, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0184.011] closesocket (s=0x364) returned 0 [0184.024] FreeCredentialsHandle (phCredential=0x25949a0) returned 0x0 [0184.027] setsockopt (s=0x280, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0184.027] closesocket (s=0x280) returned 0 [0184.028] CloseHandle (hObject=0x284) returned 1 [0184.029] WinHttpCloseHandle (hInternet=0x3c6ec0) returned 1 [0184.030] CloseHandle (hObject=0x2c8) returned 1 [0184.030] CloseHandle (hObject=0x2c4) returned 1 [0184.031] RegCloseKey (hKey=0x2c0) returned 0x0 [0184.031] CloseHandle (hObject=0x2bc) returned 1 [0184.031] RegCloseKey (hKey=0x2b8) returned 0x0 [0184.032] CloseHandle (hObject=0x2b4) returned 1 [0184.032] RegCloseKey (hKey=0x80000004) returned 0x0 [0184.033] RegCloseKey (hKey=0x2b0) returned 0x0 [0184.033] RegCloseKey (hKey=0x2ac) returned 0x0 [0184.033] CloseHandle (hObject=0x294) returned 1 [0184.034] setsockopt (s=0x378, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0184.034] closesocket (s=0x378) returned 0 [0184.036] CloseHandle (hObject=0x37c) returned 1 [0184.036] setsockopt (s=0x36c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0184.037] closesocket (s=0x36c) returned 0 [0184.037] CloseHandle (hObject=0x374) returned 1 [0184.038] CloseHandle (hObject=0x1f4) returned 1 [0184.038] UnmapViewOfFile (lpBaseAddress=0x2e0000) returned 1 [0184.039] setsockopt (s=0x288, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0184.039] closesocket (s=0x288) returned 0 [0184.040] CloseHandle (hObject=0x28c) returned 1 Thread: id = 77 os_tid = 0xf3c Thread: id = 78 os_tid = 0xf40 Thread: id = 79 os_tid = 0xf44 Thread: id = 80 os_tid = 0xf48 Thread: id = 81 os_tid = 0xf4c [0103.886] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0103.888] ResetEvent (hEvent=0x40) returned 1 Thread: id = 82 os_tid = 0xf50 Thread: id = 83 os_tid = 0xf54 Thread: id = 84 os_tid = 0xf58 [0129.230] CoGetContextToken (in: pToken=0x5cdf694 | out: pToken=0x5cdf694) returned 0x0 [0129.230] CObjectContext::QueryInterface () returned 0x0 [0129.231] CObjectContext::GetCurrentThreadType () returned 0x0 [0129.231] Release () returned 0x0 Thread: id = 85 os_tid = 0xf5c [0107.421] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 86 os_tid = 0xf60 [0107.515] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0184.051] CoGetContextToken (in: pToken=0xa37f434 | out: pToken=0xa37f434) returned 0x0 [0184.051] CObjectContext::QueryInterface () returned 0x0 [0184.051] CObjectContext::GetCurrentThreadType () returned 0x0 [0184.051] Release () returned 0x0 Thread: id = 87 os_tid = 0xf64 Thread: id = 88 os_tid = 0xf68 [0110.583] CoGetContextToken (in: pToken=0x564fe2c | out: pToken=0x564fe2c) returned 0x0 [0110.583] CObjectContext::QueryInterface () returned 0x0 [0110.584] CObjectContext::GetCurrentThreadType () returned 0x0 [0110.584] Release () returned 0x0 [0110.584] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 94 os_tid = 0xf98 [0141.965] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0141.967] CoGetContextToken (in: pToken=0x641faa4 | out: pToken=0x641faa4) returned 0x0 [0141.967] CObjectContext::QueryInterface () returned 0x0 [0141.967] CObjectContext::GetCurrentThreadType () returned 0x0 [0141.967] Release () returned 0x0 [0141.967] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0141.968] CoUninitialize () [0163.379] CoUninitialize () Thread: id = 95 os_tid = 0xf9c Thread: id = 96 os_tid = 0xfa0 [0166.170] CoGetContextToken (in: pToken=0x656f524 | out: pToken=0x656f524) returned 0x0 [0166.170] CObjectContext::QueryInterface () returned 0x0 [0166.170] CObjectContext::GetCurrentThreadType () returned 0x0 [0166.170] Release () returned 0x0 Thread: id = 97 os_tid = 0xfa4 [0143.892] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0184.050] CoGetContextToken (in: pToken=0x62dee14 | out: pToken=0x62dee14) returned 0x0 [0184.051] CObjectContext::QueryInterface () returned 0x0 [0184.051] CObjectContext::GetCurrentThreadType () returned 0x0 [0184.051] Release () returned 0x0 Thread: id = 98 os_tid = 0xfa8 [0143.989] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 102 os_tid = 0xfd0 Thread: id = 125 os_tid = 0xff0 Process: id = "4" image_name = "installutil.exe" filename = "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe" page_root = "0x34c76000" os_pid = "0xfac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xf24" cmd_line = "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe\"" cur_dir = "C:\\Users\\kEecfMwgj\\Desktop\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f52a" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 2272 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 2273 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2274 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2275 start_va = 0x50000 end_va = 0x53fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000050000" filename = "" Region: id = 2276 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000060000" filename = "" Region: id = 2277 start_va = 0x190000 end_va = 0x1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 2278 start_va = 0x280000 end_va = 0x37ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000280000" filename = "" Region: id = 2279 start_va = 0xa20000 end_va = 0xa2bfff monitored = 0 entry_point = 0xa27286 region_type = mapped_file name = "installutil.exe" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe") Region: id = 2280 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2281 start_va = 0x76f00000 end_va = 0x7707ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 2282 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 2283 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 2284 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 2285 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 2286 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 2287 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2288 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 2291 start_va = 0x400000 end_va = 0x439fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 2467 start_va = 0x440000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2468 start_va = 0x73690000 end_va = 0x736cefff monitored = 0 entry_point = 0x736be088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 2469 start_va = 0x73630000 end_va = 0x7368bfff monitored = 0 entry_point = 0x7366f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 2470 start_va = 0x73620000 end_va = 0x73627fff monitored = 0 entry_point = 0x736220f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 2471 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2472 start_va = 0x752b0000 end_va = 0x753bffff monitored = 0 entry_point = 0x752c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2473 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2474 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076b00000" filename = "" Region: id = 2475 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2476 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076c20000" filename = "" Region: id = 2477 start_va = 0x590000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2478 start_va = 0x73500000 end_va = 0x73549fff monitored = 1 entry_point = 0x73502e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 2479 start_va = 0x752b0000 end_va = 0x753bffff monitored = 0 entry_point = 0x752c3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 2480 start_va = 0x753c0000 end_va = 0x75406fff monitored = 0 entry_point = 0x753c74c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 2481 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2482 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2483 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2484 start_va = 0x70000 end_va = 0xd6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2485 start_va = 0x760000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 2486 start_va = 0x440000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2487 start_va = 0x510000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 2488 start_va = 0x76a60000 end_va = 0x76afffff monitored = 0 entry_point = 0x76a749e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 2489 start_va = 0x75410000 end_va = 0x754bbfff monitored = 0 entry_point = 0x7541a472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 2490 start_va = 0x759a0000 end_va = 0x759b8fff monitored = 0 entry_point = 0x759a4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 2491 start_va = 0x76970000 end_va = 0x76a5ffff monitored = 0 entry_point = 0x76980569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 2492 start_va = 0x74a50000 end_va = 0x74aaffff monitored = 0 entry_point = 0x74a6a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 2493 start_va = 0x74a40000 end_va = 0x74a4bfff monitored = 0 entry_point = 0x74a410e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 2494 start_va = 0xe0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000e0000" filename = "" Region: id = 2495 start_va = 0x733b0000 end_va = 0x7343cfff monitored = 1 entry_point = 0x733c2860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 2496 start_va = 0x734f0000 end_va = 0x734f2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 2497 start_va = 0x751c0000 end_va = 0x75216fff monitored = 0 entry_point = 0x751d9ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 2498 start_va = 0x75220000 end_va = 0x752affff monitored = 0 entry_point = 0x75236343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 2499 start_va = 0x76860000 end_va = 0x7695ffff monitored = 0 entry_point = 0x7687b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 2500 start_va = 0x759c0000 end_va = 0x759c9fff monitored = 0 entry_point = 0x759c36a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 2501 start_va = 0x74d40000 end_va = 0x74ddcfff monitored = 0 entry_point = 0x74d73fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 2502 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2503 start_va = 0x760000 end_va = 0x8e7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 2504 start_va = 0x910000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000910000" filename = "" Region: id = 2505 start_va = 0x20000 end_va = 0x3dfff monitored = 0 entry_point = 0x3158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2506 start_va = 0x75550000 end_va = 0x755affff monitored = 0 entry_point = 0x7556158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 2507 start_va = 0x74c40000 end_va = 0x74d0bfff monitored = 0 entry_point = 0x74c4168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2511 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2512 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 2513 start_va = 0xa30000 end_va = 0xbb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 2514 start_va = 0xbc0000 end_va = 0x1fbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000bc0000" filename = "" Region: id = 2515 start_va = 0x733a0000 end_va = 0x733a8fff monitored = 0 entry_point = 0x733a1220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 2516 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2517 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2518 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2519 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2520 start_va = 0x71770000 end_va = 0x71f1efff monitored = 1 entry_point = 0x7178d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 2521 start_va = 0x73600000 end_va = 0x73613fff monitored = 0 entry_point = 0x7360ac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 2522 start_va = 0x73550000 end_va = 0x735fafff monitored = 0 entry_point = 0x735e5f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 2523 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2524 start_va = 0x120000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000120000" filename = "" Region: id = 2525 start_va = 0xf0000 end_va = 0xfffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000f0000" filename = "" Region: id = 2526 start_va = 0x100000 end_va = 0x10ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000100000" filename = "" Region: id = 2527 start_va = 0x110000 end_va = 0x11ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000110000" filename = "" Region: id = 2528 start_va = 0x130000 end_va = 0x13ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000130000" filename = "" Region: id = 2529 start_va = 0x140000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000140000" filename = "" Region: id = 2530 start_va = 0x150000 end_va = 0x15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000150000" filename = "" Region: id = 2531 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 2532 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 2533 start_va = 0x1fc0000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fc0000" filename = "" Region: id = 2534 start_va = 0x1d0000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2535 start_va = 0x5b0000 end_va = 0x5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2536 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 2537 start_va = 0x2260000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 2538 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 2539 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2540 start_va = 0x2360000 end_va = 0x435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 2541 start_va = 0x920000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 2542 start_va = 0x1fd0000 end_va = 0x200ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 2543 start_va = 0x2120000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 2544 start_va = 0x4450000 end_va = 0x454ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004450000" filename = "" Region: id = 2545 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 2546 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 2547 start_va = 0x2010000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002010000" filename = "" Region: id = 2548 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 2549 start_va = 0x4550000 end_va = 0x481efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2550 start_va = 0x6ef50000 end_va = 0x7035afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 2551 start_va = 0x75740000 end_va = 0x7589bfff monitored = 0 entry_point = 0x7578ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 2552 start_va = 0x73a10000 end_va = 0x73a8ffff monitored = 0 entry_point = 0x73a237c9 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 2553 start_va = 0x4820000 end_va = 0x498ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 2554 start_va = 0x2160000 end_va = 0x223efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002160000" filename = "" Region: id = 2555 start_va = 0x180000 end_va = 0x18ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 2556 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 2557 start_va = 0x230000 end_va = 0x26ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 2558 start_va = 0x74a10000 end_va = 0x74a12fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 2559 start_va = 0x74980000 end_va = 0x74a08fff monitored = 1 entry_point = 0x74981130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 2560 start_va = 0x75130000 end_va = 0x751befff monitored = 0 entry_point = 0x75133fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 2561 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 2562 start_va = 0x70d10000 end_va = 0x71764fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 2563 start_va = 0x70b60000 end_va = 0x70d02fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\f7568d7f1b9d356f64779b4c0927cfb3\\system.drawing.ni.dll") Region: id = 2564 start_va = 0x6e0e0000 end_va = 0x6ef45fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\c9a4cbc00f690a9e3cddfc400f6e85bb\\system.windows.forms.ni.dll") Region: id = 2565 start_va = 0x74960000 end_va = 0x74972fff monitored = 1 entry_point = 0x7496d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 2566 start_va = 0x4990000 end_va = 0x4c61fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 2567 start_va = 0x6d8c0000 end_va = 0x6e0d7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 2568 start_va = 0x70a50000 end_va = 0x70b54fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 2569 start_va = 0x6d140000 end_va = 0x6d8b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 2570 start_va = 0x75be0000 end_va = 0x76829fff monitored = 0 entry_point = 0x75c61601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 2571 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 2572 start_va = 0x748d0000 end_va = 0x748dafff monitored = 0 entry_point = 0x748d1992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 2573 start_va = 0x440000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2574 start_va = 0x4d0000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2575 start_va = 0x74940000 end_va = 0x74956fff monitored = 0 entry_point = 0x749435fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 2576 start_va = 0x738e0000 end_va = 0x738f6fff monitored = 0 entry_point = 0x738e3573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 2577 start_va = 0x380000 end_va = 0x3bbfff monitored = 0 entry_point = 0x38128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2578 start_va = 0x380000 end_va = 0x3bbfff monitored = 0 entry_point = 0x38128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2579 start_va = 0x380000 end_va = 0x3bbfff monitored = 0 entry_point = 0x38128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2580 start_va = 0x380000 end_va = 0x3bbfff monitored = 0 entry_point = 0x38128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2581 start_va = 0x380000 end_va = 0x3bbfff monitored = 0 entry_point = 0x38128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2582 start_va = 0x738a0000 end_va = 0x738dafff monitored = 0 entry_point = 0x738a128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 2583 start_va = 0x75950000 end_va = 0x75954fff monitored = 0 entry_point = 0x75951438 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 2584 start_va = 0x70860000 end_va = 0x70a41fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "microsoft.visualbasic.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\a891970b44db9e340c3ef3efa95b793c\\Microsoft.VisualBasic.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\a891970b44db9e340c3ef3efa95b793c\\microsoft.visualbasic.ni.dll") Region: id = 2585 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2586 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2587 start_va = 0x210000 end_va = 0x21ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 2588 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2589 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2590 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2591 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2592 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2593 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2594 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2595 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 2596 start_va = 0x48a0000 end_va = 0x48dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000048a0000" filename = "" Region: id = 2597 start_va = 0x4950000 end_va = 0x498ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004950000" filename = "" Region: id = 2598 start_va = 0x4c90000 end_va = 0x4d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c90000" filename = "" Region: id = 2599 start_va = 0x747a0000 end_va = 0x747adfff monitored = 0 entry_point = 0x747a1235 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\SysWOW64\\RpcRtRemote.dll" (normalized: "c:\\windows\\syswow64\\rpcrtremote.dll") Region: id = 2600 start_va = 0x7efaa000 end_va = 0x7efacfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efaa000" filename = "" Region: id = 2601 start_va = 0x200000 end_va = 0x200fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000200000" filename = "" Region: id = 2602 start_va = 0x4380000 end_va = 0x43bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004380000" filename = "" Region: id = 2603 start_va = 0x4860000 end_va = 0x489ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004860000" filename = "" Region: id = 2604 start_va = 0x4db0000 end_va = 0x4eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004db0000" filename = "" Region: id = 2605 start_va = 0x5050000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 2606 start_va = 0x7efa4000 end_va = 0x7efa6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa4000" filename = "" Region: id = 2607 start_va = 0x7efa7000 end_va = 0x7efa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa7000" filename = "" Region: id = 2608 start_va = 0x754c0000 end_va = 0x75542fff monitored = 0 entry_point = 0x754c23d2 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 2609 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 2610 start_va = 0x70820000 end_va = 0x70850fff monitored = 1 entry_point = 0x708212d7 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 2611 start_va = 0x707c0000 end_va = 0x7081bfff monitored = 0 entry_point = 0x707e2b48 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 2612 start_va = 0x75960000 end_va = 0x75994fff monitored = 0 entry_point = 0x7596145d region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 2613 start_va = 0x76960000 end_va = 0x76965fff monitored = 0 entry_point = 0x76961782 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2614 start_va = 0x5150000 end_va = 0x536ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2615 start_va = 0x74a20000 end_va = 0x74a2afff monitored = 0 entry_point = 0x74a252a0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 2616 start_va = 0x70750000 end_va = 0x707b0fff monitored = 0 entry_point = 0x7078bf40 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\SysWOW64\\wbemcomn2.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn2.dll") Region: id = 2617 start_va = 0x74920000 end_va = 0x74939fff monitored = 0 entry_point = 0x749303d0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 2618 start_va = 0x70740000 end_va = 0x7074efff monitored = 0 entry_point = 0x707493d0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2619 start_va = 0x70690000 end_va = 0x70735fff monitored = 0 entry_point = 0x706fa2f0 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2620 start_va = 0x70670000 end_va = 0x70687fff monitored = 0 entry_point = 0x70671335 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\SysWOW64\\ntdsapi.dll" (normalized: "c:\\windows\\syswow64\\ntdsapi.dll") Region: id = 2621 start_va = 0x4eb0000 end_va = 0x4faffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004eb0000" filename = "" Region: id = 2622 start_va = 0x72090000 end_va = 0x720eefff monitored = 0 entry_point = 0x72092134 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 2623 start_va = 0x220000 end_va = 0x22efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 2624 start_va = 0x5150000 end_va = 0x520ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2625 start_va = 0x5330000 end_va = 0x536ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 2731 start_va = 0x70630000 end_va = 0x70664fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "custommarshalers.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\CustomMarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\CustomMarshalers.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\custommarshalers\\0df8ec76525d72c37f86b6d2ab717e84\\custommarshalers.ni.dll") Region: id = 2732 start_va = 0x70610000 end_va = 0x70627fff monitored = 1 entry_point = 0x706158de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2733 start_va = 0x380000 end_va = 0x398fff monitored = 1 entry_point = 0x3858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2734 start_va = 0x380000 end_va = 0x398fff monitored = 1 entry_point = 0x3858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2735 start_va = 0x380000 end_va = 0x398fff monitored = 1 entry_point = 0x3858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2736 start_va = 0x380000 end_va = 0x398fff monitored = 1 entry_point = 0x3858de region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2737 start_va = 0x270000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000270000" filename = "" Region: id = 2738 start_va = 0x380000 end_va = 0x383fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 2739 start_va = 0x704e0000 end_va = 0x7060ffff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\e114780fd3ea5727401c06ea4f22ef35\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\e114780fd3ea5727401c06ea4f22ef35\\system.management.ni.dll") Region: id = 2740 start_va = 0x4fb0000 end_va = 0x4feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fb0000" filename = "" Region: id = 2741 start_va = 0x5460000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 2742 start_va = 0x7efa1000 end_va = 0x7efa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efa1000" filename = "" Region: id = 2743 start_va = 0x7ef50000 end_va = 0x7ef9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef50000" filename = "" Region: id = 2744 start_va = 0x7ef40000 end_va = 0x7ef4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef40000" filename = "" Region: id = 2745 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 2746 start_va = 0x490000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 2747 start_va = 0x56f0000 end_va = 0x57effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056f0000" filename = "" Region: id = 2748 start_va = 0x7ef3d000 end_va = 0x7ef3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3d000" filename = "" Region: id = 2749 start_va = 0x704b0000 end_va = 0x704d0fff monitored = 1 entry_point = 0x704b98e0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2750 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 2751 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2752 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2753 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2754 start_va = 0x3a0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 2755 start_va = 0x56b0000 end_va = 0x57affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056b0000" filename = "" Region: id = 2756 start_va = 0x9c0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009c0000" filename = "" Region: id = 2757 start_va = 0x5860000 end_va = 0x595ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005860000" filename = "" Region: id = 2758 start_va = 0x7ef3a000 end_va = 0x7ef3cfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef3a000" filename = "" Region: id = 2759 start_va = 0x3e0000 end_va = 0x3e4fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 3443 start_va = 0x5230000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 3444 start_va = 0x5a40000 end_va = 0x5b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a40000" filename = "" Region: id = 3445 start_va = 0x7ef37000 end_va = 0x7ef39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef37000" filename = "" Region: id = 3446 start_va = 0x3e0000 end_va = 0x3f2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003e0000" filename = "" Region: id = 3447 start_va = 0x5210000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 3467 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3468 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3469 start_va = 0x43c0000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000043c0000" filename = "" Region: id = 3470 start_va = 0x4820000 end_va = 0x485ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 3471 start_va = 0x7ef37000 end_va = 0x7ef39fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef37000" filename = "" Region: id = 3472 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3473 start_va = 0x4ff0000 end_va = 0x502ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ff0000" filename = "" Region: id = 3474 start_va = 0x5370000 end_va = 0x53affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005370000" filename = "" Region: id = 3475 start_va = 0x5600000 end_va = 0x563ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 3476 start_va = 0x59a0000 end_va = 0x5a9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000059a0000" filename = "" Region: id = 3477 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 3478 start_va = 0x7ef34000 end_va = 0x7ef36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef34000" filename = "" Region: id = 3479 start_va = 0x3f0000 end_va = 0x3f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3480 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3481 start_va = 0x3f0000 end_va = 0x3f6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3482 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3483 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3484 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3485 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3486 start_va = 0x3e0000 end_va = 0x3e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 3487 start_va = 0x3e0000 end_va = 0x3e6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 3488 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3489 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3490 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3491 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3492 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3493 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3494 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3495 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3496 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3497 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3498 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3499 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3500 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3501 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3502 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3503 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3504 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3505 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3506 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3507 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3508 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3509 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3510 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3511 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3512 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3513 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3514 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3515 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3516 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3517 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3518 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3519 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3520 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3521 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3522 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3523 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3524 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3525 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3526 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3527 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3528 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3529 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3530 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3611 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3612 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3613 start_va = 0x703d0000 end_va = 0x704a7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\93d03eb9812405fa70e89d4efd5f7e14\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\93d03eb9812405fa70e89d4efd5f7e14\\system.security.ni.dll") Region: id = 3614 start_va = 0x74ab0000 end_va = 0x74bd0fff monitored = 0 entry_point = 0x74ab158e region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 3615 start_va = 0x76ed0000 end_va = 0x76edbfff monitored = 0 entry_point = 0x76ed238e region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 3616 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3617 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3618 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3619 start_va = 0x3f0000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 3620 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3621 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3622 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3623 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3624 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3625 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3626 start_va = 0x48e0000 end_va = 0x4941fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 3627 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3628 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3629 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3630 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3631 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3632 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3633 start_va = 0x703c0000 end_va = 0x703cbfff monitored = 0 entry_point = 0x703c505c region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 3634 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3635 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3636 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3637 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3638 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3639 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3640 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3641 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3642 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3643 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3644 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3645 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3646 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3647 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3648 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3649 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 3650 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3651 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3652 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3653 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3654 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3655 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3656 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3657 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3658 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3659 start_va = 0x3e0000 end_va = 0x3effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003e0000" filename = "" Region: id = 3660 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 3661 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3662 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3663 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3664 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 3665 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3666 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 3667 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3668 start_va = 0x4410000 end_va = 0x444ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 3669 start_va = 0x55a0000 end_va = 0x569ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 3670 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 3671 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 3672 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 3673 start_va = 0x53a0000 end_va = 0x53dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000053a0000" filename = "" Region: id = 3674 start_va = 0x5ac0000 end_va = 0x5bbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005ac0000" filename = "" Region: id = 3675 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 4349 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 4350 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 4351 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4352 start_va = 0x74830000 end_va = 0x7484bfff monitored = 0 entry_point = 0x7483a431 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 4353 start_va = 0x74820000 end_va = 0x74826fff monitored = 0 entry_point = 0x7482128d region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 4354 start_va = 0x74850000 end_va = 0x74893fff monitored = 0 entry_point = 0x748663f9 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 4355 start_va = 0x5aa0000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005aa0000" filename = "" Region: id = 4356 start_va = 0x703b0000 end_va = 0x703bcfff monitored = 0 entry_point = 0x703b2012 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 4357 start_va = 0x70390000 end_va = 0x703a1fff monitored = 0 entry_point = 0x70393271 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 4358 start_va = 0x4410000 end_va = 0x444ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004410000" filename = "" Region: id = 4359 start_va = 0x55a0000 end_va = 0x569ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055a0000" filename = "" Region: id = 4360 start_va = 0x7ef31000 end_va = 0x7ef33fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef31000" filename = "" Region: id = 4361 start_va = 0x747e0000 end_va = 0x7481bfff monitored = 0 entry_point = 0x747e145d region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 4362 start_va = 0x747d0000 end_va = 0x747d4fff monitored = 0 entry_point = 0x747d15df region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\SysWOW64\\WSHTCPIP.DLL" (normalized: "c:\\windows\\syswow64\\wshtcpip.dll") Region: id = 4363 start_va = 0x747c0000 end_va = 0x747c5fff monitored = 0 entry_point = 0x747c1673 region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\SysWOW64\\wship6.dll" (normalized: "c:\\windows\\syswow64\\wship6.dll") Region: id = 4364 start_va = 0x747b0000 end_va = 0x747b5fff monitored = 0 entry_point = 0x747b14b2 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 4365 start_va = 0x6d100000 end_va = 0x6d137fff monitored = 0 entry_point = 0x6d10990e region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 4366 start_va = 0x5c00000 end_va = 0x5d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 4367 start_va = 0x70380000 end_va = 0x70387fff monitored = 0 entry_point = 0x703810e9 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 4368 start_va = 0x70370000 end_va = 0x70377fff monitored = 0 entry_point = 0x703734d3 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\SysWOW64\\credssp.dll" (normalized: "c:\\windows\\syswow64\\credssp.dll") Region: id = 4369 start_va = 0x6d0c0000 end_va = 0x6d0fefff monitored = 0 entry_point = 0x6d0c2351 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 4370 start_va = 0x6d080000 end_va = 0x6d0b7fff monitored = 0 entry_point = 0x6d081489 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 4371 start_va = 0x6d040000 end_va = 0x6d07cfff monitored = 0 entry_point = 0x6d0410f5 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 4372 start_va = 0x5420000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 4373 start_va = 0x5c10000 end_va = 0x5d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c10000" filename = "" Region: id = 4374 start_va = 0x5d30000 end_va = 0x5d6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d30000" filename = "" Region: id = 4375 start_va = 0x6d020000 end_va = 0x6d036fff monitored = 0 entry_point = 0x6d021c9d region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 4376 start_va = 0x7ef2e000 end_va = 0x7ef30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef2e000" filename = "" Region: id = 4377 start_va = 0x5d70000 end_va = 0x5f6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d70000" filename = "" Region: id = 4378 start_va = 0x6d000000 end_va = 0x6d015fff monitored = 0 entry_point = 0x6d002061 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\SysWOW64\\gpapi.dll" (normalized: "c:\\windows\\syswow64\\gpapi.dll") Region: id = 4379 start_va = 0x450000 end_va = 0x459fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 4380 start_va = 0x6cfe0000 end_va = 0x6cffbfff monitored = 0 entry_point = 0x6cfe145e region_type = mapped_file name = "cryptnet.dll" filename = "\\Windows\\SysWOW64\\cryptnet.dll" (normalized: "c:\\windows\\syswow64\\cryptnet.dll") Region: id = 4381 start_va = 0x75b90000 end_va = 0x75bd4fff monitored = 0 entry_point = 0x75b911e1 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\SysWOW64\\Wldap32.dll" (normalized: "c:\\windows\\syswow64\\wldap32.dll") Region: id = 4382 start_va = 0x73950000 end_va = 0x73955fff monitored = 0 entry_point = 0x7395125a region_type = mapped_file name = "sensapi.dll" filename = "\\Windows\\SysWOW64\\SensApi.dll" (normalized: "c:\\windows\\syswow64\\sensapi.dll") Region: id = 4383 start_va = 0x5b40000 end_va = 0x5b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b40000" filename = "" Region: id = 4384 start_va = 0x5bc0000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005bc0000" filename = "" Region: id = 4385 start_va = 0x5fd0000 end_va = 0x60cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005fd0000" filename = "" Region: id = 4386 start_va = 0x7ef2b000 end_va = 0x7ef2dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef2b000" filename = "" Region: id = 4387 start_va = 0x6cf80000 end_va = 0x6cfd7fff monitored = 0 entry_point = 0x6cf813b4 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 4388 start_va = 0x6cf30000 end_va = 0x6cf7efff monitored = 0 entry_point = 0x6cf31452 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 4389 start_va = 0x759d0000 end_va = 0x75b6cfff monitored = 0 entry_point = 0x759d17e7 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 4390 start_va = 0x758a0000 end_va = 0x758c6fff monitored = 0 entry_point = 0x758a58b9 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 4391 start_va = 0x75b70000 end_va = 0x75b81fff monitored = 0 entry_point = 0x75b71441 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 4392 start_va = 0x460000 end_va = 0x46cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\setupapi.dll.mui") Region: id = 4393 start_va = 0x6cf10000 end_va = 0x6cf24fff monitored = 0 entry_point = 0x6cf111fa region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 4394 start_va = 0x70360000 end_va = 0x7036dfff monitored = 0 entry_point = 0x70361289 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\SysWOW64\\devrtl.dll" (normalized: "c:\\windows\\syswow64\\devrtl.dll") Region: id = 4395 start_va = 0x5f70000 end_va = 0x636ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f70000" filename = "" Region: id = 4396 start_va = 0x5b40000 end_va = 0x5b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b40000" filename = "" Region: id = 4397 start_va = 0x6390000 end_va = 0x648ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006390000" filename = "" Region: id = 4398 start_va = 0x7ef2b000 end_va = 0x7ef2dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ef2b000" filename = "" Region: id = 4399 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4400 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4401 start_va = 0x5370000 end_va = 0x53f1fff monitored = 0 entry_point = 0x53719a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 4402 start_va = 0x5370000 end_va = 0x53f1fff monitored = 0 entry_point = 0x53719a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 4403 start_va = 0x6ce80000 end_va = 0x6cf03fff monitored = 0 entry_point = 0x6ce819a9 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll") Region: id = 4404 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4405 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 4406 start_va = 0x6490000 end_va = 0x660ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006490000" filename = "" Region: id = 4407 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 4408 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4409 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 4410 start_va = 0x460000 end_va = 0x470fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 4411 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 4412 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 4413 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 4414 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Thread: id = 99 os_tid = 0xfb0 [0184.829] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0185.358] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e4 [0185.359] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x1e8 [0185.425] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e274 | out: phkResult=0x37e274*=0x1f8) returned 0x0 [0185.427] RegQueryValueExW (in: hKey=0x1f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x37e294, lpData=0x0, lpcbData=0x37e290*=0x0 | out: lpType=0x37e294*=0x1, lpData=0x0, lpcbData=0x37e290*=0xe) returned 0x0 [0185.427] RegQueryValueExW (in: hKey=0x1f8, lpValueName="InstallationType", lpReserved=0x0, lpType=0x37e294, lpData=0x236418c, lpcbData=0x37e290*=0xe | out: lpType=0x37e294*=0x1, lpData="Client", lpcbData=0x37e290*=0xe) returned 0x0 [0185.429] RegCloseKey (hKey=0x1f8) returned 0x0 [0185.608] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37dc2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0185.613] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x37d928 | out: phkResult=0x37d928*=0x0) returned 0x2 [0185.614] RegCloseKey (hKey=0x80000002) returned 0x0 [0185.717] GetCurrentProcess () returned 0xffffffff [0185.717] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37df64 | out: TokenHandle=0x37df64*=0x40) returned 1 [0185.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x37da1c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0185.726] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37df5c | out: lpFileInformation=0x37df5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0185.727] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37d9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0185.729] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37df64 | out: lpFileInformation=0x37df64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0185.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0185.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37de9c) returned 1 [0185.732] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8 [0185.733] GetFileType (hFile=0x1f8) returned 0x1 [0185.733] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37de98) returned 1 [0185.733] GetFileType (hFile=0x1f8) returned 0x1 [0185.759] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x37d1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0185.760] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x37d23c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0185.760] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37d47c) returned 1 [0185.760] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37d740 | out: lpFileInformation=0x37d740*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0185.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d478) returned 1 [0185.835] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x37d60c | out: pfEnabled=0x37d60c) returned 0x0 [0185.889] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x37df58 | out: lpFileSizeHigh=0x37df58*=0x0) returned 0x8c8e [0185.890] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37df14, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37df14*=0x1000, lpOverlapped=0x0) returned 1 [0185.905] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37ddc4, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37ddc4*=0x1000, lpOverlapped=0x0) returned 1 [0185.907] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dc78, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dc78*=0x1000, lpOverlapped=0x0) returned 1 [0185.908] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dc78, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dc78*=0x1000, lpOverlapped=0x0) returned 1 [0185.908] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dc78, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dc78*=0x1000, lpOverlapped=0x0) returned 1 [0185.909] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dbb0, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dbb0*=0x1000, lpOverlapped=0x0) returned 1 [0185.915] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dd1c, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dd1c*=0x1000, lpOverlapped=0x0) returned 1 [0185.917] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dc10, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dc10*=0x1000, lpOverlapped=0x0) returned 1 [0185.917] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dc10, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dc10*=0xc8e, lpOverlapped=0x0) returned 1 [0185.918] ReadFile (in: hFile=0x1f8, lpBuffer=0x238f944, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37dcd4, lpOverlapped=0x0 | out: lpBuffer=0x238f944*, lpNumberOfBytesRead=0x37dcd4*=0x0, lpOverlapped=0x0) returned 1 [0185.918] CloseHandle (hObject=0x1f8) returned 1 [0185.918] CloseHandle (hObject=0x40) returned 1 [0185.919] GetCurrentProcess () returned 0xffffffff [0185.919] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e0b0 | out: TokenHandle=0x37e0b0*=0x40) returned 1 [0185.920] CloseHandle (hObject=0x40) returned 1 [0185.920] GetCurrentProcess () returned 0xffffffff [0185.920] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e0b0 | out: TokenHandle=0x37e0b0*=0x40) returned 1 [0185.921] CloseHandle (hObject=0x40) returned 1 [0185.927] GetCurrentProcess () returned 0xffffffff [0185.928] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37df64 | out: TokenHandle=0x37df64*=0x40) returned 1 [0185.928] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x37df5c | out: lpFileInformation=0x37df5c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6823800, ftCreationTime.dwHighDateTime=0x1cd5d46, ftLastAccessTime.dwLowDateTime=0x70169cf0, ftLastAccessTime.dwHighDateTime=0x1d706ad, ftLastWriteTime.dwLowDateTime=0xe6823800, ftLastWriteTime.dwHighDateTime=0x1cd5d46, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0185.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37d9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0185.929] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x37df64 | out: lpFileInformation=0x37df64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6823800, ftCreationTime.dwHighDateTime=0x1cd5d46, ftLastAccessTime.dwLowDateTime=0x70169cf0, ftLastAccessTime.dwHighDateTime=0x1d706ad, ftLastWriteTime.dwLowDateTime=0xe6823800, ftLastWriteTime.dwHighDateTime=0x1cd5d46, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0185.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37d984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0185.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37de9c) returned 1 [0185.929] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f8 [0185.929] GetFileType (hFile=0x1f8) returned 0x1 [0185.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37de98) returned 1 [0185.929] GetFileType (hFile=0x1f8) returned 0x1 [0185.929] GetFileSize (in: hFile=0x1f8, lpFileSizeHigh=0x37df58 | out: lpFileSizeHigh=0x37df58*=0x0) returned 0xb6 [0185.930] ReadFile (in: hFile=0x1f8, lpBuffer=0x23a8024, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37df14, lpOverlapped=0x0 | out: lpBuffer=0x23a8024*, lpNumberOfBytesRead=0x37df14*=0xb6, lpOverlapped=0x0) returned 1 [0185.933] ReadFile (in: hFile=0x1f8, lpBuffer=0x23a8024, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37ddd8, lpOverlapped=0x0 | out: lpBuffer=0x23a8024*, lpNumberOfBytesRead=0x37ddd8*=0x0, lpOverlapped=0x0) returned 1 [0185.934] CloseHandle (hObject=0x1f8) returned 1 [0185.934] CloseHandle (hObject=0x40) returned 1 [0185.934] GetCurrentProcess () returned 0xffffffff [0185.934] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e0b0 | out: TokenHandle=0x37e0b0*=0x40) returned 1 [0185.935] CloseHandle (hObject=0x40) returned 1 [0185.936] GetCurrentProcess () returned 0xffffffff [0185.936] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37e0b0 | out: TokenHandle=0x37e0b0*=0x40) returned 1 [0185.937] CloseHandle (hObject=0x40) returned 1 [0185.956] GetCurrentProcess () returned 0xffffffff [0185.957] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37dec8 | out: TokenHandle=0x37dec8*=0x40) returned 1 [0185.982] CloseHandle (hObject=0x40) returned 1 [0185.982] GetCurrentProcess () returned 0xffffffff [0185.982] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37dee0 | out: TokenHandle=0x37dee0*=0x40) returned 1 [0185.984] CloseHandle (hObject=0x40) returned 1 [0186.002] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f040 | out: phkResult=0x37f040*=0x40) returned 0x0 [0186.002] RegQueryValueExW (in: hKey=0x40, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x37f05c, lpData=0x0, lpcbData=0x37f058*=0x0 | out: lpType=0x37f05c*=0x0, lpData=0x0, lpcbData=0x37f058*=0x0) returned 0x2 [0186.002] RegCloseKey (hKey=0x40) returned 0x0 [0186.005] GetCurrentProcessId () returned 0xfac [0186.011] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x37e8dc | out: lpLuid=0x37e8dc*(LowPart=0x14, HighPart=0)) returned 1 [0186.013] GetCurrentProcess () returned 0xffffffff [0186.014] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x37e8d8 | out: TokenHandle=0x37e8d8*=0x238) returned 1 [0186.014] AdjustTokenPrivileges (in: TokenHandle=0x238, DisableAllPrivileges=0, NewState=0x23ae2c4*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0186.015] CloseHandle (hObject=0x238) returned 1 [0186.017] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.026] EnumProcessModules (in: hProcess=0x238, lphModule=0x23ae308, cb=0x100, lpcbNeeded=0x37f04c | out: lphModule=0x23ae308, lpcbNeeded=0x37f04c) returned 1 [0186.028] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23ae448, cb=0xc | out: lpmodinfo=0x23ae448*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.029] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.029] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.030] CoTaskMemFree (pv=0x6fafd8) [0186.031] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.031] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.031] CoTaskMemFree (pv=0x6fafd8) [0186.031] CloseHandle (hObject=0x238) returned 1 [0186.032] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.033] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseHttpPipeliningAndBufferPooling", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x0) returned 0x2 [0186.033] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.034] RegQueryValueExW (in: hKey=0x238, lpValueName="UseHttpPipeliningAndBufferPooling", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.034] RegCloseKey (hKey=0x238) returned 0x0 [0186.034] GetCurrentProcessId () returned 0xfac [0186.035] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.035] EnumProcessModules (in: hProcess=0x238, lphModule=0x23b0ecc, cb=0x100, lpcbNeeded=0x37f04c | out: lphModule=0x23b0ecc, lpcbNeeded=0x37f04c) returned 1 [0186.036] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23b100c, cb=0xc | out: lpmodinfo=0x23b100c*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.036] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.036] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.037] CoTaskMemFree (pv=0x6fafd8) [0186.037] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.037] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.037] CoTaskMemFree (pv=0x6fafd8) [0186.037] CloseHandle (hObject=0x238) returned 1 [0186.037] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.037] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseSafeSynchronousClose", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x0) returned 0x2 [0186.038] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.038] RegQueryValueExW (in: hKey=0x238, lpValueName="UseSafeSynchronousClose", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.038] RegCloseKey (hKey=0x238) returned 0x0 [0186.038] GetCurrentProcessId () returned 0xfac [0186.039] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.039] EnumProcessModules (in: hProcess=0x238, lphModule=0x23b3ab0, cb=0x100, lpcbNeeded=0x37f04c | out: lphModule=0x23b3ab0, lpcbNeeded=0x37f04c) returned 1 [0186.040] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23b3bf0, cb=0xc | out: lpmodinfo=0x23b3bf0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.040] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.040] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.040] CoTaskMemFree (pv=0x6fafd8) [0186.040] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.040] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.040] CoTaskMemFree (pv=0x6fafd8) [0186.041] CloseHandle (hObject=0x238) returned 1 [0186.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.UseStrictRfcInterimResponseHandling", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x0) returned 0x2 [0186.041] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.042] RegQueryValueExW (in: hKey=0x238, lpValueName="UseStrictRfcInterimResponseHandling", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.042] RegCloseKey (hKey=0x238) returned 0x0 [0186.042] GetCurrentProcessId () returned 0xfac [0186.042] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.042] EnumProcessModules (in: hProcess=0x238, lphModule=0x23b673c, cb=0x100, lpcbNeeded=0x37f04c | out: lphModule=0x23b673c, lpcbNeeded=0x37f04c) returned 1 [0186.043] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23b687c, cb=0xc | out: lpmodinfo=0x23b687c*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.043] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.043] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.044] CoTaskMemFree (pv=0x6fafd8) [0186.061] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.061] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.062] CoTaskMemFree (pv=0x6fafd8) [0186.062] CloseHandle (hObject=0x238) returned 1 [0186.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.063] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowDangerousUnicodeDecompositions", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x0) returned 0x2 [0186.064] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.064] RegQueryValueExW (in: hKey=0x238, lpValueName="AllowDangerousUnicodeDecompositions", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.064] RegCloseKey (hKey=0x238) returned 0x0 [0186.065] GetCurrentProcessId () returned 0xfac [0186.065] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.065] EnumProcessModules (in: hProcess=0x238, lphModule=0x23b9180, cb=0x100, lpcbNeeded=0x37f04c | out: lphModule=0x23b9180, lpcbNeeded=0x37f04c) returned 1 [0186.066] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23b92c0, cb=0xc | out: lpmodinfo=0x23b92c0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.066] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.067] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.067] CoTaskMemFree (pv=0x6fafd8) [0186.067] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.067] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.068] CoTaskMemFree (pv=0x6fafd8) [0186.068] CloseHandle (hObject=0x238) returned 1 [0186.068] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.068] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.UseStrictIPv6AddressParsing", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x0) returned 0x2 [0186.069] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.069] RegQueryValueExW (in: hKey=0x238, lpValueName="UseStrictIPv6AddressParsing", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.069] RegCloseKey (hKey=0x238) returned 0x0 [0186.070] GetCurrentProcessId () returned 0xfac [0186.070] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.070] EnumProcessModules (in: hProcess=0x238, lphModule=0x23bbba8, cb=0x100, lpcbNeeded=0x37f04c | out: lphModule=0x23bbba8, lpcbNeeded=0x37f04c) returned 1 [0186.071] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23bbce8, cb=0xc | out: lpmodinfo=0x23bbce8*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.072] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.072] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.072] CoTaskMemFree (pv=0x6fafd8) [0186.072] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.072] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.072] CoTaskMemFree (pv=0x6fafd8) [0186.072] CloseHandle (hObject=0x238) returned 1 [0186.073] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.073] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Uri.AllowAllUriEncodingExpansion", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x0) returned 0x2 [0186.074] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.074] RegQueryValueExW (in: hKey=0x238, lpValueName="AllowAllUriEncodingExpansion", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.074] RegCloseKey (hKey=0x238) returned 0x0 [0186.086] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.086] RegQueryValueExW (in: hKey=0x238, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.086] RegCloseKey (hKey=0x238) returned 0x0 [0186.087] GetCurrentProcessId () returned 0xfac [0186.087] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.087] EnumProcessModules (in: hProcess=0x238, lphModule=0x23bf4e8, cb=0x100, lpcbNeeded=0x37f048 | out: lphModule=0x23bf4e8, lpcbNeeded=0x37f048) returned 1 [0186.088] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23bf628, cb=0xc | out: lpmodinfo=0x23bf628*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.088] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.088] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.089] CoTaskMemFree (pv=0x6fafd8) [0186.089] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.089] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.089] CoTaskMemFree (pv=0x6fafd8) [0186.089] CloseHandle (hObject=0x238) returned 1 [0186.089] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.090] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f040 | out: phkResult=0x37f040*=0x0) returned 0x2 [0186.090] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f040 | out: phkResult=0x37f040*=0x238) returned 0x0 [0186.090] RegQueryValueExW (in: hKey=0x238, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x37f05c, lpData=0x0, lpcbData=0x37f058*=0x0 | out: lpType=0x37f05c*=0x0, lpData=0x0, lpcbData=0x37f058*=0x0) returned 0x2 [0186.090] RegCloseKey (hKey=0x238) returned 0x0 [0186.091] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f044 | out: phkResult=0x37f044*=0x238) returned 0x0 [0186.091] RegQueryValueExW (in: hKey=0x238, lpValueName="SystemDefaultTlsVersions", lpReserved=0x0, lpType=0x37f060, lpData=0x0, lpcbData=0x37f05c*=0x0 | out: lpType=0x37f060*=0x0, lpData=0x0, lpcbData=0x37f05c*=0x0) returned 0x2 [0186.091] RegCloseKey (hKey=0x238) returned 0x0 [0186.093] GetCurrentProcessId () returned 0xfac [0186.093] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x238 [0186.093] EnumProcessModules (in: hProcess=0x238, lphModule=0x23c2300, cb=0x100, lpcbNeeded=0x37f048 | out: lphModule=0x23c2300, lpcbNeeded=0x37f048) returned 1 [0186.094] GetModuleInformation (in: hProcess=0x238, hModule=0x400000, lpmodinfo=0x23c2440, cb=0xc | out: lpmodinfo=0x23c2440*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x435d3e)) returned 1 [0186.094] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.094] GetModuleBaseNameW (in: hProcess=0x238, hModule=0x400000, lpBaseName=0x6fafd8, nSize=0x800 | out: lpBaseName="InstallUtil.exe") returned 0xf [0186.094] CoTaskMemFree (pv=0x6fafd8) [0186.094] CoTaskMemAlloc (cb=0x804) returned 0x6fafd8 [0186.094] GetModuleFileNameExW (in: hProcess=0x238, hModule=0x400000, lpFilename=0x6fafd8, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe")) returned 0x3d [0186.095] CoTaskMemFree (pv=0x6fafd8) [0186.095] CloseHandle (hObject=0x238) returned 1 [0186.095] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0186.096] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.RequireCertificateEKUs", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f040 | out: phkResult=0x37f040*=0x0) returned 0x2 [0186.096] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x37f040 | out: phkResult=0x37f040*=0x238) returned 0x0 [0186.096] RegQueryValueExW (in: hKey=0x238, lpValueName="RequireCertificateEKUs", lpReserved=0x0, lpType=0x37f05c, lpData=0x0, lpcbData=0x37f058*=0x0 | out: lpType=0x37f05c*=0x0, lpData=0x0, lpcbData=0x37f058*=0x0) returned 0x2 [0186.096] RegCloseKey (hKey=0x238) returned 0x0 [0186.232] GetCurrentProcessId () returned 0xfac [0186.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3369540, Length=0x20000, ResultLength=0x37f0c0 | out: SystemInformation=0x3369540, ResultLength=0x37f0c0*=0xc1f0) returned 0x0 [0186.256] GetCurrentProcessId () returned 0xfac [0186.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3369540, Length=0x20000, ResultLength=0x37f0b0 | out: SystemInformation=0x3369540, ResultLength=0x37f0b0*=0xc1f0) returned 0x0 [0186.411] CreateBindCtx (in: reserved=0x0, ppbc=0x37f090 | out: ppbc=0x37f090*=0x6a6eb0) returned 0x0 [0186.412] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb4c | out: ppvObject=0x37eb4c*=0x6a6eb0) returned 0x0 [0186.415] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37eb00 | out: ppvObject=0x37eb00*=0x0) returned 0x80004002 [0186.415] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e928 | out: ppvObject=0x37e928*=0x0) returned 0x80004002 [0186.415] IUnknown:AddRef (This=0x6a6eb0) returned 0x3 [0186.415] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37e45c | out: ppvObject=0x37e45c*=0x0) returned 0x80004002 [0186.415] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37e40c | out: ppvObject=0x37e40c*=0x0) returned 0x80004002 [0186.415] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e418 | out: ppvObject=0x37e418*=0x0) returned 0x80004002 [0186.415] CoGetContextToken (in: pToken=0x37e478 | out: pToken=0x37e478) returned 0x0 [0186.416] CObjectContext::QueryInterface () returned 0x0 [0186.418] CObjectContext::GetCurrentApartmentType () returned 0x0 [0186.418] Release () returned 0x0 [0186.418] CoGetObjectContext (in: riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x6fc85c | out: ppv=0x6fc85c*=0x6ad7c8) returned 0x0 [0186.460] CoGetContextToken (in: pToken=0x37e88c | out: pToken=0x37e88c) returned 0x0 [0186.460] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e90c | out: ppvObject=0x37e90c*=0x0) returned 0x80004002 [0186.460] IUnknown:Release (This=0x6a6eb0) returned 0x2 [0186.460] CoGetContextToken (in: pToken=0x37ee5c | out: pToken=0x37ee5c) returned 0x0 [0186.461] CoGetContextToken (in: pToken=0x37edbc | out: pToken=0x37edbc) returned 0x0 [0186.461] IUnknown:QueryInterface (in: This=0x6a6eb0, riid=0x37ee8c*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee88 | out: ppvObject=0x37ee88*=0x6a6eb0) returned 0x0 [0186.461] IUnknown:AddRef (This=0x6a6eb0) returned 0x4 [0186.461] IUnknown:Release (This=0x6a6eb0) returned 0x3 [0186.461] IUnknown:Release (This=0x6a6eb0) returned 0x2 [0186.462] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0186.462] IUnknown:AddRef (This=0x6a6eb0) returned 0x3 [0186.462] MkParseDisplayName (in: pbc=0x6a6eb0, szUserName="WinMgmts:", pchEaten=0x37f0c4, ppmk=0x37f07c | out: pchEaten=0x37f0c4, ppmk=0x37f07c*=0x716500) returned 0x0 [0187.041] malloc (_Size=0x80) returned 0x123228 [0187.042] DllGetClassObject (in: rclsid=0x717054*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x37ecb0*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37e368 | out: ppv=0x37e368*=0x0) returned 0x80004002 [0187.042] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330810 [0187.042] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.042] DllGetClassObject (in: rclsid=0x717054*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x7578ee84*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ee70 | out: ppv=0x37ee70*=0x5330810) returned 0x0 [0187.042] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330810 [0187.043] WinMGMTS:IClassFactory:CreateInstance (in: This=0x5330810, pUnkOuter=0x0, riid=0x7578f084*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee1c | out: ppvObject=0x37ee1c*=0x5330850) returned 0x0 [0187.043] GetVersionExW (in: lpVersionInformation=0x37ec68*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x7f, dwMinorVersion=0x36b7, dwBuildNumber=0x3, dwPlatformId=0x37eccc, szCSDVersion="堡甬\x08쀕") | out: lpVersionInformation=0x37ec68*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0187.043] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x274) returned 0x0 [0187.043] RegQueryValueExW (in: hKey=0x274, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x37ec64, lpcbData=0x37ec60*=0x4 | out: lpType=0x0, lpData=0x37ec64*=0x3, lpcbData=0x37ec60*=0x4) returned 0x0 [0187.043] RegCloseKey (hKey=0x274) returned 0x0 [0187.043] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330828 [0187.043] GetSystemDirectoryW (in: lpBuffer=0x5330828, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0187.043] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76a60000 [0187.053] GetProcAddress (hModule=0x76a60000, lpProcName="DuplicateTokenEx") returned 0x76a6ca24 [0187.053] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.054] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330828 [0187.054] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330850 [0187.054] WinMGMTS:IUnknown:Release (This=0x5330810) returned 0x0 [0187.054] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.054] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x5330850, pbc=0x6a6eb0, pszDisplayName="WinMgmts:", pchEaten=0x37f034, ppmkOut=0x37f038 | out: pchEaten=0x37f034*=0x9, ppmkOut=0x37f038*=0x716500) returned 0x0 [0187.054] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0187.058] IBindCtx:GetObjectParam (in: This=0x6a6eb0, pszKey="WmiObject", ppunk=0x37ef3c | out: ppunk=0x37ef3c*=0x0) returned 0x80004005 [0187.058] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330860 [0187.059] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0187.059] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330880 [0187.059] CoCreateInstance (in: rclsid=0x708242b0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x708242a0*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5330898 | out: ppv=0x5330898*=0x6fd370) returned 0x0 [0187.576] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53308e8 [0187.576] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330950 [0187.576] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53309b0 [0187.576] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.576] GetCurrentThreadId () returned 0xfb0 [0187.576] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0187.576] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0187.576] GetCurrentThreadId () returned 0xfb0 [0187.576] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x37ee24 | out: phkResult=0x37ee24*=0x288) returned 0x0 [0187.577] RegQueryValueExW (in: hKey=0x288, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x37ee2c*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x37ee2c*=0x16) returned 0x0 [0187.577] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53309d0 [0187.577] RegQueryValueExW (in: hKey=0x288, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x53309d0, lpcbData=0x37ee2c*=0x16 | out: lpType=0x0, lpData=0x53309d0*=0x72, lpcbData=0x37ee2c*=0x16) returned 0x0 [0187.577] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53309f0 [0187.577] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.577] RegCloseKey (hKey=0x288) returned 0x0 [0187.577] CoCreateInstance (in: rclsid=0x708253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x708250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x37ee58 | out: ppv=0x37ee58*=0x6ff5d0) returned 0x0 [0187.737] SysStringLen (param_1=".") returned 0x1 [0187.737] WbemDefPath:IWbemPath:SetServer (This=0x6ff5d0, Name=".") returned 0x0 [0187.738] CoCreateInstance (in: rclsid=0x708253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x708250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x37ee10 | out: ppv=0x37ee10*=0x7157d0) returned 0x0 [0187.738] CoCreateInstance (in: rclsid=0x708253b8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x708250dc*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x37edb4 | out: ppv=0x37edb4*=0x717f50) returned 0x0 [0187.738] WbemDefPath:IWbemPath:SetText (This=0x717f50, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0187.738] WbemDefPath:IUnknown:Release (This=0x717f50) returned 0x0 [0187.738] SysStringLen (param_1="root\\cimv2") returned 0xa [0187.738] WbemDefPath:IWbemPath:SetText (This=0x7157d0, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0187.738] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7157d0, puCount=0x37ee20 | out: puCount=0x37ee20*=0x2) returned 0x0 [0187.738] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x6ff5d0) returned 0x0 [0187.738] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x7157d0, uIndex=0x0, puNameBufLength=0x37ede8*=0x0, pName=0x0 | out: puNameBufLength=0x37ede8*=0x5, pName=0x0) returned 0x0 [0187.738] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330810 [0187.738] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x7157d0, uIndex=0x0, puNameBufLength=0x37ede8*=0x5, pName="৐ԳÄԳ\x03" | out: puNameBufLength=0x37ede8*=0x5, pName="root") returned 0x0 [0187.738] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.738] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x6ff5d0, uIndex=0x0, pszName="root") returned 0x0 [0187.739] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x7157d0, uIndex=0x1, puNameBufLength=0x37ede8*=0x0, pName=0x0 | out: puNameBufLength=0x37ede8*=0x6, pName=0x0) returned 0x0 [0187.739] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330810 [0187.739] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x7157d0, uIndex=0x1, puNameBufLength=0x37ede8*=0x6, pName="৐ԳÄԳ" | out: puNameBufLength=0x37ede8*=0x6, pName="cimv2") returned 0x0 [0187.739] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.739] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x6ff5d0, uIndex=0x1, pszName="cimv2") returned 0x0 [0187.739] WbemDefPath:IUnknown:Release (This=0x7157d0) returned 0x0 [0187.739] WbemDefPath:IWbemPath:GetText (in: This=0x6ff5d0, lFlags=4, puBuffLength=0x37ee3c*=0x0, pszText=0x0 | out: puBuffLength=0x37ee3c*=0xf, pszText=0x0) returned 0x0 [0187.739] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330a10 [0187.739] WbemDefPath:IWbemPath:GetText (in: This=0x6ff5d0, lFlags=4, puBuffLength=0x37ee3c*=0xf, pszText="ÄԳ৐Գ" | out: puBuffLength=0x37ee3c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.739] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0187.739] WbemDefPath:IUnknown:Release (This=0x6ff5d0) returned 0x0 [0187.740] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6fd370, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x37eec4 | out: ppNamespace=0x37eec4*=0x71c8a8) returned 0x0 [0188.644] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330a10 [0188.644] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330a80 [0188.644] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330ae0 [0188.644] WbemLocator:IUnknown:QueryInterface (in: This=0x71c8a8, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed94 | out: ppvObject=0x37ed94*=0x71b98c) returned 0x0 [0188.644] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x71b98c, pProxy=0x71c8a8, pAuthnSvc=0x37ed84, pAuthzSvc=0x37ed88, pServerPrincName=0x0, pAuthnLevel=0x37edb0, pImpLevel=0x37edac, pAuthInfo=0x0, pCapabilites=0x37ed9c | out: pAuthnSvc=0x37ed84*=0xa, pAuthzSvc=0x37ed88*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37edb0*=0x6, pImpLevel=0x37edac*=0x2, pAuthInfo=0x0, pCapabilites=0x37ed9c*=0x1) returned 0x0 [0188.645] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x1 [0188.645] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.645] GetCurrentThreadId () returned 0xfb0 [0188.645] WbemLocator:IUnknown:QueryInterface (in: This=0x71c8a8, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edc4 | out: ppvObject=0x37edc4*=0x71b98c) returned 0x0 [0188.645] WbemLocator:IClientSecurity:CopyProxy (in: This=0x71b98c, pProxy=0x71c8a8, ppCopy=0x37edc8 | out: ppCopy=0x37edc8*=0x71c948) returned 0x0 [0188.645] WbemLocator:IUnknown:QueryInterface (in: This=0x71c948, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ece0 | out: ppvObject=0x37ece0*=0x71b98c) returned 0x0 [0188.645] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x71b98c, pProxy=0x71c948, pAuthnSvc=0x37ed04, pAuthzSvc=0x37ecf4, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x37ed04*=0xa, pAuthzSvc=0x37ecf4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0188.645] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x3 [0188.646] WbemLocator:IUnknown:QueryInterface (in: This=0x71c948, riid=0x708234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ecb8 | out: ppvObject=0x37ecb8*=0x71b9ac) returned 0x0 [0188.646] WbemLocator:IUnknown:QueryInterface (in: This=0x71c948, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ecbc | out: ppvObject=0x37ecbc*=0x71b98c) returned 0x0 [0188.646] WbemLocator:IClientSecurity:SetBlanket (This=0x71b98c, pProxy=0x71c948, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0188.646] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x4 [0188.646] WbemLocator:IUnknown:Release (This=0x71b9ac) returned 0x3 [0188.646] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x2 [0188.646] WbemLocator:IUnknown:AddRef (This=0x71c948) returned 0x3 [0188.646] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330b98 [0188.646] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53309d0 [0188.647] WbemLocator:IUnknown:Release (This=0x71c8a8) returned 0x2 [0188.647] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.647] GetCurrentThreadId () returned 0xfb0 [0188.647] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.647] GetCurrentThreadId () returned 0xfb0 [0188.647] WbemLocator:IUnknown:QueryInterface (in: This=0x71c948, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee88 | out: ppvObject=0x37ee88*=0x71b98c) returned 0x0 [0188.647] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x71b98c, pProxy=0x71c948, pAuthnSvc=0x37ee78, pAuthzSvc=0x37ee7c, pServerPrincName=0x0, pAuthnLevel=0x37eea8, pImpLevel=0x37eeac, pAuthInfo=0x0, pCapabilites=0x37ee90 | out: pAuthnSvc=0x37ee78*=0xa, pAuthzSvc=0x37ee7c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37eea8*=0x6, pImpLevel=0x37eeac*=0x3, pAuthInfo=0x0, pCapabilites=0x37ee90*=0x20) returned 0x0 [0188.647] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x2 [0188.647] CreatePointerMoniker (in: punk=0x5330a10, ppmk=0x37f038 | out: ppmk=0x37f038*=0x716500) returned 0x0 [0188.647] IUnknown:AddRef (This=0x5330a10) returned 0x2 [0188.648] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0188.648] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0188.648] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0188.648] WbemLocator:IUnknown:Release (This=0x6fd370) returned 0x0 [0188.648] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0188.648] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0188.649] WinMGMTS:IUnknown:Release (This=0x5330850) returned 0x0 [0188.649] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0188.651] IUnknown:QueryInterface (in: This=0x716500, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eb40 | out: ppvObject=0x37eb40*=0x716500) returned 0x0 [0188.651] IUnknown:QueryInterface (in: This=0x716500, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37eaf4 | out: ppvObject=0x37eaf4*=0x0) returned 0x80004002 [0188.651] IUnknown:QueryInterface (in: This=0x716500, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e91c | out: ppvObject=0x37e91c*=0x0) returned 0x80004002 [0188.652] IUnknown:AddRef (This=0x716500) returned 0x3 [0188.652] IUnknown:QueryInterface (in: This=0x716500, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37e450 | out: ppvObject=0x37e450*=0x0) returned 0x80004002 [0188.652] IUnknown:QueryInterface (in: This=0x716500, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37e400 | out: ppvObject=0x37e400*=0x0) returned 0x80004002 [0188.652] IUnknown:QueryInterface (in: This=0x716500, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e40c | out: ppvObject=0x37e40c*=0x716514) returned 0x0 [0188.653] IMarshal:GetUnmarshalClass (in: This=0x716514, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37e414 | out: pCid=0x37e414*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0188.653] IUnknown:Release (This=0x716514) returned 0x3 [0188.653] CoGetContextToken (in: pToken=0x37e46c | out: pToken=0x37e46c) returned 0x0 [0188.653] CoGetContextToken (in: pToken=0x37e87c | out: pToken=0x37e87c) returned 0x0 [0188.653] IUnknown:QueryInterface (in: This=0x716500, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e900 | out: ppvObject=0x37e900*=0x0) returned 0x80004002 [0188.653] IUnknown:Release (This=0x716500) returned 0x2 [0188.653] CoGetContextToken (in: pToken=0x37ee4c | out: pToken=0x37ee4c) returned 0x0 [0188.653] CoGetContextToken (in: pToken=0x37edac | out: pToken=0x37edac) returned 0x0 [0188.653] IUnknown:QueryInterface (in: This=0x716500, riid=0x37ee7c*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee78 | out: ppvObject=0x37ee78*=0x716500) returned 0x0 [0188.654] IUnknown:AddRef (This=0x716500) returned 0x4 [0188.654] IUnknown:Release (This=0x716500) returned 0x3 [0188.654] IUnknown:Release (This=0x6a6eb0) returned 0x2 [0188.654] IUnknown:Release (This=0x716500) returned 0x2 [0188.659] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0188.659] IUnknown:AddRef (This=0x716500) returned 0x3 [0188.659] BindMoniker (in: pmk=0x716500, grfOpt=0x0, iidResult=0x23e9f6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x37f080 | out: ppvResult=0x37f080*=0x5330a10) returned 0x0 [0188.659] IUnknown:QueryInterface (in: This=0x5330a10, riid=0x23e9f6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37f080 | out: ppvObject=0x37f080*=0x5330a10) returned 0x0 [0188.661] LoadRegTypeLib (in: rguid=0x7082364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x37e8ec*=0x0 | out: pptlib=0x37e8ec*=0x720580) returned 0x0 [0188.914] ITypeLib:GetTypeInfoOfGuid (in: This=0x720580, GUID=0x5330a54*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x5330a3c | out: ppTInfo=0x5330a3c*=0x7220d4) returned 0x0 [0188.914] IUnknown:Release (This=0x720580) returned 0x1 [0188.914] IUnknown:AddRef (This=0x7220d4) returned 0x2 [0188.914] ITypeInfo:RemoteGetTypeAttr (in: This=0x7220d4, ppTypeAttr=0x37e91c, pDummy=0x54504f17 | out: ppTypeAttr=0x37e91c, pDummy=0x54504f17) returned 0x0 [0188.923] ITypeInfo:LocalReleaseTypeAttr (This=0x7220d4) returned 0x6e5230 [0188.923] IUnknown:Release (This=0x7220d4) returned 0x1 [0188.923] CoGetContextToken (in: pToken=0x37e470 | out: pToken=0x37e470) returned 0x0 [0188.923] CoGetContextToken (in: pToken=0x37e884 | out: pToken=0x37e884) returned 0x0 [0188.923] IUnknown:Release (This=0x716500) returned 0x2 [0188.947] CoGetContextToken (in: pToken=0x37eb54 | out: pToken=0x37eb54) returned 0x0 [0188.948] LoadRegTypeLib (in: rguid=0x7082364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x37eb64*=0x0 | out: pptlib=0x37eb64*=0x720580) returned 0x0 [0188.950] ITypeLib:GetTypeInfoOfGuid (in: This=0x720580, GUID=0x5330a44*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x5330a38 | out: ppTInfo=0x5330a38*=0x722100) returned 0x0 [0188.950] IUnknown:Release (This=0x720580) returned 0x2 [0188.950] IUnknown:AddRef (This=0x722100) returned 0x2 [0188.950] DispGetIDsOfNames (in: ptinfo=0x722100, rgszNames=0x37ebc0*="InstancesOf", cNames=0x1, rgdispid=0x37ebb0 | out: rgdispid=0x37ebb0*=5) returned 0x0 [0188.952] IUnknown:Release (This=0x722100) returned 0x1 [0188.954] IUnknown:AddRef (This=0x722100) returned 0x2 [0188.954] ITypeInfo:LocalInvoke (This=0x722100) returned 0x0 [0188.954] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.955] GetCurrentThreadId () returned 0xfb0 [0188.955] WbemLocator:IUnknown:AddRef (This=0x71c948) returned 0x3 [0188.955] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.955] GetCurrentThreadId () returned 0xfb0 [0188.955] IWbemServices:CreateInstanceEnum (in: This=0x71c948, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x37e804 | out: ppEnum=0x37e804*=0x6e6950) returned 0x0 [0188.997] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330850 [0188.997] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53308b0 [0188.997] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330910 [0188.997] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330970 [0188.998] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330bf8 [0188.998] IUnknown:QueryInterface (in: This=0x6e6950, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e71c | out: ppvObject=0x37e71c*=0x6e6954) returned 0x0 [0188.998] IClientSecurity:QueryBlanket (in: This=0x6e6954, pProxy=0x6e6950, pAuthnSvc=0x37e70c, pAuthzSvc=0x37e710, pServerPrincName=0x0, pAuthnLevel=0x37e738, pImpLevel=0x37e734, pAuthInfo=0x0, pCapabilites=0x37e724 | out: pAuthnSvc=0x37e70c*=0xa, pAuthzSvc=0x37e710*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e738*=0x6, pImpLevel=0x37e734*=0x2, pAuthInfo=0x0, pCapabilites=0x37e724*=0x1) returned 0x0 [0188.998] IUnknown:Release (This=0x6e6954) returned 0x1 [0188.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.998] GetCurrentThreadId () returned 0xfb0 [0188.998] WbemLocator:IUnknown:QueryInterface (in: This=0x71c948, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e700 | out: ppvObject=0x37e700*=0x71b98c) returned 0x0 [0188.998] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x71b98c, pProxy=0x71c948, pAuthnSvc=0x37e6f0, pAuthzSvc=0x37e6f4, pServerPrincName=0x0, pAuthnLevel=0x37e720, pImpLevel=0x37e724, pAuthInfo=0x0, pCapabilites=0x37e708 | out: pAuthnSvc=0x37e6f0*=0xa, pAuthzSvc=0x37e6f4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e720*=0x6, pImpLevel=0x37e724*=0x3, pAuthInfo=0x0, pCapabilites=0x37e708*=0x20) returned 0x0 [0188.998] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x3 [0188.998] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0188.998] GetCurrentThreadId () returned 0xfb0 [0188.998] WbemLocator:IUnknown:QueryInterface (in: This=0x71c948, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e700 | out: ppvObject=0x37e700*=0x71b98c) returned 0x0 [0188.999] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x71b98c, pProxy=0x71c948, pAuthnSvc=0x37e6f0, pAuthzSvc=0x37e6f4, pServerPrincName=0x0, pAuthnLevel=0x37e724, pImpLevel=0x37e720, pAuthInfo=0x0, pCapabilites=0x37e708 | out: pAuthnSvc=0x37e6f0*=0xa, pAuthzSvc=0x37e6f4*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e724*=0x6, pImpLevel=0x37e720*=0x3, pAuthInfo=0x0, pCapabilites=0x37e708*=0x20) returned 0x0 [0188.999] WbemLocator:IUnknown:Release (This=0x71b98c) returned 0x3 [0188.999] IUnknown:QueryInterface (in: This=0x6e6950, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e74c | out: ppvObject=0x37e74c*=0x6e6954) returned 0x0 [0188.999] IClientSecurity:CopyProxy (in: This=0x6e6954, pProxy=0x6e6950, ppCopy=0x37e750 | out: ppCopy=0x37e750*=0x6e6a18) returned 0x0 [0188.999] IUnknown:QueryInterface (in: This=0x6e6a18, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e668 | out: ppvObject=0x37e668*=0x6e6a1c) returned 0x0 [0188.999] IClientSecurity:QueryBlanket (in: This=0x6e6a1c, pProxy=0x6e6a18, pAuthnSvc=0x37e68c, pAuthzSvc=0x37e67c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x37e68c*=0xa, pAuthzSvc=0x37e67c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0188.999] IUnknown:Release (This=0x6e6a1c) returned 0x3 [0188.999] IUnknown:QueryInterface (in: This=0x6e6a18, riid=0x708234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e640 | out: ppvObject=0x37e640*=0x7204fc) returned 0x0 [0188.999] IUnknown:QueryInterface (in: This=0x6e6a18, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e644 | out: ppvObject=0x37e644*=0x6e6a1c) returned 0x0 [0188.999] IClientSecurity:SetBlanket (This=0x6e6a1c, pProxy=0x6e6a18, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0189.096] IUnknown:Release (This=0x6e6a1c) returned 0x4 [0189.096] WbemLocator:IUnknown:Release (This=0x7204fc) returned 0x3 [0189.096] IUnknown:Release (This=0x6e6954) returned 0x2 [0189.096] IUnknown:AddRef (This=0x6e6a18) returned 0x3 [0189.096] IUnknown:Release (This=0x6e6950) returned 0x2 [0189.096] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37e7bc | out: pperrinfo=0x37e7bc*=0x0) returned 0x1 [0189.096] WbemLocator:IUnknown:Release (This=0x71c948) returned 0x2 [0189.096] IUnknown:Release (This=0x722100) returned 0x1 [0189.099] LoadRegTypeLib (in: rguid=0x7082364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x37e3ac*=0x0 | out: pptlib=0x37e3ac*=0x720580) returned 0x0 [0189.100] ITypeLib:GetTypeInfoOfGuid (in: This=0x720580, GUID=0x5330888*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x5330870 | out: ppTInfo=0x5330870*=0x722208) returned 0x0 [0189.100] IUnknown:Release (This=0x720580) returned 0x3 [0189.100] IUnknown:AddRef (This=0x722208) returned 0x2 [0189.100] ITypeInfo:RemoteGetTypeAttr (in: This=0x722208, ppTypeAttr=0x37e3dc, pDummy=0x54504257 | out: ppTypeAttr=0x37e3dc, pDummy=0x54504257) returned 0x0 [0189.102] ITypeInfo:LocalReleaseTypeAttr (This=0x722208) returned 0x6e5230 [0189.103] IUnknown:Release (This=0x722208) returned 0x1 [0189.103] CoGetContextToken (in: pToken=0x37df30 | out: pToken=0x37df30) returned 0x0 [0189.103] CoGetContextToken (in: pToken=0x37e344 | out: pToken=0x37e344) returned 0x0 [0189.104] CoGetContextToken (in: pToken=0x37ef2c | out: pToken=0x37ef2c) returned 0x0 [0189.104] CoGetContextToken (in: pToken=0x37ee8c | out: pToken=0x37ee8c) returned 0x0 [0189.106] CoGetContextToken (in: pToken=0x37eeac | out: pToken=0x37eeac) returned 0x0 [0189.107] LoadRegTypeLib (in: rguid=0x7082364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x37eebc*=0x0 | out: pptlib=0x37eebc*=0x720580) returned 0x0 [0189.108] ITypeLib:GetTypeInfoOfGuid (in: This=0x720580, GUID=0x5330878*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x533086c | out: ppTInfo=0x533086c*=0x7221b0) returned 0x0 [0189.108] IUnknown:Release (This=0x720580) returned 0x4 [0189.108] IUnknown:AddRef (This=0x7221b0) returned 0x2 [0189.108] ITypeInfo:LocalInvoke (This=0x7221b0) returned 0x0 [0189.108] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.108] GetCurrentThreadId () returned 0xfb0 [0189.109] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330810 [0189.109] IUnknown:Release (This=0x7221b0) returned 0x1 [0189.109] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0189.344] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x6e92a0 [0189.347] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x6e9328 [0189.363] CoGetContextToken (in: pToken=0x37ebf4 | out: pToken=0x37ebf4) returned 0x0 [0189.367] CoGetContextToken (in: pToken=0x37e70c | out: pToken=0x37e70c) returned 0x0 [0189.367] IUnknown:AddRef (This=0x7221b0) returned 0x2 [0189.368] ITypeInfo:LocalInvoke (This=0x7221b0) returned 0x0 [0189.368] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.368] GetCurrentThreadId () returned 0xfb0 [0189.368] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.368] GetCurrentThreadId () returned 0xfb0 [0189.368] IUnknown:AddRef (This=0x6e6a18) returned 0x3 [0189.368] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.368] GetCurrentThreadId () returned 0xfb0 [0189.368] IEnumWbemClassObject:Clone (in: This=0x6e6a18, ppEnum=0x37e960 | out: ppEnum=0x37e960*=0x6e6ae0) returned 0x0 [0189.371] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330cb0 [0189.371] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330d10 [0189.371] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330d70 [0189.371] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330990 [0189.371] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330dd0 [0189.371] IUnknown:QueryInterface (in: This=0x6e6ae0, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e878 | out: ppvObject=0x37e878*=0x6e6ae4) returned 0x0 [0189.371] IClientSecurity:QueryBlanket (in: This=0x6e6ae4, pProxy=0x6e6ae0, pAuthnSvc=0x37e868, pAuthzSvc=0x37e86c, pServerPrincName=0x0, pAuthnLevel=0x37e894, pImpLevel=0x37e890, pAuthInfo=0x0, pCapabilites=0x37e880 | out: pAuthnSvc=0x37e868*=0xa, pAuthzSvc=0x37e86c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e894*=0x6, pImpLevel=0x37e890*=0x2, pAuthInfo=0x0, pCapabilites=0x37e880*=0x1) returned 0x0 [0189.371] IUnknown:Release (This=0x6e6ae4) returned 0x1 [0189.372] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.372] GetCurrentThreadId () returned 0xfb0 [0189.372] IUnknown:QueryInterface (in: This=0x6e6a18, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e85c | out: ppvObject=0x37e85c*=0x6e6a1c) returned 0x0 [0189.372] IClientSecurity:QueryBlanket (in: This=0x6e6a1c, pProxy=0x6e6a18, pAuthnSvc=0x37e84c, pAuthzSvc=0x37e850, pServerPrincName=0x0, pAuthnLevel=0x37e87c, pImpLevel=0x37e880, pAuthInfo=0x0, pCapabilites=0x37e864 | out: pAuthnSvc=0x37e84c*=0xa, pAuthzSvc=0x37e850*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e87c*=0x6, pImpLevel=0x37e880*=0x3, pAuthInfo=0x0, pCapabilites=0x37e864*=0x20) returned 0x0 [0189.372] IUnknown:Release (This=0x6e6a1c) returned 0x3 [0189.372] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.372] GetCurrentThreadId () returned 0xfb0 [0189.372] IUnknown:QueryInterface (in: This=0x6e6a18, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e85c | out: ppvObject=0x37e85c*=0x6e6a1c) returned 0x0 [0189.372] IClientSecurity:QueryBlanket (in: This=0x6e6a1c, pProxy=0x6e6a18, pAuthnSvc=0x37e84c, pAuthzSvc=0x37e850, pServerPrincName=0x0, pAuthnLevel=0x37e880, pImpLevel=0x37e87c, pAuthInfo=0x0, pCapabilites=0x37e864 | out: pAuthnSvc=0x37e84c*=0xa, pAuthzSvc=0x37e850*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37e880*=0x6, pImpLevel=0x37e87c*=0x3, pAuthInfo=0x0, pCapabilites=0x37e864*=0x20) returned 0x0 [0189.372] IUnknown:Release (This=0x6e6a1c) returned 0x3 [0189.372] IUnknown:QueryInterface (in: This=0x6e6ae0, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e8a8 | out: ppvObject=0x37e8a8*=0x6e6ae4) returned 0x0 [0189.372] IClientSecurity:CopyProxy (in: This=0x6e6ae4, pProxy=0x6e6ae0, ppCopy=0x37e8ac | out: ppCopy=0x37e8ac*=0x6e6ba8) returned 0x0 [0189.373] IUnknown:QueryInterface (in: This=0x6e6ba8, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7c4 | out: ppvObject=0x37e7c4*=0x6e6bac) returned 0x0 [0189.373] IClientSecurity:QueryBlanket (in: This=0x6e6bac, pProxy=0x6e6ba8, pAuthnSvc=0x37e7e8, pAuthzSvc=0x37e7d8, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x37e7e8*=0xa, pAuthzSvc=0x37e7d8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0189.373] IUnknown:Release (This=0x6e6bac) returned 0x3 [0189.373] IUnknown:QueryInterface (in: This=0x6e6ba8, riid=0x708234f0*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e79c | out: ppvObject=0x37e79c*=0x6b8e8c) returned 0x0 [0189.373] IUnknown:QueryInterface (in: This=0x6e6ba8, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7a0 | out: ppvObject=0x37e7a0*=0x6e6bac) returned 0x0 [0189.373] IClientSecurity:SetBlanket (This=0x6e6bac, pProxy=0x6e6ba8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0189.375] IUnknown:Release (This=0x6e6bac) returned 0x4 [0189.375] WbemLocator:IUnknown:Release (This=0x6b8e8c) returned 0x3 [0189.376] IUnknown:Release (This=0x6e6ae4) returned 0x2 [0189.376] IUnknown:AddRef (This=0x6e6ba8) returned 0x3 [0189.376] IUnknown:Release (This=0x6e6ae0) returned 0x2 [0189.376] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37e918 | out: pperrinfo=0x37e918*=0x0) returned 0x1 [0189.376] IUnknown:Release (This=0x6e6a18) returned 0x2 [0189.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.376] GetCurrentThreadId () returned 0xfb0 [0189.376] IUnknown:AddRef (This=0x6e6ba8) returned 0x3 [0189.376] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.377] GetCurrentThreadId () returned 0xfb0 [0189.377] IEnumWbemClassObject:Reset (This=0x6e6ba8) returned 0x0 [0189.378] IUnknown:Release (This=0x6e6ba8) returned 0x2 [0189.378] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330810 [0189.378] IUnknown:Release (This=0x7221b0) returned 0x1 [0189.379] CoGetContextToken (in: pToken=0x37ded8 | out: pToken=0x37ded8) returned 0x0 [0189.379] CoGetContextToken (in: pToken=0x37e2ec | out: pToken=0x37e2ec) returned 0x0 [0189.402] CoGetContextToken (in: pToken=0x37eccc | out: pToken=0x37eccc) returned 0x0 [0189.402] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.402] GetCurrentThreadId () returned 0xfb0 [0189.402] IUnknown:AddRef (This=0x6e6ba8) returned 0x3 [0189.402] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.403] GetCurrentThreadId () returned 0xfb0 [0189.403] IEnumWbemClassObject:Next (in: This=0x6e6ba8, lTimeout=-1, uCount=0x1, apObjects=0x37f04c, puReturned=0x37f044 | out: apObjects=0x37f04c*=0x725a28, puReturned=0x37f044*=0x1) returned 0x0 [0189.415] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330e88 [0189.415] IUnknown:AddRef (This=0x725a28) returned 0x2 [0189.415] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330ed0 [0189.415] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330f40 [0189.415] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5330fa0 [0189.415] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53309b0 [0189.415] WbemLocator:IUnknown:AddRef (This=0x71c948) returned 0x3 [0189.416] IUnknown:AddRef (This=0x6e6ba8) returned 0x4 [0189.416] IUnknown:QueryInterface (in: This=0x6e6ba8, riid=0x708231fc*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37efac | out: ppvObject=0x37efac*=0x6e6bac) returned 0x0 [0189.416] IClientSecurity:QueryBlanket (in: This=0x6e6bac, pProxy=0x6e6ba8, pAuthnSvc=0x37ef9c, pAuthzSvc=0x37efa0, pServerPrincName=0x0, pAuthnLevel=0x37efbc, pImpLevel=0x37efc8, pAuthInfo=0x0, pCapabilites=0x37efb4 | out: pAuthnSvc=0x37ef9c*=0xa, pAuthzSvc=0x37efa0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x37efbc*=0x6, pImpLevel=0x37efc8*=0x3, pAuthInfo=0x0, pCapabilites=0x37efb4*=0x20) returned 0x0 [0189.416] IUnknown:Release (This=0x6e6bac) returned 0x4 [0189.416] WbemLocator:IUnknown:Release (This=0x71c948) returned 0x2 [0189.416] WbemLocator:IUnknown:AddRef (This=0x71c948) returned 0x3 [0189.416] IUnknown:Release (This=0x6e6ba8) returned 0x3 [0189.416] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0189.416] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5331000 [0189.416] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5331030 [0189.416] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5331050 [0189.417] IUnknown:AddRef (This=0x725a28) returned 0x3 [0189.417] IUnknown:Release (This=0x725a28) returned 0x2 [0189.417] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37f000 | out: pperrinfo=0x37f000*=0x0) returned 0x1 [0189.417] IUnknown:Release (This=0x6e6ba8) returned 0x2 [0189.417] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37f044 | out: pperrinfo=0x37f044*=0x0) returned 0x1 [0189.419] LoadRegTypeLib (in: rguid=0x7082364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x37e80c*=0x0 | out: pptlib=0x37e80c*=0x720580) returned 0x0 [0189.420] ITypeLib:GetTypeInfoOfGuid (in: This=0x720580, GUID=0x708370c4*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x533101c | out: ppTInfo=0x533101c*=0x722234) returned 0x0 [0189.420] IUnknown:Release (This=0x720580) returned 0x5 [0189.420] IUnknown:AddRef (This=0x722234) returned 0x2 [0189.420] ITypeInfo:RemoteGetTypeAttr (in: This=0x722234, ppTypeAttr=0x37e84c, pDummy=0x54504e27 | out: ppTypeAttr=0x37e84c, pDummy=0x54504e27) returned 0x0 [0189.422] ITypeInfo:LocalReleaseTypeAttr (This=0x722234) returned 0x6e5230 [0189.422] IUnknown:Release (This=0x722234) returned 0x1 [0189.423] CoGetContextToken (in: pToken=0x37e3a0 | out: pToken=0x37e3a0) returned 0x0 [0189.423] CoGetContextToken (in: pToken=0x37e7b4 | out: pToken=0x37e7b4) returned 0x0 [0189.426] CoGetContextToken (in: pToken=0x37eb6c | out: pToken=0x37eb6c) returned 0x0 [0189.427] LoadRegTypeLib (in: rguid=0x7082364c*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x37eb68*=0x0 | out: pptlib=0x37eb68*=0x720580) returned 0x0 [0189.431] ITypeLib:GetTypeInfoOfGuid (in: This=0x720580, GUID=0x708255e4*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x5331018 | out: ppTInfo=0x5331018*=0x722260) returned 0x0 [0189.432] IUnknown:Release (This=0x720580) returned 0x6 [0189.432] IUnknown:AddRef (This=0x722260) returned 0x2 [0189.432] DispGetIDsOfNames (in: ptinfo=0x722260, rgszNames=0x37ebe0*="SerialNumber", cNames=0x1, rgdispid=0x37ebd0 | out: rgdispid=0x37ebd0*=-1) returned 0x80020006 [0189.458] IUnknown:AddRef (This=0x725a28) returned 0x3 [0189.458] IWbemClassObject:Get (in: This=0x725a28, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x37eaf0*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x37eaf0*=0) returned 0x0 [0189.459] IUnknown:Release (This=0x725a28) returned 0x2 [0189.459] SysStringLen (param_1="SerialNumber") returned 0xc [0189.459] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5331078 [0189.459] SysStringLen (param_1="SerialNumber") returned 0xc [0189.459] IUnknown:Release (This=0x722260) returned 0x1 [0189.459] IUnknown:AddRef (This=0x722260) returned 0x2 [0189.459] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.459] GetCurrentThreadId () returned 0xfb0 [0189.460] SysStringLen (param_1="SerialNumber") returned 0xc [0189.460] IWbemClassObject:Get (in: This=0x725a28, wszName="SerialNumber", lFlags=0, pVal=0x37e970*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x37e9a8, varVal2=0x70822d81), pType=0x37e980*=1887579526, plFlavor=0x0 | out: pVal=0x37e970*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..CN747510BO0504.", varVal2=0x70822d81), pType=0x37e980*=8, plFlavor=0x0) returned 0x0 [0189.460] IUnknown:Release (This=0x722260) returned 0x1 [0189.462] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22 [0189.462] SysStringByteLen (bstr="..CN747510BO0504.") returned 0x22 [0189.464] CoGetContextToken (in: pToken=0x37eccc | out: pToken=0x37eccc) returned 0x0 [0189.464] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.464] GetCurrentThreadId () returned 0xfb0 [0189.464] IUnknown:AddRef (This=0x6e6ba8) returned 0x3 [0189.464] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0189.464] GetCurrentThreadId () returned 0xfb0 [0189.464] IEnumWbemClassObject:Next (in: This=0x6e6ba8, lTimeout=-1, uCount=0x1, apObjects=0x37f04c, puReturned=0x37f044 | out: apObjects=0x37f04c*=0x0, puReturned=0x37f044*=0x0) returned 0x1 [0189.466] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37f000 | out: pperrinfo=0x37f000*=0x0) returned 0x1 [0189.466] IUnknown:Release (This=0x6e6ba8) returned 0x2 [0189.467] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x37f044 | out: pperrinfo=0x37f044*=0x0) returned 0x1 [0189.639] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b0 [0189.641] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b4 [0189.651] SetEvent (hEvent=0x2b4) returned 1 [0189.688] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f034*=0x2b0, lpdwindex=0x37ee58 | out: lpdwindex=0x37ee58) returned 0x0 [0189.688] CoGetContextToken (in: pToken=0x37ef0c | out: pToken=0x37ef0c) returned 0x0 [0189.688] CoGetContextToken (in: pToken=0x37ee6c | out: pToken=0x37ee6c) returned 0x0 [0189.688] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x37ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef38 | out: ppvObject=0x37ef38*=0x730f90) returned 0x0 [0189.688] WbemDefPath:IUnknown:AddRef (This=0x730f90) returned 0x3 [0189.688] WbemDefPath:IUnknown:Release (This=0x730f90) returned 0x2 [0189.692] WbemDefPath:IWbemPath:SetText (This=0x730f90, uMode=0x4, pszPath="win32_processor") returned 0x0 [0189.695] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x730f90, puCount=0x37f0b4 | out: puCount=0x37f0b4*=0x0) returned 0x0 [0189.695] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f0b0*=0x0, pszText=0x0 | out: puBuffLength=0x37f0b0*=0x10, pszText=0x0) returned 0x0 [0189.696] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f0b0*=0x10, pszText="000000000000000" | out: puBuffLength=0x37f0b0*=0x10, pszText="win32_processor") returned 0x0 [0189.696] WbemDefPath:IWbemPath:GetInfo (in: This=0x730f90, uRequestedInfo=0x0, puResponse=0x37f0bc | out: puResponse=0x37f0bc*=0xc15) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x730f90, puCount=0x37f0b4 | out: puCount=0x37f0b4*=0x0) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetInfo (in: This=0x730f90, uRequestedInfo=0x0, puResponse=0x37f0bc | out: puResponse=0x37f0bc*=0xc15) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x730f90, puCount=0x37f0a4 | out: puCount=0x37f0a4*=0x0) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f0a0*=0x0, pszText=0x0 | out: puBuffLength=0x37f0a0*=0x10, pszText=0x0) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f0a0*=0x10, pszText="000000000000000" | out: puBuffLength=0x37f0a0*=0x10, pszText="win32_processor") returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x730f90, puCount=0x37f0a4 | out: puCount=0x37f0a4*=0x0) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f0a0*=0x0, pszText=0x0 | out: puBuffLength=0x37f0a0*=0x10, pszText=0x0) returned 0x0 [0189.697] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f0a0*=0x10, pszText="000000000000000" | out: puBuffLength=0x37f0a0*=0x10, pszText="win32_processor") returned 0x0 [0189.698] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x730f90, puCount=0x37f034 | out: puCount=0x37f034*=0x0) returned 0x0 [0189.698] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e4 [0189.698] SetEvent (hEvent=0x2b4) returned 1 [0189.699] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37e88c*=0x2e4, lpdwindex=0x37e6b0 | out: lpdwindex=0x37e6b0) returned 0x0 [0189.703] CoGetContextToken (in: pToken=0x37e764 | out: pToken=0x37e764) returned 0x0 [0189.703] CoGetContextToken (in: pToken=0x37e6c4 | out: pToken=0x37e6c4) returned 0x0 [0189.703] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x37e794*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37e790 | out: ppvObject=0x37e790*=0x731000) returned 0x0 [0189.703] WbemDefPath:IUnknown:AddRef (This=0x731000) returned 0x3 [0189.703] WbemDefPath:IUnknown:Release (This=0x731000) returned 0x2 [0189.703] WbemDefPath:IWbemPath:SetText (This=0x731000, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0189.703] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37f020 | out: puCount=0x37f020*=0x2) returned 0x0 [0189.703] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37f01c*=0x0, pszText=0x0 | out: puBuffLength=0x37f01c*=0xf, pszText=0x0) returned 0x0 [0189.703] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37f01c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f01c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0189.703] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2e8 [0189.704] SetEvent (hEvent=0x2b4) returned 1 [0189.704] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef7c*=0x2e8, lpdwindex=0x37eda0 | out: lpdwindex=0x37eda0) returned 0x0 [0189.706] CoGetContextToken (in: pToken=0x37ee54 | out: pToken=0x37ee54) returned 0x0 [0189.707] CoGetContextToken (in: pToken=0x37edb4 | out: pToken=0x37edb4) returned 0x0 [0189.707] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x37ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee80 | out: ppvObject=0x37ee80*=0x731070) returned 0x0 [0189.707] WbemDefPath:IUnknown:AddRef (This=0x731070) returned 0x3 [0189.707] WbemDefPath:IUnknown:Release (This=0x731070) returned 0x2 [0189.707] WbemDefPath:IWbemPath:SetText (This=0x731070, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0189.707] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731070, puCount=0x37eff8 | out: puCount=0x37eff8*=0x2) returned 0x0 [0189.707] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37eff4*=0x0, pszText=0x0 | out: puBuffLength=0x37eff4*=0xf, pszText=0x0) returned 0x0 [0189.707] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37eff4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eff4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0189.717] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef18*=0x2fc, lpdwindex=0x37edd0 | out: lpdwindex=0x37edd0) returned 0x0 [0190.532] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731070, puCount=0x37f01c | out: puCount=0x37f01c*=0x2) returned 0x0 [0190.532] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f018*=0x0, pszText=0x0 | out: puBuffLength=0x37f018*=0xf, pszText=0x0) returned 0x0 [0190.532] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f018*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f018*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.532] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f020*=0x0, pszText=0x0 | out: puBuffLength=0x37f020*=0x10, pszText=0x0) returned 0x0 [0190.532] WbemDefPath:IWbemPath:GetText (in: This=0x730f90, lFlags=2, puBuffLength=0x37f020*=0x10, pszText="000000000000000" | out: puBuffLength=0x37f020*=0x10, pszText="win32_processor") returned 0x0 [0190.535] CoGetContextToken (in: pToken=0x37edc4 | out: pToken=0x37edc4) returned 0x0 [0190.535] CoGetContextToken (in: pToken=0x37ed24 | out: pToken=0x37ed24) returned 0x0 [0190.535] CoGetContextToken (in: pToken=0x37ed24 | out: pToken=0x37ed24) returned 0x0 [0190.535] CoGetContextToken (in: pToken=0x37ecc4 | out: pToken=0x37ecc4) returned 0x0 [0190.535] IUnknown:QueryInterface (in: This=0x6ad938, riid=0x71938ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ec9c | out: ppvObject=0x37ec9c*=0x6ad948) returned 0x0 [0190.536] CObjectContext::ContextCallback () returned 0x0 [0190.546] IUnknown:Release (This=0x6ad948) returned 0x1 [0190.547] CoUnmarshalInterface (in: pStm=0x6fbaa8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ed18 | out: ppv=0x37ed18*=0x732564) returned 0x0 [0190.548] CoMarshalInterface (pStm=0x6fbaa8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x732564, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0190.548] WbemLocator:IUnknown:QueryInterface (in: This=0x732564, riid=0x37edf4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37edf0 | out: ppvObject=0x37edf0*=0x71cf38) returned 0x0 [0190.553] WbemLocator:IUnknown:Release (This=0x732564) returned 0x1 [0190.554] IWbemServices:GetObject (in: This=0x71cf38, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x37efd4*=0x0, ppCallResult=0x0 | out: ppObject=0x37efd4*=0x747370, ppCallResult=0x0) returned 0x0 [0190.563] WbemLocator:IUnknown:Release (This=0x71cf38) returned 0x0 [0190.564] IWbemClassObject:Get (in: This=0x747370, wszName="__PATH", lFlags=0, pVal=0x37efbc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f064*=0, plFlavor=0x37f060*=0 | out: pVal=0x37efbc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor", varVal2=0x0), pType=0x37f064*=8, plFlavor=0x37f060*=64) returned 0x0 [0190.566] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e [0190.566] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x4e [0190.567] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x33c [0190.567] SetEvent (hEvent=0x2b4) returned 1 [0190.567] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef78*=0x33c, lpdwindex=0x37ed9c | out: lpdwindex=0x37ed9c) returned 0x0 [0190.571] CoGetContextToken (in: pToken=0x37ee4c | out: pToken=0x37ee4c) returned 0x0 [0190.571] CoGetContextToken (in: pToken=0x37edac | out: pToken=0x37edac) returned 0x0 [0190.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x37ee7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee78 | out: ppvObject=0x37ee78*=0x7310e0) returned 0x0 [0190.571] WbemDefPath:IUnknown:AddRef (This=0x7310e0) returned 0x3 [0190.571] WbemDefPath:IUnknown:Release (This=0x7310e0) returned 0x2 [0190.571] WbemDefPath:IWbemPath:SetText (This=0x7310e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\CIMV2:Win32_Processor") returned 0x0 [0190.571] IWbemClassObject:Get (in: This=0x747370, wszName="__CLASS", lFlags=0, pVal=0x37f02c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0ac*=0, plFlavor=0x37f0a8*=0 | out: pVal=0x37f02c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x37f0ac*=8, plFlavor=0x37f0a8*=64) returned 0x0 [0190.571] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0190.571] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0190.571] CoGetContextToken (in: pToken=0x37ee4c | out: pToken=0x37ee4c) returned 0x0 [0190.571] CoGetContextToken (in: pToken=0x37edac | out: pToken=0x37edac) returned 0x0 [0190.571] CoGetContextToken (in: pToken=0x37edac | out: pToken=0x37edac) returned 0x0 [0190.572] CoUnmarshalInterface (in: pStm=0x6fbaa8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37eda0 | out: ppv=0x37eda0*=0x732564) returned 0x0 [0190.572] CoMarshalInterface (pStm=0x6fbaa8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x732564, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0190.573] WbemLocator:IUnknown:QueryInterface (in: This=0x732564, riid=0x37ee7c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ee78 | out: ppvObject=0x37ee78*=0x71d028) returned 0x0 [0190.573] WbemLocator:IUnknown:Release (This=0x732564) returned 0x1 [0190.573] IWbemServices:CreateInstanceEnum (in: This=0x71d028, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x37f028 | out: ppEnum=0x37f028*=0x6e6d38) returned 0x0 [0190.592] IUnknown:QueryInterface (in: This=0x6e6d38, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eeb4 | out: ppvObject=0x37eeb4*=0x6e6d3c) returned 0x0 [0190.593] IClientSecurity:QueryBlanket (in: This=0x6e6d3c, pProxy=0x6e6d38, pAuthnSvc=0x37ef04, pAuthzSvc=0x37ef00, pServerPrincName=0x37eef8, pAuthnLevel=0x37eefc, pImpLevel=0x37eeec, pAuthInfo=0x37eef0, pCapabilites=0x37eef4 | out: pAuthnSvc=0x37ef04*=0xa, pAuthzSvc=0x37ef00*=0x0, pServerPrincName=0x37eef8, pAuthnLevel=0x37eefc*=0x6, pImpLevel=0x37eeec*=0x2, pAuthInfo=0x37eef0, pCapabilites=0x37eef4*=0x1) returned 0x0 [0190.593] IUnknown:Release (This=0x6e6d3c) returned 0x1 [0190.593] IUnknown:QueryInterface (in: This=0x6e6d38, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eea8 | out: ppvObject=0x37eea8*=0x732654) returned 0x0 [0190.593] IUnknown:QueryInterface (in: This=0x6e6d38, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee94 | out: ppvObject=0x37ee94*=0x6e6d3c) returned 0x0 [0190.593] IClientSecurity:SetBlanket (This=0x6e6d3c, pProxy=0x6e6d38, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0190.620] IUnknown:Release (This=0x6e6d3c) returned 0x2 [0190.620] WbemLocator:IUnknown:Release (This=0x732654) returned 0x1 [0190.620] CoTaskMemFree (pv=0x724fe0) [0190.620] IUnknown:AddRef (This=0x6e6d38) returned 0x2 [0190.621] CoGetContextToken (in: pToken=0x37e3d0 | out: pToken=0x37e3d0) returned 0x0 [0190.621] CoGetContextToken (in: pToken=0x37e7e4 | out: pToken=0x37e7e4) returned 0x0 [0190.621] IUnknown:QueryInterface (in: This=0x6e6d38, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e77c | out: ppvObject=0x37e77c*=0x73263c) returned 0x0 [0190.621] WbemLocator:IRpcOptions:Query (in: This=0x73263c, pPrx=0x735dd0, dwProperty=2, pdwValue=0x37e870 | out: pdwValue=0x37e870) returned 0x80004002 [0190.621] WbemLocator:IUnknown:Release (This=0x73263c) returned 0x2 [0190.622] CoGetContextToken (in: pToken=0x37edb4 | out: pToken=0x37edb4) returned 0x0 [0190.622] CoGetContextToken (in: pToken=0x37ed14 | out: pToken=0x37ed14) returned 0x0 [0190.622] IUnknown:QueryInterface (in: This=0x6e6d38, riid=0x37ede4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ecb0 | out: ppvObject=0x37ecb0*=0x6e6d38) returned 0x0 [0190.622] IUnknown:Release (This=0x6e6d38) returned 0x2 [0190.622] WbemLocator:IUnknown:Release (This=0x71d028) returned 0x0 [0190.622] SysStringLen (param_1=0x0) returned 0x0 [0190.623] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731070, puCount=0x37f064 | out: puCount=0x37f064*=0x2) returned 0x0 [0190.623] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f060*=0x0, pszText=0x0 | out: puBuffLength=0x37f060*=0xf, pszText=0x0) returned 0x0 [0190.623] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f060*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f060*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0190.623] CoGetContextToken (in: pToken=0x37eeac | out: pToken=0x37eeac) returned 0x0 [0190.623] IEnumWbemClassObject:Clone (in: This=0x6e6d38, ppEnum=0x37f064 | out: ppEnum=0x37f064*=0x6e6e00) returned 0x0 [0190.685] IUnknown:QueryInterface (in: This=0x6e6e00, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef20 | out: ppvObject=0x37ef20*=0x6e6e04) returned 0x0 [0190.685] IClientSecurity:QueryBlanket (in: This=0x6e6e04, pProxy=0x6e6e00, pAuthnSvc=0x37ef70, pAuthzSvc=0x37ef6c, pServerPrincName=0x37ef64, pAuthnLevel=0x37ef68, pImpLevel=0x37ef58, pAuthInfo=0x37ef5c, pCapabilites=0x37ef60 | out: pAuthnSvc=0x37ef70*=0xa, pAuthzSvc=0x37ef6c*=0x0, pServerPrincName=0x37ef64, pAuthnLevel=0x37ef68*=0x6, pImpLevel=0x37ef58*=0x2, pAuthInfo=0x37ef5c, pCapabilites=0x37ef60*=0x1) returned 0x0 [0190.685] IUnknown:Release (This=0x6e6e04) returned 0x1 [0190.685] IUnknown:QueryInterface (in: This=0x6e6e00, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef14 | out: ppvObject=0x37ef14*=0x732564) returned 0x0 [0190.685] IUnknown:QueryInterface (in: This=0x6e6e00, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef00 | out: ppvObject=0x37ef00*=0x6e6e04) returned 0x0 [0190.685] IClientSecurity:SetBlanket (This=0x6e6e04, pProxy=0x6e6e00, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0190.766] IUnknown:Release (This=0x6e6e04) returned 0x2 [0190.766] WbemLocator:IUnknown:Release (This=0x732564) returned 0x1 [0190.766] CoTaskMemFree (pv=0x724fb0) [0190.767] IUnknown:AddRef (This=0x6e6e00) returned 0x2 [0190.767] CoGetContextToken (in: pToken=0x37e430 | out: pToken=0x37e430) returned 0x0 [0190.767] CoGetContextToken (in: pToken=0x37e844 | out: pToken=0x37e844) returned 0x0 [0190.767] IUnknown:QueryInterface (in: This=0x6e6e00, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7dc | out: ppvObject=0x37e7dc*=0x73254c) returned 0x0 [0190.768] WbemLocator:IRpcOptions:Query (in: This=0x73254c, pPrx=0x747860, dwProperty=2, pdwValue=0x37e8d0 | out: pdwValue=0x37e8d0) returned 0x80004002 [0190.768] WbemLocator:IUnknown:Release (This=0x73254c) returned 0x2 [0190.768] CoGetContextToken (in: pToken=0x37ee14 | out: pToken=0x37ee14) returned 0x0 [0190.768] CoGetContextToken (in: pToken=0x37ed74 | out: pToken=0x37ed74) returned 0x0 [0190.768] IUnknown:QueryInterface (in: This=0x6e6e00, riid=0x37ee44*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x6e6e00) returned 0x0 [0190.768] IUnknown:Release (This=0x6e6e00) returned 0x2 [0190.768] SysStringLen (param_1=0x0) returned 0x0 [0190.769] IEnumWbemClassObject:Reset (This=0x6e6e00) returned 0x0 [0190.900] CoTaskMemAlloc (cb=0x4) returned 0x7248a0 [0190.901] IEnumWbemClassObject:Next (in: This=0x6e6e00, lTimeout=-1, uCount=0x1, apObjects=0x7248a0, puReturned=0x23f030c | out: apObjects=0x7248a0*=0x74aa58, puReturned=0x23f030c*=0x1) returned 0x0 [0201.360] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x74aa58) returned 0x0 [0201.361] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0201.361] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0201.362] IUnknown:AddRef (This=0x74aa58) returned 0x3 [0201.362] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0201.362] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0201.362] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x74aa5c) returned 0x0 [0201.362] IMarshal:GetUnmarshalClass (in: This=0x74aa5c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0201.362] IUnknown:Release (This=0x74aa5c) returned 0x3 [0201.362] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0201.363] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0201.363] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0201.363] IUnknown:Release (This=0x74aa58) returned 0x2 [0201.363] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0201.363] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0201.363] IUnknown:QueryInterface (in: This=0x74aa58, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x74aa58) returned 0x0 [0201.363] IUnknown:AddRef (This=0x74aa58) returned 0x4 [0201.363] IUnknown:Release (This=0x74aa58) returned 0x3 [0201.364] IUnknown:Release (This=0x74aa58) returned 0x2 [0201.365] CoTaskMemFree (pv=0x7248a0) [0201.365] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0201.365] IUnknown:AddRef (This=0x74aa58) returned 0x3 [0201.366] IWbemClassObject:Get (in: This=0x74aa58, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0201.368] IWbemClassObject:Get (in: This=0x74aa58, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0201.369] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0201.369] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0201.369] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344 [0201.369] SetEvent (hEvent=0x2b4) returned 1 [0201.370] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x344, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0201.377] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0201.377] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0201.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7311c0) returned 0x0 [0201.378] WbemDefPath:IUnknown:AddRef (This=0x7311c0) returned 0x3 [0201.378] WbemDefPath:IUnknown:Release (This=0x7311c0) returned 0x2 [0201.378] WbemDefPath:IWbemPath:SetText (This=0x7311c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0201.378] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731070, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0201.378] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0201.378] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.379] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731070, puCount=0x37f070 | out: puCount=0x37f070*=0x2) returned 0x0 [0201.379] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f06c*=0x0, pszText=0x0 | out: puBuffLength=0x37f06c*=0xf, pszText=0x0) returned 0x0 [0201.379] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=4, puBuffLength=0x37f06c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f06c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.384] IWbemClassObject:Get (in: This=0x74aa58, wszName="processorID", lFlags=0, pVal=0x37f06c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f0bc4*=0, plFlavor=0x23f0bc8*=0 | out: pVal=0x37f06c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x23f0bc4*=8, plFlavor=0x23f0bc8*=0) returned 0x0 [0201.384] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0201.384] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0201.384] IWbemClassObject:Get (in: This=0x74aa58, wszName="processorID", lFlags=0, pVal=0x37f074*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f0bc4*=8, plFlavor=0x23f0bc8*=0 | out: pVal=0x37f074*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x23f0bc4*=8, plFlavor=0x23f0bc8*=0) returned 0x0 [0201.384] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0201.384] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0201.386] CoTaskMemAlloc (cb=0x4) returned 0x7248f0 [0201.386] IEnumWbemClassObject:Next (in: This=0x6e6e00, lTimeout=-1, uCount=0x1, apObjects=0x7248f0, puReturned=0x23f030c | out: apObjects=0x7248f0*=0x0, puReturned=0x23f030c*=0x0) returned 0x1 [0201.395] CoTaskMemFree (pv=0x7248f0) [0201.396] CoGetContextToken (in: pToken=0x37ef88 | out: pToken=0x37ef88) returned 0x0 [0201.396] IUnknown:Release (This=0x6e6e00) returned 0x1 [0201.396] IUnknown:Release (This=0x6e6e00) returned 0x0 [0201.420] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x348 [0201.420] SetEvent (hEvent=0x2b4) returned 1 [0201.421] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f034*=0x348, lpdwindex=0x37ee58 | out: lpdwindex=0x37ee58) returned 0x0 [0201.424] CoGetContextToken (in: pToken=0x37ef0c | out: pToken=0x37ef0c) returned 0x0 [0201.424] CoGetContextToken (in: pToken=0x37ee6c | out: pToken=0x37ee6c) returned 0x0 [0201.424] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x37ef3c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef38 | out: ppvObject=0x37ef38*=0x731230) returned 0x0 [0201.424] WbemDefPath:IUnknown:AddRef (This=0x731230) returned 0x3 [0201.424] WbemDefPath:IUnknown:Release (This=0x731230) returned 0x2 [0201.424] WbemDefPath:IWbemPath:SetText (This=0x731230, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731230, puCount=0x37f0b4 | out: puCount=0x37f0b4*=0x0) returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f0b0*=0x0, pszText=0x0 | out: puBuffLength=0x37f0b0*=0x22, pszText=0x0) returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f0b0*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37f0b0*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetInfo (in: This=0x731230, uRequestedInfo=0x0, puResponse=0x37f0bc | out: puResponse=0x37f0bc*=0xc15) returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731230, puCount=0x37f0b4 | out: puCount=0x37f0b4*=0x0) returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetInfo (in: This=0x731230, uRequestedInfo=0x0, puResponse=0x37f0bc | out: puResponse=0x37f0bc*=0xc15) returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731230, puCount=0x37f0a4 | out: puCount=0x37f0a4*=0x0) returned 0x0 [0201.424] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f0a0*=0x0, pszText=0x0 | out: puBuffLength=0x37f0a0*=0x22, pszText=0x0) returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f0a0*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37f0a0*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731230, puCount=0x37f0a4 | out: puCount=0x37f0a4*=0x0) returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f0a0*=0x0, pszText=0x0 | out: puBuffLength=0x37f0a0*=0x22, pszText=0x0) returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f0a0*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37f0a0*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731230, puCount=0x37f034 | out: puCount=0x37f034*=0x0) returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37f020 | out: puCount=0x37f020*=0x2) returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37f01c*=0x0, pszText=0x0 | out: puBuffLength=0x37f01c*=0xf, pszText=0x0) returned 0x0 [0201.425] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37f01c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f01c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.425] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x34c [0201.425] SetEvent (hEvent=0x2b4) returned 1 [0201.425] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef7c*=0x34c, lpdwindex=0x37eda0 | out: lpdwindex=0x37eda0) returned 0x0 [0201.428] CoGetContextToken (in: pToken=0x37ee54 | out: pToken=0x37ee54) returned 0x0 [0201.428] CoGetContextToken (in: pToken=0x37edb4 | out: pToken=0x37edb4) returned 0x0 [0201.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x37ee84*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee80 | out: ppvObject=0x37ee80*=0x7312a0) returned 0x0 [0201.429] WbemDefPath:IUnknown:AddRef (This=0x7312a0) returned 0x3 [0201.429] WbemDefPath:IUnknown:Release (This=0x7312a0) returned 0x2 [0201.429] WbemDefPath:IWbemPath:SetText (This=0x7312a0, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0201.429] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37eff8 | out: puCount=0x37eff8*=0x2) returned 0x0 [0201.429] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37eff4*=0x0, pszText=0x0 | out: puBuffLength=0x37eff4*=0xf, pszText=0x0) returned 0x0 [0201.429] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37eff4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eff4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.446] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef18*=0x360, lpdwindex=0x37edd0 | out: lpdwindex=0x37edd0) returned 0x0 [0201.482] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f01c | out: puCount=0x37f01c*=0x2) returned 0x0 [0201.482] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f018*=0x0, pszText=0x0 | out: puBuffLength=0x37f018*=0xf, pszText=0x0) returned 0x0 [0201.482] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f018*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f018*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.482] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f020*=0x0, pszText=0x0 | out: puBuffLength=0x37f020*=0x22, pszText=0x0) returned 0x0 [0201.482] WbemDefPath:IWbemPath:GetText (in: This=0x731230, lFlags=2, puBuffLength=0x37f020*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x37f020*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0201.483] CoGetContextToken (in: pToken=0x37ed9c | out: pToken=0x37ed9c) returned 0x0 [0201.483] CoGetContextToken (in: pToken=0x37ecfc | out: pToken=0x37ecfc) returned 0x0 [0201.483] CoGetContextToken (in: pToken=0x37ecfc | out: pToken=0x37ecfc) returned 0x0 [0201.483] CoGetContextToken (in: pToken=0x37ec9c | out: pToken=0x37ec9c) returned 0x0 [0201.483] IUnknown:QueryInterface (in: This=0x6ad938, riid=0x71938ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ec74 | out: ppvObject=0x37ec74*=0x6ad948) returned 0x0 [0201.483] CObjectContext::ContextCallback () returned 0x0 [0201.487] IUnknown:Release (This=0x6ad948) returned 0x1 [0201.488] CoUnmarshalInterface (in: pStm=0x6fba88, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ecf0 | out: ppv=0x37ecf0*=0x732924) returned 0x0 [0201.488] CoMarshalInterface (pStm=0x6fba88, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x732924, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0201.488] WbemLocator:IUnknown:QueryInterface (in: This=0x732924, riid=0x37edcc*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37edc8 | out: ppvObject=0x37edc8*=0x71d258) returned 0x0 [0201.489] WbemLocator:IUnknown:Release (This=0x732924) returned 0x1 [0201.489] IWbemServices:GetObject (in: This=0x71d258, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x37efd4*=0x0, ppCallResult=0x0 | out: ppObject=0x37efd4*=0x74bc70, ppCallResult=0x0) returned 0x0 [0201.543] WbemLocator:IUnknown:Release (This=0x71d258) returned 0x0 [0201.544] IWbemClassObject:Get (in: This=0x74bc70, wszName="__PATH", lFlags=0, pVal=0x37efbc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f064*=0, plFlavor=0x37f060*=0 | out: pVal=0x37efbc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x37f064*=8, plFlavor=0x37f060*=64) returned 0x0 [0201.544] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72 [0201.544] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x72 [0201.544] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0201.544] SetEvent (hEvent=0x2b4) returned 1 [0201.544] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef78*=0x37c, lpdwindex=0x37ed9c | out: lpdwindex=0x37ed9c) returned 0x0 [0201.549] CoGetContextToken (in: pToken=0x37ee4c | out: pToken=0x37ee4c) returned 0x0 [0201.549] CoGetContextToken (in: pToken=0x37edac | out: pToken=0x37edac) returned 0x0 [0201.549] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x37ee7c*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee78 | out: ppvObject=0x37ee78*=0x731310) returned 0x0 [0201.549] WbemDefPath:IUnknown:AddRef (This=0x731310) returned 0x3 [0201.549] WbemDefPath:IUnknown:Release (This=0x731310) returned 0x2 [0201.549] WbemDefPath:IWbemPath:SetText (This=0x731310, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0201.549] IWbemClassObject:Get (in: This=0x74bc70, wszName="__CLASS", lFlags=0, pVal=0x37f02c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0ac*=0, plFlavor=0x37f0a8*=0 | out: pVal=0x37f02c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x37f0ac*=8, plFlavor=0x37f0a8*=64) returned 0x0 [0201.549] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0201.549] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0201.549] CoGetContextToken (in: pToken=0x37ee2c | out: pToken=0x37ee2c) returned 0x0 [0201.549] CoGetContextToken (in: pToken=0x37ed8c | out: pToken=0x37ed8c) returned 0x0 [0201.549] CoGetContextToken (in: pToken=0x37ed8c | out: pToken=0x37ed8c) returned 0x0 [0201.550] CoUnmarshalInterface (in: pStm=0x6fba88, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ed80 | out: ppv=0x37ed80*=0x732924) returned 0x0 [0201.550] CoMarshalInterface (pStm=0x6fba88, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x732924, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0201.550] WbemLocator:IUnknown:QueryInterface (in: This=0x732924, riid=0x37ee5c*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ee58 | out: ppvObject=0x37ee58*=0x71d348) returned 0x0 [0201.551] WbemLocator:IUnknown:Release (This=0x732924) returned 0x1 [0201.551] IWbemServices:CreateInstanceEnum (in: This=0x71d348, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x37f028 | out: ppEnum=0x37f028*=0x6e6f90) returned 0x0 [0201.570] IUnknown:QueryInterface (in: This=0x6e6f90, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee90 | out: ppvObject=0x37ee90*=0x6e6f94) returned 0x0 [0201.570] IClientSecurity:QueryBlanket (in: This=0x6e6f94, pProxy=0x6e6f90, pAuthnSvc=0x37eee0, pAuthzSvc=0x37eedc, pServerPrincName=0x37eed4, pAuthnLevel=0x37eed8, pImpLevel=0x37eec8, pAuthInfo=0x37eecc, pCapabilites=0x37eed0 | out: pAuthnSvc=0x37eee0*=0xa, pAuthzSvc=0x37eedc*=0x0, pServerPrincName=0x37eed4, pAuthnLevel=0x37eed8*=0x6, pImpLevel=0x37eec8*=0x2, pAuthInfo=0x37eecc, pCapabilites=0x37eed0*=0x1) returned 0x0 [0201.570] IUnknown:Release (This=0x6e6f94) returned 0x1 [0201.570] IUnknown:QueryInterface (in: This=0x6e6f90, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee84 | out: ppvObject=0x37ee84*=0x732a14) returned 0x0 [0201.570] IUnknown:QueryInterface (in: This=0x6e6f90, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee70 | out: ppvObject=0x37ee70*=0x6e6f94) returned 0x0 [0201.570] IClientSecurity:SetBlanket (This=0x6e6f94, pProxy=0x6e6f90, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.610] IUnknown:Release (This=0x6e6f94) returned 0x2 [0201.610] WbemLocator:IUnknown:Release (This=0x732a14) returned 0x1 [0201.610] CoTaskMemFree (pv=0x7250a0) [0201.610] IUnknown:AddRef (This=0x6e6f90) returned 0x2 [0201.610] CoGetContextToken (in: pToken=0x37e3ac | out: pToken=0x37e3ac) returned 0x0 [0201.611] CoGetContextToken (in: pToken=0x37e7bc | out: pToken=0x37e7bc) returned 0x0 [0201.611] IUnknown:QueryInterface (in: This=0x6e6f90, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e758 | out: ppvObject=0x37e758*=0x7329fc) returned 0x0 [0201.611] WbemLocator:IRpcOptions:Query (in: This=0x7329fc, pPrx=0x74b5d8, dwProperty=2, pdwValue=0x37e84c | out: pdwValue=0x37e84c) returned 0x80004002 [0201.611] WbemLocator:IUnknown:Release (This=0x7329fc) returned 0x2 [0201.611] CoGetContextToken (in: pToken=0x37ed8c | out: pToken=0x37ed8c) returned 0x0 [0201.611] CoGetContextToken (in: pToken=0x37ecec | out: pToken=0x37ecec) returned 0x0 [0201.611] IUnknown:QueryInterface (in: This=0x6e6f90, riid=0x37edbc*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ec88 | out: ppvObject=0x37ec88*=0x6e6f90) returned 0x0 [0201.612] IUnknown:Release (This=0x6e6f90) returned 0x2 [0201.612] WbemLocator:IUnknown:Release (This=0x71d348) returned 0x0 [0201.612] SysStringLen (param_1=0x0) returned 0x0 [0201.612] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f064 | out: puCount=0x37f064*=0x2) returned 0x0 [0201.612] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f060*=0x0, pszText=0x0 | out: puBuffLength=0x37f060*=0xf, pszText=0x0) returned 0x0 [0201.612] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f060*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f060*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.612] CoGetContextToken (in: pToken=0x37eeac | out: pToken=0x37eeac) returned 0x0 [0201.612] IEnumWbemClassObject:Clone (in: This=0x6e6f90, ppEnum=0x37f064 | out: ppEnum=0x37f064*=0x6e7120) returned 0x0 [0201.666] IUnknown:QueryInterface (in: This=0x6e7120, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef20 | out: ppvObject=0x37ef20*=0x6e7124) returned 0x0 [0201.666] IClientSecurity:QueryBlanket (in: This=0x6e7124, pProxy=0x6e7120, pAuthnSvc=0x37ef70, pAuthzSvc=0x37ef6c, pServerPrincName=0x37ef64, pAuthnLevel=0x37ef68, pImpLevel=0x37ef58, pAuthInfo=0x37ef5c, pCapabilites=0x37ef60 | out: pAuthnSvc=0x37ef70*=0xa, pAuthzSvc=0x37ef6c*=0x0, pServerPrincName=0x37ef64, pAuthnLevel=0x37ef68*=0x6, pImpLevel=0x37ef58*=0x2, pAuthInfo=0x37ef5c, pCapabilites=0x37ef60*=0x1) returned 0x0 [0201.666] IUnknown:Release (This=0x6e7124) returned 0x1 [0201.666] IUnknown:QueryInterface (in: This=0x6e7120, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef14 | out: ppvObject=0x37ef14*=0x732924) returned 0x0 [0201.666] IUnknown:QueryInterface (in: This=0x6e7120, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ef00 | out: ppvObject=0x37ef00*=0x6e7124) returned 0x0 [0201.666] IClientSecurity:SetBlanket (This=0x6e7124, pProxy=0x6e7120, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.687] IUnknown:Release (This=0x6e7124) returned 0x2 [0201.687] WbemLocator:IUnknown:Release (This=0x732924) returned 0x1 [0201.687] CoTaskMemFree (pv=0x724fb0) [0201.687] IUnknown:AddRef (This=0x6e7120) returned 0x2 [0201.688] CoGetContextToken (in: pToken=0x37e430 | out: pToken=0x37e430) returned 0x0 [0201.688] CoGetContextToken (in: pToken=0x37e844 | out: pToken=0x37e844) returned 0x0 [0201.688] IUnknown:QueryInterface (in: This=0x6e7120, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e7dc | out: ppvObject=0x37e7dc*=0x73290c) returned 0x0 [0201.688] WbemLocator:IRpcOptions:Query (in: This=0x73290c, pPrx=0x74b608, dwProperty=2, pdwValue=0x37e8d0 | out: pdwValue=0x37e8d0) returned 0x80004002 [0201.688] WbemLocator:IUnknown:Release (This=0x73290c) returned 0x2 [0201.688] CoGetContextToken (in: pToken=0x37ee14 | out: pToken=0x37ee14) returned 0x0 [0201.689] CoGetContextToken (in: pToken=0x37ed74 | out: pToken=0x37ed74) returned 0x0 [0201.689] IUnknown:QueryInterface (in: This=0x6e7120, riid=0x37ee44*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ed10 | out: ppvObject=0x37ed10*=0x6e7120) returned 0x0 [0201.689] IUnknown:Release (This=0x6e7120) returned 0x2 [0201.689] SysStringLen (param_1=0x0) returned 0x0 [0201.689] IEnumWbemClassObject:Reset (This=0x6e7120) returned 0x0 [0201.741] CoTaskMemAlloc (cb=0x4) returned 0x74fbf0 [0201.741] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fbf0, puReturned=0x23f2804 | out: apObjects=0x74fbf0*=0x74a008, puReturned=0x23f2804*=0x1) returned 0x0 [0201.953] IUnknown:QueryInterface (in: This=0x74a008, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x74a008) returned 0x0 [0201.953] IUnknown:QueryInterface (in: This=0x74a008, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0201.953] IUnknown:QueryInterface (in: This=0x74a008, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0201.953] IUnknown:AddRef (This=0x74a008) returned 0x3 [0201.954] IUnknown:QueryInterface (in: This=0x74a008, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0201.954] IUnknown:QueryInterface (in: This=0x74a008, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0201.954] IUnknown:QueryInterface (in: This=0x74a008, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x74a00c) returned 0x0 [0201.954] IMarshal:GetUnmarshalClass (in: This=0x74a00c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0201.954] IUnknown:Release (This=0x74a00c) returned 0x3 [0201.954] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0201.954] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0201.954] IUnknown:QueryInterface (in: This=0x74a008, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0201.954] IUnknown:Release (This=0x74a008) returned 0x2 [0201.954] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0201.954] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0201.954] IUnknown:QueryInterface (in: This=0x74a008, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x74a008) returned 0x0 [0201.954] IUnknown:AddRef (This=0x74a008) returned 0x4 [0201.954] IUnknown:Release (This=0x74a008) returned 0x3 [0201.954] IUnknown:Release (This=0x74a008) returned 0x2 [0201.954] CoTaskMemFree (pv=0x74fbf0) [0201.954] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0201.954] IUnknown:AddRef (This=0x74a008) returned 0x3 [0201.954] IWbemClassObject:Get (in: This=0x74a008, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0201.955] IWbemClassObject:Get (in: This=0x74a008, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0201.955] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82 [0201.955] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x82 [0201.955] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380 [0201.955] SetEvent (hEvent=0x2b4) returned 1 [0201.955] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x380, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0201.958] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0201.958] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0201.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731380) returned 0x0 [0201.958] WbemDefPath:IUnknown:AddRef (This=0x731380) returned 0x3 [0201.958] WbemDefPath:IUnknown:Release (This=0x731380) returned 0x2 [0201.958] WbemDefPath:IWbemPath:SetText (This=0x731380, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0201.959] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0201.959] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0201.959] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.962] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0201.962] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0201.962] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.962] IWbemClassObject:Get (in: This=0x74a008, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f30a4*=0, plFlavor=0x23f30a8*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f30a4*=11, plFlavor=0x23f30a8*=0) returned 0x0 [0201.962] IWbemClassObject:Get (in: This=0x74a008, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f30a4*=11, plFlavor=0x23f30a8*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f30a4*=11, plFlavor=0x23f30a8*=0) returned 0x0 [0201.967] IUnknown:Release (This=0x74a008) returned 0x2 [0201.970] CoTaskMemAlloc (cb=0x4) returned 0x74fc40 [0201.970] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fc40, puReturned=0x23f2804 | out: apObjects=0x74fc40*=0x74a788, puReturned=0x23f2804*=0x1) returned 0x0 [0201.971] IUnknown:QueryInterface (in: This=0x74a788, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x74a788) returned 0x0 [0201.971] IUnknown:QueryInterface (in: This=0x74a788, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0201.972] IUnknown:QueryInterface (in: This=0x74a788, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0201.972] IUnknown:AddRef (This=0x74a788) returned 0x3 [0201.972] IUnknown:QueryInterface (in: This=0x74a788, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0201.972] IUnknown:QueryInterface (in: This=0x74a788, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0201.972] IUnknown:QueryInterface (in: This=0x74a788, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x74a78c) returned 0x0 [0201.972] IMarshal:GetUnmarshalClass (in: This=0x74a78c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0201.972] IUnknown:Release (This=0x74a78c) returned 0x3 [0201.972] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0201.972] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0201.972] IUnknown:QueryInterface (in: This=0x74a788, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0201.972] IUnknown:Release (This=0x74a788) returned 0x2 [0201.972] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0201.972] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0201.972] IUnknown:QueryInterface (in: This=0x74a788, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x74a788) returned 0x0 [0201.972] IUnknown:AddRef (This=0x74a788) returned 0x4 [0201.972] IUnknown:Release (This=0x74a788) returned 0x3 [0201.972] IUnknown:Release (This=0x74a788) returned 0x2 [0201.973] CoTaskMemFree (pv=0x74fc40) [0201.973] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0201.973] IUnknown:AddRef (This=0x74a788) returned 0x3 [0201.973] IWbemClassObject:Get (in: This=0x74a788, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0201.973] IWbemClassObject:Get (in: This=0x74a788, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0201.973] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82 [0201.973] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x82 [0201.974] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x384 [0201.974] SetEvent (hEvent=0x2b4) returned 1 [0201.974] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x384, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0201.976] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0201.976] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0201.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7313f0) returned 0x0 [0201.976] WbemDefPath:IUnknown:AddRef (This=0x7313f0) returned 0x3 [0201.977] WbemDefPath:IUnknown:Release (This=0x7313f0) returned 0x2 [0201.977] WbemDefPath:IWbemPath:SetText (This=0x7313f0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0201.977] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0201.977] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0201.977] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.977] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0201.977] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0201.977] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.977] IWbemClassObject:Get (in: This=0x74a788, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f3b84*=0, plFlavor=0x23f3b88*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f3b84*=11, plFlavor=0x23f3b88*=0) returned 0x0 [0201.977] IWbemClassObject:Get (in: This=0x74a788, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f3b84*=11, plFlavor=0x23f3b88*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f3b84*=11, plFlavor=0x23f3b88*=0) returned 0x0 [0201.978] IUnknown:Release (This=0x74a788) returned 0x2 [0201.978] CoTaskMemAlloc (cb=0x4) returned 0x74fc90 [0201.978] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fc90, puReturned=0x23f2804 | out: apObjects=0x74fc90*=0x5224088, puReturned=0x23f2804*=0x1) returned 0x0 [0201.979] IUnknown:QueryInterface (in: This=0x5224088, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x5224088) returned 0x0 [0201.979] IUnknown:QueryInterface (in: This=0x5224088, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0201.979] IUnknown:QueryInterface (in: This=0x5224088, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0201.979] IUnknown:AddRef (This=0x5224088) returned 0x3 [0201.979] IUnknown:QueryInterface (in: This=0x5224088, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0201.979] IUnknown:QueryInterface (in: This=0x5224088, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0201.979] IUnknown:QueryInterface (in: This=0x5224088, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x522408c) returned 0x0 [0201.980] IMarshal:GetUnmarshalClass (in: This=0x522408c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0201.980] IUnknown:Release (This=0x522408c) returned 0x3 [0201.980] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0201.980] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0201.980] IUnknown:QueryInterface (in: This=0x5224088, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0201.980] IUnknown:Release (This=0x5224088) returned 0x2 [0201.980] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0201.980] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0201.980] IUnknown:QueryInterface (in: This=0x5224088, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x5224088) returned 0x0 [0201.980] IUnknown:AddRef (This=0x5224088) returned 0x4 [0201.980] IUnknown:Release (This=0x5224088) returned 0x3 [0201.980] IUnknown:Release (This=0x5224088) returned 0x2 [0201.980] CoTaskMemFree (pv=0x74fc90) [0201.980] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0201.980] IUnknown:AddRef (This=0x5224088) returned 0x3 [0201.980] IWbemClassObject:Get (in: This=0x5224088, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0201.981] IWbemClassObject:Get (in: This=0x5224088, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0201.981] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82 [0201.981] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x82 [0201.981] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0201.981] SetEvent (hEvent=0x2b4) returned 1 [0201.981] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x388, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0201.984] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0201.984] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0201.984] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731460) returned 0x0 [0201.985] WbemDefPath:IUnknown:AddRef (This=0x731460) returned 0x3 [0201.985] WbemDefPath:IUnknown:Release (This=0x731460) returned 0x2 [0201.985] WbemDefPath:IWbemPath:SetText (This=0x731460, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0201.985] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0201.985] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0201.985] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.985] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0201.985] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0201.985] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.985] IWbemClassObject:Get (in: This=0x5224088, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f440c*=0, plFlavor=0x23f4410*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f440c*=11, plFlavor=0x23f4410*=0) returned 0x0 [0201.985] IWbemClassObject:Get (in: This=0x5224088, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f440c*=11, plFlavor=0x23f4410*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f440c*=11, plFlavor=0x23f4410*=0) returned 0x0 [0201.985] IUnknown:Release (This=0x5224088) returned 0x2 [0201.985] CoTaskMemAlloc (cb=0x4) returned 0x74fce0 [0201.986] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fce0, puReturned=0x23f2804 | out: apObjects=0x74fce0*=0x52243c0, puReturned=0x23f2804*=0x1) returned 0x0 [0201.987] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x52243c0) returned 0x0 [0201.987] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0201.987] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0201.988] IUnknown:AddRef (This=0x52243c0) returned 0x3 [0201.988] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0201.988] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0201.988] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x52243c4) returned 0x0 [0201.988] IMarshal:GetUnmarshalClass (in: This=0x52243c4, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0201.988] IUnknown:Release (This=0x52243c4) returned 0x3 [0201.988] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0201.988] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0201.988] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0201.988] IUnknown:Release (This=0x52243c0) returned 0x2 [0201.988] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0201.988] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0201.988] IUnknown:QueryInterface (in: This=0x52243c0, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x52243c0) returned 0x0 [0201.988] IUnknown:AddRef (This=0x52243c0) returned 0x4 [0201.988] IUnknown:Release (This=0x52243c0) returned 0x3 [0201.988] IUnknown:Release (This=0x52243c0) returned 0x2 [0201.988] CoTaskMemFree (pv=0x74fce0) [0201.989] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0201.989] IUnknown:AddRef (This=0x52243c0) returned 0x3 [0201.989] IWbemClassObject:Get (in: This=0x52243c0, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0201.989] IWbemClassObject:Get (in: This=0x52243c0, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0201.989] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82 [0201.989] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x82 [0201.989] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0201.989] SetEvent (hEvent=0x2b4) returned 1 [0201.990] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x38c, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0201.993] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0201.993] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0201.993] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7314d0) returned 0x0 [0201.993] WbemDefPath:IUnknown:AddRef (This=0x7314d0) returned 0x3 [0201.993] WbemDefPath:IUnknown:Release (This=0x7314d0) returned 0x2 [0201.993] WbemDefPath:IWbemPath:SetText (This=0x7314d0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0201.993] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0201.993] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0201.993] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.993] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0201.993] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0201.993] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.993] IWbemClassObject:Get (in: This=0x52243c0, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f4c88*=0, plFlavor=0x23f4c8c*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f4c88*=11, plFlavor=0x23f4c8c*=0) returned 0x0 [0201.993] IWbemClassObject:Get (in: This=0x52243c0, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f4c88*=11, plFlavor=0x23f4c8c*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f4c88*=11, plFlavor=0x23f4c8c*=0) returned 0x0 [0201.994] IUnknown:Release (This=0x52243c0) returned 0x2 [0201.994] CoTaskMemAlloc (cb=0x4) returned 0x74fd30 [0201.994] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fd30, puReturned=0x23f2804 | out: apObjects=0x74fd30*=0x52246f8, puReturned=0x23f2804*=0x1) returned 0x0 [0201.995] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x52246f8) returned 0x0 [0201.995] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0201.995] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0201.995] IUnknown:AddRef (This=0x52246f8) returned 0x3 [0201.995] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0201.995] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0201.995] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x52246fc) returned 0x0 [0201.995] IMarshal:GetUnmarshalClass (in: This=0x52246fc, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0201.995] IUnknown:Release (This=0x52246fc) returned 0x3 [0201.995] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0201.995] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0201.996] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0201.996] IUnknown:Release (This=0x52246f8) returned 0x2 [0201.996] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0201.996] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0201.996] IUnknown:QueryInterface (in: This=0x52246f8, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x52246f8) returned 0x0 [0201.996] IUnknown:AddRef (This=0x52246f8) returned 0x4 [0201.996] IUnknown:Release (This=0x52246f8) returned 0x3 [0201.996] IUnknown:Release (This=0x52246f8) returned 0x2 [0201.996] CoTaskMemFree (pv=0x74fd30) [0201.996] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0201.996] IUnknown:AddRef (This=0x52246f8) returned 0x3 [0201.996] IWbemClassObject:Get (in: This=0x52246f8, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0201.996] IWbemClassObject:Get (in: This=0x52246f8, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0201.997] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82 [0201.997] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x82 [0201.997] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x390 [0201.997] SetEvent (hEvent=0x2b4) returned 1 [0201.997] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x390, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.000] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.000] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.000] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731540) returned 0x0 [0202.000] WbemDefPath:IUnknown:AddRef (This=0x731540) returned 0x3 [0202.000] WbemDefPath:IUnknown:Release (This=0x731540) returned 0x2 [0202.000] WbemDefPath:IWbemPath:SetText (This=0x731540, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0 [0202.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.000] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.000] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.000] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.000] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.000] IWbemClassObject:Get (in: This=0x52246f8, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5504*=0, plFlavor=0x23f5508*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5504*=11, plFlavor=0x23f5508*=0) returned 0x0 [0202.000] IWbemClassObject:Get (in: This=0x52246f8, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5504*=11, plFlavor=0x23f5508*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5504*=11, plFlavor=0x23f5508*=0) returned 0x0 [0202.000] IUnknown:Release (This=0x52246f8) returned 0x2 [0202.001] CoTaskMemAlloc (cb=0x4) returned 0x74fd80 [0202.001] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fd80, puReturned=0x23f2804 | out: apObjects=0x74fd80*=0x5224a30, puReturned=0x23f2804*=0x1) returned 0x0 [0202.002] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x5224a30) returned 0x0 [0202.002] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.002] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.002] IUnknown:AddRef (This=0x5224a30) returned 0x3 [0202.002] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.002] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.002] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x5224a34) returned 0x0 [0202.003] IMarshal:GetUnmarshalClass (in: This=0x5224a34, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.003] IUnknown:Release (This=0x5224a34) returned 0x3 [0202.003] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.003] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.003] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.003] IUnknown:Release (This=0x5224a30) returned 0x2 [0202.003] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.003] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.003] IUnknown:QueryInterface (in: This=0x5224a30, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x5224a30) returned 0x0 [0202.003] IUnknown:AddRef (This=0x5224a30) returned 0x4 [0202.003] IUnknown:Release (This=0x5224a30) returned 0x3 [0202.003] IUnknown:Release (This=0x5224a30) returned 0x2 [0202.003] CoTaskMemFree (pv=0x74fd80) [0202.003] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.003] IUnknown:AddRef (This=0x5224a30) returned 0x3 [0202.003] IWbemClassObject:Get (in: This=0x5224a30, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.004] IWbemClassObject:Get (in: This=0x5224a30, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.004] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82 [0202.004] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x82 [0202.004] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x394 [0202.004] SetEvent (hEvent=0x2b4) returned 1 [0202.005] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x394, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.007] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.007] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7315b0) returned 0x0 [0202.007] WbemDefPath:IUnknown:AddRef (This=0x7315b0) returned 0x3 [0202.007] WbemDefPath:IUnknown:Release (This=0x7315b0) returned 0x2 [0202.007] WbemDefPath:IWbemPath:SetText (This=0x7315b0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x0 [0202.007] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.007] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.007] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.007] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.008] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.008] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.008] IWbemClassObject:Get (in: This=0x5224a30, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5d80*=0, plFlavor=0x23f5d84*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5d80*=11, plFlavor=0x23f5d84*=0) returned 0x0 [0202.008] IWbemClassObject:Get (in: This=0x5224a30, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5d80*=11, plFlavor=0x23f5d84*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f5d80*=11, plFlavor=0x23f5d84*=0) returned 0x0 [0202.008] IUnknown:Release (This=0x5224a30) returned 0x2 [0202.008] CoTaskMemAlloc (cb=0x4) returned 0x74fdd0 [0202.008] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fdd0, puReturned=0x23f2804 | out: apObjects=0x74fdd0*=0x5224d68, puReturned=0x23f2804*=0x1) returned 0x0 [0202.009] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x5224d68) returned 0x0 [0202.009] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.009] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.010] IUnknown:AddRef (This=0x5224d68) returned 0x3 [0202.010] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.010] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.010] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x5224d6c) returned 0x0 [0202.010] IMarshal:GetUnmarshalClass (in: This=0x5224d6c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.010] IUnknown:Release (This=0x5224d6c) returned 0x3 [0202.010] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.010] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.010] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.010] IUnknown:Release (This=0x5224d68) returned 0x2 [0202.010] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.010] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.010] IUnknown:QueryInterface (in: This=0x5224d68, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x5224d68) returned 0x0 [0202.010] IUnknown:AddRef (This=0x5224d68) returned 0x4 [0202.010] IUnknown:Release (This=0x5224d68) returned 0x3 [0202.010] IUnknown:Release (This=0x5224d68) returned 0x2 [0202.010] CoTaskMemFree (pv=0x74fdd0) [0202.011] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.011] IUnknown:AddRef (This=0x5224d68) returned 0x3 [0202.011] IWbemClassObject:Get (in: This=0x5224d68, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.011] IWbemClassObject:Get (in: This=0x5224d68, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.011] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82 [0202.011] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x82 [0202.011] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0202.011] SetEvent (hEvent=0x2b4) returned 1 [0202.012] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x398, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.015] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.015] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.015] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731620) returned 0x0 [0202.015] WbemDefPath:IUnknown:AddRef (This=0x731620) returned 0x3 [0202.015] WbemDefPath:IUnknown:Release (This=0x731620) returned 0x2 [0202.015] WbemDefPath:IWbemPath:SetText (This=0x731620, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x0 [0202.015] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.015] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.015] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.015] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.015] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.015] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.015] IWbemClassObject:Get (in: This=0x5224d68, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6608*=0, plFlavor=0x23f660c*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6608*=11, plFlavor=0x23f660c*=0) returned 0x0 [0202.015] IWbemClassObject:Get (in: This=0x5224d68, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6608*=11, plFlavor=0x23f660c*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6608*=11, plFlavor=0x23f660c*=0) returned 0x0 [0202.016] IUnknown:Release (This=0x5224d68) returned 0x2 [0202.016] CoTaskMemAlloc (cb=0x4) returned 0x74fe20 [0202.016] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fe20, puReturned=0x23f2804 | out: apObjects=0x74fe20*=0x52269c8, puReturned=0x23f2804*=0x1) returned 0x0 [0202.017] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x52269c8) returned 0x0 [0202.017] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.017] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.017] IUnknown:AddRef (This=0x52269c8) returned 0x3 [0202.017] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.017] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.017] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x52269cc) returned 0x0 [0202.017] IMarshal:GetUnmarshalClass (in: This=0x52269cc, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.017] IUnknown:Release (This=0x52269cc) returned 0x3 [0202.017] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.017] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.018] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.018] IUnknown:Release (This=0x52269c8) returned 0x2 [0202.018] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.018] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.018] IUnknown:QueryInterface (in: This=0x52269c8, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x52269c8) returned 0x0 [0202.018] IUnknown:AddRef (This=0x52269c8) returned 0x4 [0202.018] IUnknown:Release (This=0x52269c8) returned 0x3 [0202.018] IUnknown:Release (This=0x52269c8) returned 0x2 [0202.018] CoTaskMemFree (pv=0x74fe20) [0202.018] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.018] IUnknown:AddRef (This=0x52269c8) returned 0x3 [0202.018] IWbemClassObject:Get (in: This=0x52269c8, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.019] IWbemClassObject:Get (in: This=0x52269c8, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.019] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82 [0202.019] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x82 [0202.019] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c [0202.019] SetEvent (hEvent=0x2b4) returned 1 [0202.019] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x39c, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.022] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.022] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731690) returned 0x0 [0202.022] WbemDefPath:IUnknown:AddRef (This=0x731690) returned 0x3 [0202.022] WbemDefPath:IUnknown:Release (This=0x731690) returned 0x2 [0202.022] WbemDefPath:IWbemPath:SetText (This=0x731690, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x0 [0202.022] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.023] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.023] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.023] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.023] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.023] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.023] IWbemClassObject:Get (in: This=0x52269c8, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6e84*=0, plFlavor=0x23f6e88*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6e84*=11, plFlavor=0x23f6e88*=0) returned 0x0 [0202.023] IWbemClassObject:Get (in: This=0x52269c8, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6e84*=11, plFlavor=0x23f6e88*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f6e84*=11, plFlavor=0x23f6e88*=0) returned 0x0 [0202.023] IUnknown:Release (This=0x52269c8) returned 0x2 [0202.023] CoTaskMemAlloc (cb=0x4) returned 0x74fe70 [0202.024] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fe70, puReturned=0x23f2804 | out: apObjects=0x74fe70*=0x5226dd0, puReturned=0x23f2804*=0x1) returned 0x0 [0202.025] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x5226dd0) returned 0x0 [0202.025] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.025] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.026] IUnknown:AddRef (This=0x5226dd0) returned 0x3 [0202.026] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.026] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.026] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x5226dd4) returned 0x0 [0202.026] IMarshal:GetUnmarshalClass (in: This=0x5226dd4, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.026] IUnknown:Release (This=0x5226dd4) returned 0x3 [0202.026] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.026] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.026] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.026] IUnknown:Release (This=0x5226dd0) returned 0x2 [0202.026] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.026] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.026] IUnknown:QueryInterface (in: This=0x5226dd0, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x5226dd0) returned 0x0 [0202.026] IUnknown:AddRef (This=0x5226dd0) returned 0x4 [0202.026] IUnknown:Release (This=0x5226dd0) returned 0x3 [0202.027] IUnknown:Release (This=0x5226dd0) returned 0x2 [0202.027] CoTaskMemFree (pv=0x74fe70) [0202.027] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.027] IUnknown:AddRef (This=0x5226dd0) returned 0x3 [0202.027] IWbemClassObject:Get (in: This=0x5226dd0, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.027] IWbemClassObject:Get (in: This=0x5226dd0, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.028] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82 [0202.028] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x82 [0202.028] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0 [0202.028] SetEvent (hEvent=0x2b4) returned 1 [0202.028] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3a0, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.031] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.032] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.032] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731700) returned 0x0 [0202.032] WbemDefPath:IUnknown:AddRef (This=0x731700) returned 0x3 [0202.032] WbemDefPath:IUnknown:Release (This=0x731700) returned 0x2 [0202.032] WbemDefPath:IWbemPath:SetText (This=0x731700, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x0 [0202.032] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.032] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.032] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.032] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.032] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.032] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.032] IWbemClassObject:Get (in: This=0x5226dd0, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7700*=0, plFlavor=0x23f7704*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7700*=11, plFlavor=0x23f7704*=0) returned 0x0 [0202.032] IWbemClassObject:Get (in: This=0x5226dd0, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7700*=11, plFlavor=0x23f7704*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7700*=11, plFlavor=0x23f7704*=0) returned 0x0 [0202.033] IUnknown:Release (This=0x5226dd0) returned 0x2 [0202.033] CoTaskMemAlloc (cb=0x4) returned 0x74fec0 [0202.033] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74fec0, puReturned=0x23f2804 | out: apObjects=0x74fec0*=0x5229108, puReturned=0x23f2804*=0x1) returned 0x0 [0202.034] IUnknown:QueryInterface (in: This=0x5229108, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x5229108) returned 0x0 [0202.034] IUnknown:QueryInterface (in: This=0x5229108, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.035] IUnknown:QueryInterface (in: This=0x5229108, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.035] IUnknown:AddRef (This=0x5229108) returned 0x3 [0202.035] IUnknown:QueryInterface (in: This=0x5229108, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.035] IUnknown:QueryInterface (in: This=0x5229108, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.035] IUnknown:QueryInterface (in: This=0x5229108, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x522910c) returned 0x0 [0202.035] IMarshal:GetUnmarshalClass (in: This=0x522910c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.035] IUnknown:Release (This=0x522910c) returned 0x3 [0202.035] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.035] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.035] IUnknown:QueryInterface (in: This=0x5229108, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.035] IUnknown:Release (This=0x5229108) returned 0x2 [0202.036] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.036] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.036] IUnknown:QueryInterface (in: This=0x5229108, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x5229108) returned 0x0 [0202.036] IUnknown:AddRef (This=0x5229108) returned 0x4 [0202.036] IUnknown:Release (This=0x5229108) returned 0x3 [0202.036] IUnknown:Release (This=0x5229108) returned 0x2 [0202.036] CoTaskMemFree (pv=0x74fec0) [0202.036] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.036] IUnknown:AddRef (This=0x5229108) returned 0x3 [0202.036] IWbemClassObject:Get (in: This=0x5229108, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.037] IWbemClassObject:Get (in: This=0x5229108, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.037] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82 [0202.037] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x82 [0202.037] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0202.037] SetEvent (hEvent=0x2b4) returned 1 [0202.037] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3a4, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.040] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.040] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731770) returned 0x0 [0202.041] WbemDefPath:IUnknown:AddRef (This=0x731770) returned 0x3 [0202.041] WbemDefPath:IUnknown:Release (This=0x731770) returned 0x2 [0202.041] WbemDefPath:IWbemPath:SetText (This=0x731770, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x0 [0202.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.041] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.041] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.041] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.041] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.041] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.041] IWbemClassObject:Get (in: This=0x5229108, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7f7c*=0, plFlavor=0x23f7f80*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7f7c*=11, plFlavor=0x23f7f80*=0) returned 0x0 [0202.041] IWbemClassObject:Get (in: This=0x5229108, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7f7c*=11, plFlavor=0x23f7f80*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f7f7c*=11, plFlavor=0x23f7f80*=0) returned 0x0 [0202.042] IUnknown:Release (This=0x5229108) returned 0x2 [0202.042] CoTaskMemAlloc (cb=0x4) returned 0x74ff10 [0202.042] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x74ff10, puReturned=0x23f2804 | out: apObjects=0x74ff10*=0x52294f0, puReturned=0x23f2804*=0x1) returned 0x0 [0202.043] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x52294f0) returned 0x0 [0202.043] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.043] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.043] IUnknown:AddRef (This=0x52294f0) returned 0x3 [0202.043] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.043] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.043] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x52294f4) returned 0x0 [0202.043] IMarshal:GetUnmarshalClass (in: This=0x52294f4, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.043] IUnknown:Release (This=0x52294f4) returned 0x3 [0202.043] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.044] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.044] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.044] IUnknown:Release (This=0x52294f0) returned 0x2 [0202.044] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.044] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.044] IUnknown:QueryInterface (in: This=0x52294f0, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x52294f0) returned 0x0 [0202.044] IUnknown:AddRef (This=0x52294f0) returned 0x4 [0202.044] IUnknown:Release (This=0x52294f0) returned 0x3 [0202.044] IUnknown:Release (This=0x52294f0) returned 0x2 [0202.044] CoTaskMemFree (pv=0x74ff10) [0202.044] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.044] IUnknown:AddRef (This=0x52294f0) returned 0x3 [0202.044] IWbemClassObject:Get (in: This=0x52294f0, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.045] IWbemClassObject:Get (in: This=0x52294f0, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.045] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84 [0202.045] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x84 [0202.045] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0202.045] SetEvent (hEvent=0x2b4) returned 1 [0202.045] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3a8, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.048] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.048] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.048] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7317e0) returned 0x0 [0202.048] WbemDefPath:IUnknown:AddRef (This=0x7317e0) returned 0x3 [0202.048] WbemDefPath:IUnknown:Release (This=0x7317e0) returned 0x2 [0202.048] WbemDefPath:IWbemPath:SetText (This=0x7317e0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.048] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.048] IWbemClassObject:Get (in: This=0x52294f0, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f8808*=0, plFlavor=0x23f880c*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f8808*=11, plFlavor=0x23f880c*=0) returned 0x0 [0202.048] IWbemClassObject:Get (in: This=0x52294f0, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f8808*=11, plFlavor=0x23f880c*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f8808*=11, plFlavor=0x23f880c*=0) returned 0x0 [0202.049] IUnknown:Release (This=0x52294f0) returned 0x2 [0202.049] CoTaskMemAlloc (cb=0x4) returned 0x522c420 [0202.049] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x522c420, puReturned=0x23f2804 | out: apObjects=0x522c420*=0x74f740, puReturned=0x23f2804*=0x1) returned 0x0 [0202.050] IUnknown:QueryInterface (in: This=0x74f740, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x74f740) returned 0x0 [0202.050] IUnknown:QueryInterface (in: This=0x74f740, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.050] IUnknown:QueryInterface (in: This=0x74f740, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.051] IUnknown:AddRef (This=0x74f740) returned 0x3 [0202.051] IUnknown:QueryInterface (in: This=0x74f740, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.051] IUnknown:QueryInterface (in: This=0x74f740, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.051] IUnknown:QueryInterface (in: This=0x74f740, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x74f744) returned 0x0 [0202.051] IMarshal:GetUnmarshalClass (in: This=0x74f744, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.051] IUnknown:Release (This=0x74f744) returned 0x3 [0202.051] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.051] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.051] IUnknown:QueryInterface (in: This=0x74f740, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.051] IUnknown:Release (This=0x74f740) returned 0x2 [0202.051] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.051] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.051] IUnknown:QueryInterface (in: This=0x74f740, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x74f740) returned 0x0 [0202.052] IUnknown:AddRef (This=0x74f740) returned 0x4 [0202.052] IUnknown:Release (This=0x74f740) returned 0x3 [0202.052] IUnknown:Release (This=0x74f740) returned 0x2 [0202.052] CoTaskMemFree (pv=0x522c420) [0202.052] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.052] IUnknown:AddRef (This=0x74f740) returned 0x3 [0202.052] IWbemClassObject:Get (in: This=0x74f740, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.052] IWbemClassObject:Get (in: This=0x74f740, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.053] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84 [0202.053] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x84 [0202.053] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3ac [0202.053] SetEvent (hEvent=0x2b4) returned 1 [0202.053] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3ac, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.056] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.056] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731850) returned 0x0 [0202.057] WbemDefPath:IUnknown:AddRef (This=0x731850) returned 0x3 [0202.057] WbemDefPath:IUnknown:Release (This=0x731850) returned 0x2 [0202.057] WbemDefPath:IWbemPath:SetText (This=0x731850, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x0 [0202.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.057] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.057] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.057] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.057] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.057] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.057] IWbemClassObject:Get (in: This=0x74f740, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9088*=0, plFlavor=0x23f908c*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9088*=11, plFlavor=0x23f908c*=0) returned 0x0 [0202.057] IWbemClassObject:Get (in: This=0x74f740, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9088*=11, plFlavor=0x23f908c*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9088*=11, plFlavor=0x23f908c*=0) returned 0x0 [0202.058] IUnknown:Release (This=0x74f740) returned 0x2 [0202.058] CoTaskMemAlloc (cb=0x4) returned 0x522c470 [0202.058] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x522c470, puReturned=0x23f2804 | out: apObjects=0x522c470*=0x522f920, puReturned=0x23f2804*=0x1) returned 0x0 [0202.059] IUnknown:QueryInterface (in: This=0x522f920, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x522f920) returned 0x0 [0202.059] IUnknown:QueryInterface (in: This=0x522f920, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.059] IUnknown:QueryInterface (in: This=0x522f920, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.060] IUnknown:AddRef (This=0x522f920) returned 0x3 [0202.060] IUnknown:QueryInterface (in: This=0x522f920, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.060] IUnknown:QueryInterface (in: This=0x522f920, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.060] IUnknown:QueryInterface (in: This=0x522f920, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x522f924) returned 0x0 [0202.060] IMarshal:GetUnmarshalClass (in: This=0x522f924, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.060] IUnknown:Release (This=0x522f924) returned 0x3 [0202.060] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.060] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.060] IUnknown:QueryInterface (in: This=0x522f920, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.060] IUnknown:Release (This=0x522f920) returned 0x2 [0202.060] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.060] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.060] IUnknown:QueryInterface (in: This=0x522f920, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x522f920) returned 0x0 [0202.060] IUnknown:AddRef (This=0x522f920) returned 0x4 [0202.060] IUnknown:Release (This=0x522f920) returned 0x3 [0202.061] IUnknown:Release (This=0x522f920) returned 0x2 [0202.061] CoTaskMemFree (pv=0x522c470) [0202.061] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.061] IUnknown:AddRef (This=0x522f920) returned 0x3 [0202.061] IWbemClassObject:Get (in: This=0x522f920, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.061] IWbemClassObject:Get (in: This=0x522f920, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.061] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84 [0202.062] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x84 [0202.062] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0 [0202.062] SetEvent (hEvent=0x2b4) returned 1 [0202.062] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3b0, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.065] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.065] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7318c0) returned 0x0 [0202.065] WbemDefPath:IUnknown:AddRef (This=0x7318c0) returned 0x3 [0202.065] WbemDefPath:IUnknown:Release (This=0x7318c0) returned 0x2 [0202.065] WbemDefPath:IWbemPath:SetText (This=0x7318c0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x0 [0202.065] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.065] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.065] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.065] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.066] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.066] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.066] IWbemClassObject:Get (in: This=0x522f920, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9908*=0, plFlavor=0x23f990c*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9908*=11, plFlavor=0x23f990c*=0) returned 0x0 [0202.066] IWbemClassObject:Get (in: This=0x522f920, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9908*=11, plFlavor=0x23f990c*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23f9908*=11, plFlavor=0x23f990c*=0) returned 0x0 [0202.066] IUnknown:Release (This=0x522f920) returned 0x2 [0202.066] CoTaskMemAlloc (cb=0x4) returned 0x522c4c0 [0202.066] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x522c4c0, puReturned=0x23f2804 | out: apObjects=0x522c4c0*=0x522fab8, puReturned=0x23f2804*=0x1) returned 0x0 [0202.067] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x522fab8) returned 0x0 [0202.067] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.067] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.068] IUnknown:AddRef (This=0x522fab8) returned 0x3 [0202.068] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.068] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.068] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x522fabc) returned 0x0 [0202.068] IMarshal:GetUnmarshalClass (in: This=0x522fabc, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.068] IUnknown:Release (This=0x522fabc) returned 0x3 [0202.068] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.068] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.068] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.068] IUnknown:Release (This=0x522fab8) returned 0x2 [0202.068] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.068] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.068] IUnknown:QueryInterface (in: This=0x522fab8, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x522fab8) returned 0x0 [0202.068] IUnknown:AddRef (This=0x522fab8) returned 0x4 [0202.068] IUnknown:Release (This=0x522fab8) returned 0x3 [0202.068] IUnknown:Release (This=0x522fab8) returned 0x2 [0202.068] CoTaskMemFree (pv=0x522c4c0) [0202.069] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.069] IUnknown:AddRef (This=0x522fab8) returned 0x3 [0202.069] IWbemClassObject:Get (in: This=0x522fab8, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.069] IWbemClassObject:Get (in: This=0x522fab8, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.069] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x84 [0202.069] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x84 [0202.070] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0202.070] SetEvent (hEvent=0x2b4) returned 1 [0202.070] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3b4, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.073] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.073] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.073] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x731930) returned 0x0 [0202.073] WbemDefPath:IUnknown:AddRef (This=0x731930) returned 0x3 [0202.073] WbemDefPath:IUnknown:Release (This=0x731930) returned 0x2 [0202.073] WbemDefPath:IWbemPath:SetText (This=0x731930, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=13") returned 0x0 [0202.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.073] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.073] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.073] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.073] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.073] IWbemClassObject:Get (in: This=0x522fab8, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23fa194*=0, plFlavor=0x23fa198*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23fa194*=11, plFlavor=0x23fa198*=0) returned 0x0 [0202.074] IWbemClassObject:Get (in: This=0x522fab8, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23fa194*=11, plFlavor=0x23fa198*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23fa194*=11, plFlavor=0x23fa198*=0) returned 0x0 [0202.074] IUnknown:Release (This=0x522fab8) returned 0x2 [0202.074] CoTaskMemAlloc (cb=0x4) returned 0x522c510 [0202.074] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x522c510, puReturned=0x23f2804 | out: apObjects=0x522c510*=0x522fc50, puReturned=0x23f2804*=0x1) returned 0x0 [0202.075] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e6bc | out: ppvObject=0x37e6bc*=0x522fc50) returned 0x0 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e670 | out: ppvObject=0x37e670*=0x0) returned 0x80004002 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e498 | out: ppvObject=0x37e498*=0x0) returned 0x80004002 [0202.076] IUnknown:AddRef (This=0x522fc50) returned 0x3 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37dfcc | out: ppvObject=0x37dfcc*=0x0) returned 0x80004002 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37df7c | out: ppvObject=0x37df7c*=0x0) returned 0x80004002 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37df88 | out: ppvObject=0x37df88*=0x522fc54) returned 0x0 [0202.076] IMarshal:GetUnmarshalClass (in: This=0x522fc54, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37df90 | out: pCid=0x37df90*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0202.076] IUnknown:Release (This=0x522fc54) returned 0x3 [0202.076] CoGetContextToken (in: pToken=0x37dfe8 | out: pToken=0x37dfe8) returned 0x0 [0202.076] CoGetContextToken (in: pToken=0x37e3fc | out: pToken=0x37e3fc) returned 0x0 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e47c | out: ppvObject=0x37e47c*=0x0) returned 0x80004002 [0202.076] IUnknown:Release (This=0x522fc50) returned 0x2 [0202.076] CoGetContextToken (in: pToken=0x37e9e4 | out: pToken=0x37e9e4) returned 0x0 [0202.076] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0202.076] IUnknown:QueryInterface (in: This=0x522fc50, riid=0x37ea14*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37ea10 | out: ppvObject=0x37ea10*=0x522fc50) returned 0x0 [0202.076] IUnknown:AddRef (This=0x522fc50) returned 0x4 [0202.076] IUnknown:Release (This=0x522fc50) returned 0x3 [0202.076] IUnknown:Release (This=0x522fc50) returned 0x2 [0202.076] CoTaskMemFree (pv=0x522c510) [0202.077] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0202.077] IUnknown:AddRef (This=0x522fc50) returned 0x3 [0202.077] IWbemClassObject:Get (in: This=0x522fc50, wszName="__GENUS", lFlags=0, pVal=0x37f054*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0d4*=0, plFlavor=0x37f0d0*=0 | out: pVal=0x37f054*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f0d4*=3, plFlavor=0x37f0d0*=64) returned 0x0 [0202.077] IWbemClassObject:Get (in: This=0x522fc50, wszName="__PATH", lFlags=0, pVal=0x37f038*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f0bc*=0, plFlavor=0x37f0b8*=0 | out: pVal=0x37f038*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14", varVal2=0x0), pType=0x37f0bc*=8, plFlavor=0x37f0b8*=64) returned 0x0 [0202.077] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14") returned 0x84 [0202.077] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14") returned 0x84 [0202.077] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0202.077] SetEvent (hEvent=0x2b4) returned 1 [0202.077] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37f010*=0x3b8, lpdwindex=0x37ee34 | out: lpdwindex=0x37ee34) returned 0x0 [0202.080] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0202.080] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0202.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x37ef14*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ef10 | out: ppvObject=0x37ef10*=0x7319a0) returned 0x0 [0202.080] WbemDefPath:IUnknown:AddRef (This=0x7319a0) returned 0x3 [0202.080] WbemDefPath:IUnknown:Release (This=0x7319a0) returned 0x2 [0202.080] WbemDefPath:IWbemPath:SetText (This=0x7319a0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=14") returned 0x0 [0202.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f090 | out: puCount=0x37f090*=0x2) returned 0x0 [0202.080] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0x0, pszText=0x0 | out: puBuffLength=0x37f08c*=0xf, pszText=0x0) returned 0x0 [0202.080] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f08c*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f08c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.080] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.080] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.080] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.081] IWbemClassObject:Get (in: This=0x522fc50, wszName="IPEnabled", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23faa14*=0, plFlavor=0x23faa18*=0 | out: pVal=0x37f058*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x23faa14*=11, plFlavor=0x23faa18*=0) returned 0x0 [0202.081] IWbemClassObject:Get (in: This=0x522fc50, wszName="IPEnabled", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23faa14*=11, plFlavor=0x23faa18*=0 | out: pVal=0x37f060*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x23faa14*=11, plFlavor=0x23faa18*=0) returned 0x0 [0202.089] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x37f05c | out: puCount=0x37f05c*=0x2) returned 0x0 [0202.089] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0x0, pszText=0x0 | out: puBuffLength=0x37f058*=0xf, pszText=0x0) returned 0x0 [0202.089] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=4, puBuffLength=0x37f058*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f058*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0202.090] IWbemClassObject:Get (in: This=0x522fc50, wszName="MacAddress", lFlags=0, pVal=0x37f058*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23faab0*=0, plFlavor=0x23faab4*=0 | out: pVal=0x37f058*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:07:7D:D7:58:38", varVal2=0x0), pType=0x23faab0*=8, plFlavor=0x23faab4*=0) returned 0x0 [0202.090] SysStringByteLen (bstr="00:07:7D:D7:58:38") returned 0x22 [0202.090] SysStringByteLen (bstr="00:07:7D:D7:58:38") returned 0x22 [0202.090] IWbemClassObject:Get (in: This=0x522fc50, wszName="MacAddress", lFlags=0, pVal=0x37f060*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x23faab0*=8, plFlavor=0x23faab4*=0 | out: pVal=0x37f060*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:07:7D:D7:58:38", varVal2=0x0), pType=0x23faab0*=8, plFlavor=0x23faab4*=0) returned 0x0 [0202.090] SysStringByteLen (bstr="00:07:7D:D7:58:38") returned 0x22 [0202.090] SysStringByteLen (bstr="00:07:7D:D7:58:38") returned 0x22 [0202.090] IUnknown:Release (This=0x522fc50) returned 0x2 [0202.090] CoTaskMemAlloc (cb=0x4) returned 0x522c560 [0202.090] IEnumWbemClassObject:Next (in: This=0x6e7120, lTimeout=-1, uCount=0x1, apObjects=0x522c560, puReturned=0x23f2804 | out: apObjects=0x522c560*=0x0, puReturned=0x23f2804*=0x0) returned 0x1 [0202.092] CoTaskMemFree (pv=0x522c560) [0202.092] CoGetContextToken (in: pToken=0x37ef88 | out: pToken=0x37ef88) returned 0x0 [0202.092] IUnknown:Release (This=0x6e7120) returned 0x1 [0202.092] IUnknown:Release (This=0x6e7120) returned 0x0 [0202.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb84, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0202.142] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x37ef14, nSize=0xd8 | out: lpBuffer="") returned 0x22 [0202.154] GetUserNameW (in: lpBuffer=0x37eec4, pcbBuffer=0x23fbb20 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x23fbb20) returned 1 [0202.159] GetComputerNameW (in: lpBuffer=0x37eec4, nSize=0x23fbf94 | out: lpBuffer="Q9IATRKPRH", nSize=0x23fbf94) returned 1 [0202.189] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37eaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0202.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x37ea40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0202.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37ea0c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0202.198] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37ea70, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0202.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecb0) returned 1 [0202.198] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x37ef74 | out: lpFileInformation=0x37ef74*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0202.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ecac) returned 1 [0202.199] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x37e9bc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0202.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eed4) returned 1 [0202.200] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3c0 [0202.200] GetFileType (hFile=0x3c0) returned 0x1 [0202.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37eed0) returned 1 [0202.200] GetFileType (hFile=0x3c0) returned 0x1 [0202.206] GetFileSize (in: hFile=0x3c0, lpFileSizeHigh=0x37ef00 | out: lpFileSizeHigh=0x37ef00*=0x0) returned 0x8c8e [0202.207] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37eebc, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37eebc*=0x1000, lpOverlapped=0x0) returned 1 [0202.211] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37ee70, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37ee70*=0x1000, lpOverlapped=0x0) returned 1 [0202.211] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37edec, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37edec*=0x1000, lpOverlapped=0x0) returned 1 [0202.211] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37edec, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37edec*=0x1000, lpOverlapped=0x0) returned 1 [0202.211] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37edec, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37edec*=0x1000, lpOverlapped=0x0) returned 1 [0202.212] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37edec, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37edec*=0x1000, lpOverlapped=0x0) returned 1 [0202.212] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37ee6c, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37ee6c*=0x1000, lpOverlapped=0x0) returned 1 [0202.212] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37edec, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37edec*=0x1000, lpOverlapped=0x0) returned 1 [0202.212] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37edec, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37edec*=0xc8e, lpOverlapped=0x0) returned 1 [0202.213] ReadFile (in: hFile=0x3c0, lpBuffer=0x23fd384, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37ee98, lpOverlapped=0x0 | out: lpBuffer=0x23fd384*, lpNumberOfBytesRead=0x37ee98*=0x0, lpOverlapped=0x0) returned 1 [0202.213] CloseHandle (hObject=0x3c0) returned 1 [0202.213] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37ea08, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0202.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37ea6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0202.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecac) returned 1 [0202.214] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x37ef70 | out: lpFileInformation=0x37ef70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe6823800, ftCreationTime.dwHighDateTime=0x1cd5d46, ftLastAccessTime.dwLowDateTime=0x70169cf0, ftLastAccessTime.dwHighDateTime=0x1d706ad, ftLastWriteTime.dwLowDateTime=0xe6823800, ftLastWriteTime.dwHighDateTime=0x1cd5d46, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0202.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37eca8) returned 1 [0202.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", nBufferLength=0x105, lpBuffer=0x37e9b8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config", lpFilePart=0x0) returned 0x44 [0202.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eed0) returned 1 [0202.215] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe.Config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3c0 [0202.215] GetFileType (hFile=0x3c0) returned 0x1 [0202.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37eecc) returned 1 [0202.215] GetFileType (hFile=0x3c0) returned 0x1 [0202.215] GetFileSize (in: hFile=0x3c0, lpFileSizeHigh=0x37eefc | out: lpFileSizeHigh=0x37eefc*=0x0) returned 0xb6 [0202.216] ReadFile (in: hFile=0x3c0, lpBuffer=0x2403ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37eeb8, lpOverlapped=0x0 | out: lpBuffer=0x2403ce8*, lpNumberOfBytesRead=0x37eeb8*=0xb6, lpOverlapped=0x0) returned 1 [0202.217] ReadFile (in: hFile=0x3c0, lpBuffer=0x2403ce8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x37ee94, lpOverlapped=0x0 | out: lpBuffer=0x2403ce8*, lpNumberOfBytesRead=0x37ee94*=0x0, lpOverlapped=0x0) returned 1 [0202.217] CloseHandle (hObject=0x3c0) returned 1 [0202.234] EtwEventRegister () returned 0x0 [0202.527] GetTimeZoneInformation (in: lpTimeZoneInformation=0x37ef20 | out: lpTimeZoneInformation=0x37ef20) returned 0x2 [0202.559] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x37ed7c | out: pTimeZoneInformation=0x37ed7c) returned 0x2 [0202.562] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ee60 | out: phkResult=0x37ee60*=0x414) returned 0x0 [0202.562] RegQueryValueExW (in: hKey=0x414, lpValueName="TZI", lpReserved=0x0, lpType=0x37ee7c, lpData=0x0, lpcbData=0x37ee78*=0x0 | out: lpType=0x37ee7c*=0x3, lpData=0x0, lpcbData=0x37ee78*=0x2c) returned 0x0 [0202.562] RegQueryValueExW (in: hKey=0x414, lpValueName="TZI", lpReserved=0x0, lpType=0x37ee7c, lpData=0x240f4d0, lpcbData=0x37ee78*=0x2c | out: lpType=0x37ee7c*=0x3, lpData=0x240f4d0*, lpcbData=0x37ee78*=0x2c) returned 0x0 [0202.563] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ecb4 | out: phkResult=0x37ecb4*=0x0) returned 0x2 [0202.564] RegQueryValueExW (in: hKey=0x414, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x37ee54, lpData=0x0, lpcbData=0x37ee50*=0x0 | out: lpType=0x37ee54*=0x1, lpData=0x0, lpcbData=0x37ee50*=0x20) returned 0x0 [0202.565] RegQueryValueExW (in: hKey=0x414, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x37ee54, lpData=0x240f8f4, lpcbData=0x37ee50*=0x20 | out: lpType=0x37ee54*=0x1, lpData="@tzres.dll,-320", lpcbData=0x37ee50*=0x20) returned 0x0 [0202.565] RegQueryValueExW (in: hKey=0x414, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x37ee54, lpData=0x0, lpcbData=0x37ee50*=0x0 | out: lpType=0x37ee54*=0x1, lpData=0x0, lpcbData=0x37ee50*=0x20) returned 0x0 [0202.565] RegQueryValueExW (in: hKey=0x414, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x37ee54, lpData=0x240f94c, lpcbData=0x37ee50*=0x20 | out: lpType=0x37ee54*=0x1, lpData="@tzres.dll,-322", lpcbData=0x37ee50*=0x20) returned 0x0 [0202.565] RegQueryValueExW (in: hKey=0x414, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x37ee54, lpData=0x0, lpcbData=0x37ee50*=0x0 | out: lpType=0x37ee54*=0x1, lpData=0x0, lpcbData=0x37ee50*=0x20) returned 0x0 [0202.565] RegQueryValueExW (in: hKey=0x414, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x37ee54, lpData=0x240f9a4, lpcbData=0x37ee50*=0x20 | out: lpType=0x37ee54*=0x1, lpData="@tzres.dll,-321", lpcbData=0x37ee50*=0x20) returned 0x0 [0202.574] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.574] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x754a50 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.576] CoTaskMemFree (pv=0x754a50) [0202.577] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.578] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x37ee70, pwszFileMUIPath=0x754a50, pcchFileMUIPath=0x37ee74, pululEnumerator=0x37ee68 | out: pwszLanguage=0x0, pcchLanguage=0x37ee70, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x37ee74, pululEnumerator=0x37ee68) returned 1 [0202.582] CoTaskMemFree (pv=0x0) [0202.582] CoTaskMemFree (pv=0x754a50) [0202.583] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3e0001 [0202.590] CoTaskMemAlloc (cb=0x3ec) returned 0x754a50 [0202.590] LoadStringW (in: hInstance=0x3e0001, uID=0x140, lpBuffer=0x754a50, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0202.590] CoTaskMemFree (pv=0x754a50) [0202.591] FreeLibrary (hLibModule=0x3e0001) returned 1 [0202.591] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.591] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x754a50 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.592] CoTaskMemFree (pv=0x754a50) [0202.592] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.592] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x37ee70, pwszFileMUIPath=0x754a50, pcchFileMUIPath=0x37ee74, pululEnumerator=0x37ee68 | out: pwszLanguage=0x0, pcchLanguage=0x37ee70, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x37ee74, pululEnumerator=0x37ee68) returned 1 [0202.596] CoTaskMemFree (pv=0x0) [0202.596] CoTaskMemFree (pv=0x754a50) [0202.596] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3e0001 [0202.599] CoTaskMemAlloc (cb=0x3ec) returned 0x754a50 [0202.599] LoadStringW (in: hInstance=0x3e0001, uID=0x142, lpBuffer=0x754a50, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0202.599] CoTaskMemFree (pv=0x754a50) [0202.599] FreeLibrary (hLibModule=0x3e0001) returned 1 [0202.601] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.601] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x754a50 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0202.601] CoTaskMemFree (pv=0x754a50) [0202.601] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.601] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x37ee70, pwszFileMUIPath=0x754a50, pcchFileMUIPath=0x37ee74, pululEnumerator=0x37ee68 | out: pwszLanguage=0x0, pcchLanguage=0x37ee70, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x37ee74, pululEnumerator=0x37ee68) returned 1 [0202.604] CoTaskMemFree (pv=0x0) [0202.604] CoTaskMemFree (pv=0x754a50) [0202.604] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x3e0001 [0202.614] CoTaskMemAlloc (cb=0x3ec) returned 0x754a50 [0202.614] LoadStringW (in: hInstance=0x3e0001, uID=0x141, lpBuffer=0x754a50, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0202.615] CoTaskMemFree (pv=0x754a50) [0202.615] FreeLibrary (hLibModule=0x3e0001) returned 1 [0202.615] RegCloseKey (hKey=0x414) returned 0x0 [0202.761] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37f0cc | out: phkResult=0x37f0cc*=0x414) returned 0x0 [0202.768] RegDeleteValueW (hKey=0x414, lpValueName="Acrobat") returned 0x2 [0202.909] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.909] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x754a50, nSize=0x104 | out: lpBuffer="") returned 0x22 [0202.909] CoTaskMemFree (pv=0x754a50) [0202.912] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x37eb9c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", lpFilePart=0x0) returned 0x2b [0202.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37edd8) returned 1 [0202.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0x37f09c | out: lpFileInformation=0x37f09c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37edd4) returned 1 [0202.913] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0202.913] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x754a50, nSize=0x104 | out: lpBuffer="") returned 0x22 [0202.913] CoTaskMemFree (pv=0x754a50) [0202.913] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", nBufferLength=0x105, lpBuffer=0x37eba0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\", lpFilePart=0x0) returned 0x2b [0202.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ed68) returned 1 [0202.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0x37f02c | out: lpFileInformation=0x37f02c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ed64) returned 1 [0202.914] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ed68) returned 1 [0202.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0x37f02c | out: lpFileInformation=0x37f02c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ed64) returned 1 [0202.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ed68) returned 1 [0202.915] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0x37f02c | out: lpFileInformation=0x37f02c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x794f55f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x95d468d0, ftLastAccessTime.dwHighDateTime=0x1d8a744, ftLastWriteTime.dwLowDateTime=0x95d468d0, ftLastWriteTime.dwHighDateTime=0x1d8a744, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0202.915] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ed64) returned 1 [0202.917] CreateDirectoryW (lpPathName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat"), lpSecurityAttributes=0x0) returned 1 [0202.921] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x37eba4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0202.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ede4) returned 1 [0202.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), fInfoLevelId=0x0, lpFileInformation=0x37f0a8 | out: lpFileInformation=0x37f0a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ede0) returned 1 [0202.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eba4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0202.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ede4) returned 1 [0202.921] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x37f0a8 | out: lpFileInformation=0x37f0a8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x23456500, ftCreationTime.dwHighDateTime=0x1d4e503, ftLastAccessTime.dwLowDateTime=0xb9e9cb30, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0xa098)) returned 1 [0202.921] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ede0) returned 1 [0202.921] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x37eba4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0202.921] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ede4) returned 1 [0202.922] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), fInfoLevelId=0x0, lpFileInformation=0x37f0a8 | out: lpFileInformation=0x37f0a8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0202.922] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ede0) returned 1 [0202.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", nBufferLength=0x105, lpBuffer=0x37eb54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe", lpFilePart=0x0) returned 0x3d [0202.922] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x37eb54, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0202.922] CopyFileW (lpExistingFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\InstallUtil.exe" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\installutil.exe"), lpNewFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), bFailIfExists=0) returned 1 [0202.938] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x37ebb4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0202.939] SetFileAttributesW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", dwFileAttributes=0x6) returned 1 [0202.939] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37f098 | out: phkResult=0x37f098*=0x418) returned 0x0 [0202.941] RegQueryValueExW (in: hKey=0x418, lpValueName="Acrobat", lpReserved=0x0, lpType=0x37f08c, lpData=0x0, lpcbData=0x37f088*=0x0 | out: lpType=0x37f08c*=0x0, lpData=0x0, lpcbData=0x37f088*=0x0) returned 0x2 [0202.942] RegSetValueExW (in: hKey=0x418, lpValueName="Acrobat", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", cbData=0x6e | out: lpData="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe") returned 0x0 [0202.954] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37f098 | out: phkResult=0x37f098*=0x0) returned 0x2 [0202.958] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", nBufferLength=0x105, lpBuffer=0x37eb84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe", lpFilePart=0x0) returned 0x36 [0202.958] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37edc4) returned 1 [0202.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe"), fInfoLevelId=0x0, lpFileInformation=0x37f088 | out: lpFileInformation=0x37f088*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x7e33c8c0, ftCreationTime.dwHighDateTime=0x1d8a8ba, ftLastAccessTime.dwLowDateTime=0x7e33c8c0, ftLastAccessTime.dwHighDateTime=0x1d8a8ba, ftLastWriteTime.dwLowDateTime=0x23456500, ftLastWriteTime.dwHighDateTime=0x1d4e503, nFileSizeHigh=0x0, nFileSizeLow=0xa098)) returned 1 [0202.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37edc0) returned 1 [0203.003] DeleteFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe:Zone.Identifier" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe:zone.identifier")) returned 0 [0203.202] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0203.202] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x754a50 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0203.205] CoTaskMemFree (pv=0x754a50) [0203.205] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0203.209] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0203.209] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x754a50 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0203.209] CoTaskMemFree (pv=0x754a50) [0203.209] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0203.422] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0203.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.423] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.423] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x30 [0203.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0203.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.424] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0203.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.425] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0203.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.425] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0203.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.426] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0203.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.426] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0203.426] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.427] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0203.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.427] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0203.427] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.427] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.427] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0203.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.428] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0203.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.428] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0203.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.429] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0203.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.429] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.429] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3e [0203.429] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.430] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0203.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.430] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0203.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.431] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0203.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.431] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0203.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.432] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0203.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.432] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0203.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.432] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0203.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.433] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x54 [0203.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.433] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0203.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.433] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0203.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.434] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0203.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0203.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0203.450] CoTaskMemAlloc (cb=0x20c) returned 0x754a50 [0203.450] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x754a50, nSize=0x104 | out: lpBuffer="") returned 0x22 [0203.450] CoTaskMemFree (pv=0x754a50) [0203.553] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b [0203.554] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0203.554] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0203.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0203.621] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3b [0203.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0203.621] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0203.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0203.703] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.703] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x754be0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0203.703] CoTaskMemFree (pv=0x754be0) [0203.703] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e744, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0203.705] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x37e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4a [0203.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea1c) returned 1 [0203.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ece0 | out: lpFileInformation=0x37ece0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea18) returned 1 [0203.770] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.770] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x754be0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0203.770] CoTaskMemFree (pv=0x754be0) [0203.770] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0203.771] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x37e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x45 [0203.772] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea04) returned 1 [0203.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ecc8 | out: lpFileInformation=0x37ecc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.773] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea00) returned 1 [0203.784] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37 [0203.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0203.784] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0203.787] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0203.794] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x37 [0203.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0203.794] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0203.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0203.810] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f [0203.810] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0203.810] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0203.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0203.816] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x4f [0203.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0203.817] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0203.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0203.857] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ecac | out: phkResult=0x37ecac*=0x0) returned 0x2 [0203.889] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.889] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x754be0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0203.889] CoTaskMemFree (pv=0x754be0) [0203.889] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0203.894] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x37e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3c [0203.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9fc) returned 1 [0203.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ecc0 | out: lpFileInformation=0x37ecc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9f8) returned 1 [0203.894] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x37e7c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x55 [0203.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea08) returned 1 [0203.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x37eccc | out: lpFileInformation=0x37eccc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea04) returned 1 [0203.920] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.920] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x754be0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0203.920] CoTaskMemFree (pv=0x754be0) [0203.921] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0203.924] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.924] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x754be0 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0203.924] CoTaskMemFree (pv=0x754be0) [0203.924] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0203.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x37e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2c [0203.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea08) returned 1 [0203.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x37eccc | out: lpFileInformation=0x37eccc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea04) returned 1 [0203.983] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.983] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x754be0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0203.983] CoTaskMemFree (pv=0x754be0) [0203.986] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0203.986] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x754be0, nSize=0x104 | out: lpBuffer="") returned 0x16 [0203.986] CoTaskMemFree (pv=0x754be0) [0203.989] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x37e798, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39 [0203.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9d8) returned 1 [0203.989] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x37ec9c | out: lpFileInformation=0x37ec9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0203.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9d4) returned 1 [0204.049] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0204.049] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x754be0, nSize=0x104 | out: lpBuffer="") returned 0x22 [0204.049] CoTaskMemFree (pv=0x754be0) [0204.050] CoTaskMemAlloc (cb=0x20c) returned 0x754be0 [0204.050] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x754be0, nSize=0x104 | out: lpBuffer="") returned 0x22 [0204.050] CoTaskMemFree (pv=0x754be0) [0204.051] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x37e79c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x2f [0204.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9d8) returned 1 [0204.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x37ec9c | out: lpFileInformation=0x37ec9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9d4) returned 1 [0204.052] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x37e79c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x30 [0204.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9d8) returned 1 [0204.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x37ec9c | out: lpFileInformation=0x37ec9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9d4) returned 1 [0204.081] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\FTPWare\\COREFTP\\Sites", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eccc | out: phkResult=0x37eccc*=0x0) returned 0x2 [0204.089] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41 [0204.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0204.090] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0204.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0204.128] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x41 [0204.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0204.129] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0204.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0204.221] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x0) returned 0x2 [0204.225] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x0) returned 0x2 [0204.228] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x0) returned 0x2 [0204.232] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x40c) returned 0x0 [0204.233] RegQueryInfoKeyW (in: hKey=0x40c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x37ec84, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x37ec80, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x37ec84*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x37ec80*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.236] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x0, lpName=0x243af98, lpcchName=0x37eca0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x37eca0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.236] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x1, lpName=0x243af98, lpcchName=0x37eca0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x37eca0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.236] RegEnumKeyExW (in: hKey=0x40c, dwIndex=0x2, lpName=0x243af98, lpcchName=0x37eca0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x37eca0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0204.236] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x41c) returned 0x0 [0204.239] RegQueryValueExW (in: hKey=0x41c, lpValueName="Email", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.240] RegQueryValueExW (in: hKey=0x41c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.244] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.245] RegQueryValueExW (in: hKey=0x41c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.247] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.247] RegCloseKey (hKey=0x41c) returned 0x0 [0204.247] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x41c) returned 0x0 [0204.247] RegQueryValueExW (in: hKey=0x41c, lpValueName="Email", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x1, lpData=0x0, lpcbData=0x37ec78*=0x1e) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="Email", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243b58c, lpcbData=0x37ec78*=0x1e | out: lpType=0x37ec7c*=0x1, lpData="franc@gdllo.de", lpcbData=0x37ec78*=0x1e) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x3, lpData=0x0, lpcbData=0x37ec78*=0x111) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243b5e4, lpcbData=0x37ec78*=0x111 | out: lpType=0x37ec7c*=0x3, lpData=0x243b5e4*, lpcbData=0x37ec78*=0x111) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x3, lpData=0x0, lpcbData=0x37ec78*=0x111) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243b738, lpcbData=0x37ec78*=0x111 | out: lpType=0x37ec7c*=0x3, lpData=0x243b738*, lpcbData=0x37ec78*=0x111) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x3, lpData=0x0, lpcbData=0x37ec78*=0x111) returned 0x0 [0204.248] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243b858, lpcbData=0x37ec78*=0x111 | out: lpType=0x37ec7c*=0x3, lpData=0x243b858*, lpcbData=0x37ec78*=0x111) returned 0x0 [0204.380] CryptUnprotectData (in: pDataIn=0x37ec64, ppszDataDescr=0x0, pOptionalEntropy=0x37ec5c, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x37ec6c | out: ppszDataDescr=0x0, pDataOut=0x37ec6c) returned 1 [0204.447] LocalFree (hMem=0x5244b28) returned 0x0 [0204.448] RegQueryValueExW (in: hKey=0x41c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.448] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.448] RegQueryValueExW (in: hKey=0x41c, lpValueName="Email", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x1, lpData=0x0, lpcbData=0x37ec78*=0x1e) returned 0x0 [0204.448] RegQueryValueExW (in: hKey=0x41c, lpValueName="Email", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243bb44, lpcbData=0x37ec78*=0x1e | out: lpType=0x37ec7c*=0x1, lpData="franc@gdllo.de", lpcbData=0x37ec78*=0x1e) returned 0x0 [0204.451] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x1, lpData=0x0, lpcbData=0x37ec78*=0x1c) returned 0x0 [0204.451] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243bbc0, lpcbData=0x37ec78*=0x1c | out: lpType=0x37ec7c*=0x1, lpData="smtp.gdllo.de", lpcbData=0x37ec78*=0x1c) returned 0x0 [0204.451] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x1, lpData=0x0, lpcbData=0x37ec78*=0x1c) returned 0x0 [0204.451] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x37ec7c, lpData=0x243bc10, lpcbData=0x37ec78*=0x1c | out: lpType=0x37ec7c*=0x1, lpData="smtp.gdllo.de", lpcbData=0x37ec78*=0x1c) returned 0x0 [0204.457] RegCloseKey (hKey=0x41c) returned 0x0 [0204.457] RegOpenKeyExW (in: hKey=0x40c, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec5c | out: phkResult=0x37ec5c*=0x41c) returned 0x0 [0204.457] RegQueryValueExW (in: hKey=0x41c, lpValueName="Email", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.457] RegQueryValueExW (in: hKey=0x41c, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.457] RegQueryValueExW (in: hKey=0x41c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.457] RegQueryValueExW (in: hKey=0x41c, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.457] RegQueryValueExW (in: hKey=0x41c, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x37ec7c, lpData=0x0, lpcbData=0x37ec78*=0x0 | out: lpType=0x37ec7c*=0x0, lpData=0x0, lpcbData=0x37ec78*=0x0) returned 0x2 [0204.457] RegCloseKey (hKey=0x41c) returned 0x0 [0204.485] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.485] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75aa58 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0204.485] CoTaskMemFree (pv=0x75aa58) [0204.486] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e72c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0204.488] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x37e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x41 [0204.488] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea04) returned 1 [0204.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x37ecc8 | out: lpFileInformation=0x37ecc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea00) returned 1 [0204.514] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.514] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x75aa58, nSize=0x104 | out: lpBuffer="") returned 0x2 [0204.514] CoTaskMemFree (pv=0x75aa58) [0204.517] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x37e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13 [0204.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea1c) returned 1 [0204.517] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x37ece0 | out: lpFileInformation=0x37ece0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea18) returned 1 [0204.555] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.555] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75aa58 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0204.555] CoTaskMemFree (pv=0x75aa58) [0204.555] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0204.558] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x37e7cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x28 [0204.558] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea40) returned 1 [0204.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x243cfa0 | out: lpFileInformation=0x243cfa0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.559] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea3c) returned 1 [0204.563] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0204.578] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e [0204.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0204.579] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0204.580] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0204.584] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x4e [0204.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0204.584] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0204.586] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0204.660] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.660] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x75aa58 | out: pszPath="C:\\ProgramData") returned 0x0 [0204.663] CoTaskMemFree (pv=0x75aa58) [0204.663] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x37e6a4, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0204.664] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.664] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75aa58 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0204.664] CoTaskMemFree (pv=0x75aa58) [0204.664] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e6a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0204.664] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\FlashFXP\\", nBufferLength=0x105, lpBuffer=0x37e734, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\FlashFXP\\", lpFilePart=0x0) returned 0x18 [0204.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e970) returned 1 [0204.664] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\FlashFXP\\" (normalized: "c:\\programdata\\flashfxp"), fInfoLevelId=0x0, lpFileInformation=0x37ec34 | out: lpFileInformation=0x37ec34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e96c) returned 1 [0204.665] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FlashFXP\\", nBufferLength=0x105, lpBuffer=0x37e734, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FlashFXP\\", lpFilePart=0x0) returned 0x2c [0204.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e970) returned 1 [0204.665] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FlashFXP\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flashfxp"), fInfoLevelId=0x0, lpFileInformation=0x37ec34 | out: lpFileInformation=0x37ec34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e96c) returned 1 [0204.750] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec98 | out: phkResult=0x37ec98*=0x0) returned 0x2 [0204.812] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.812] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75aa58 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0204.812] CoTaskMemFree (pv=0x75aa58) [0204.812] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e704, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0204.819] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e664, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x3d [0204.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb7c) returned 1 [0204.819] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0204.821] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d998) returned 1 [0204.905] CoTaskMemAlloc (cb=0x20c) returned 0x75aa58 [0204.905] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75aa58 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0204.905] CoTaskMemFree (pv=0x75aa58) [0204.905] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e558, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0204.906] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x37e5cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x39 [0204.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e808) returned 1 [0204.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37eacc | out: lpFileInformation=0x37eacc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0204.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e804) returned 1 [0205.067] VaultEnumerateVaults () returned 0x0 [0205.867] VaultOpenVault () returned 0x0 [0205.878] VaultEnumerateItems () returned 0x0 [0205.879] VaultOpenVault () returned 0x0 [0205.879] VaultEnumerateItems () returned 0x0 [0205.910] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x37ebc0, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0205.910] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x37ebc0, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0205.914] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0205.914] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0205.915] CoTaskMemFree (pv=0x75ad70) [0205.917] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x37e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d [0205.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea18) returned 1 [0205.917] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x37ecdc | out: lpFileInformation=0x37ecdc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0205.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea14) returned 1 [0205.917] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x37e7dc, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f [0205.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea18) returned 1 [0205.917] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x37ecdc | out: lpFileInformation=0x37ecdc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0205.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea14) returned 1 [0205.927] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e [0205.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0205.928] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0205.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0205.933] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x3e [0205.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0205.934] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0205.935] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0205.967] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x37eccc | out: phkResult=0x37eccc*=0x0) returned 0x2 [0205.976] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0205.976] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0205.978] CoTaskMemFree (pv=0x75ad70) [0205.978] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x37e754, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0205.982] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0205.982] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0205.982] CoTaskMemFree (pv=0x75ad70) [0205.982] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e754, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0205.998] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x37e7bc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0205.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9fc) returned 1 [0205.998] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x37ecc0 | out: lpFileInformation=0x37ecc0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0205.999] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9f8) returned 1 [0206.008] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.008] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.009] CoTaskMemFree (pv=0x75ad70) [0206.009] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.011] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x37e804, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x38 [0206.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea44) returned 1 [0206.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x37ed08 | out: lpFileInformation=0x37ed08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.011] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea40) returned 1 [0206.035] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.035] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0206.035] CoTaskMemFree (pv=0x75ad70) [0206.035] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e73c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0206.037] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x37e7d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x38 [0206.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea14) returned 1 [0206.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x37ecd8 | out: lpFileInformation=0x37ecd8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea10) returned 1 [0206.049] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38 [0206.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.050] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.054] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x38 [0206.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.054] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.154] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.154] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.155] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.155] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.155] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.156] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.156] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.156] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.157] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.157] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.158] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.158] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.158] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.158] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.159] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.159] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ebe0 | out: phkResult=0x37ebe0*=0x0) returned 0x2 [0206.160] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.160] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.160] CoTaskMemFree (pv=0x75ad70) [0206.162] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.162] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.162] CoTaskMemFree (pv=0x75ad70) [0206.163] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.163] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.163] CoTaskMemFree (pv=0x75ad70) [0206.163] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.164] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.164] CoTaskMemFree (pv=0x75ad70) [0206.164] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.164] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.164] CoTaskMemFree (pv=0x75ad70) [0206.165] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.165] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.165] CoTaskMemFree (pv=0x75ad70) [0206.165] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.165] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.165] CoTaskMemFree (pv=0x75ad70) [0206.165] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.165] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x16 [0206.165] CoTaskMemFree (pv=0x75ad70) [0206.165] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0206.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.165] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.166] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0206.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.166] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.166] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0206.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.166] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.166] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.167] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0206.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.167] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.167] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0206.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.167] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.167] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0206.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.167] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.167] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0206.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.167] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.167] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x37e6ec, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0206.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e92c) returned 1 [0206.168] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ebf0 | out: lpFileInformation=0x37ebf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e928) returned 1 [0206.206] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.206] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x22 [0206.206] CoTaskMemFree (pv=0x75ad70) [0206.208] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x37e78c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x43 [0206.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9cc) returned 1 [0206.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x37ec90 | out: lpFileInformation=0x37ec90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9c8) returned 1 [0206.278] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eb50 | out: phkResult=0x37eb50*=0x0) returned 0x2 [0206.283] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eb50 | out: phkResult=0x37eb50*=0x0) returned 0x2 [0206.286] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x37e694, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0206.286] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e8d0) returned 1 [0206.286] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x37eb94 | out: lpFileInformation=0x37eb94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.287] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e8cc) returned 1 [0206.288] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x37e694, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0206.288] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e8d0) returned 1 [0206.288] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x37eb94 | out: lpFileInformation=0x37eb94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e8cc) returned 1 [0206.288] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.288] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.288] CoTaskMemFree (pv=0x75ad70) [0206.288] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.290] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x37e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x49 [0206.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e8d0) returned 1 [0206.290] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x37eb94 | out: lpFileInformation=0x37eb94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.290] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e8cc) returned 1 [0206.290] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.290] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.290] CoTaskMemFree (pv=0x75ad70) [0206.290] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e608, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.291] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x37e694, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4f [0206.292] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e8d0) returned 1 [0206.292] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x37eb94 | out: lpFileInformation=0x37eb94*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.292] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e8cc) returned 1 [0206.303] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40 [0206.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.304] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.310] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x40 [0206.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.311] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.338] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.338] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x2 [0206.338] CoTaskMemFree (pv=0x75ad70) [0206.339] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x37e684, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c [0206.339] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb9c) returned 1 [0206.340] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.384] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e654, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x3d [0206.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb6c) returned 1 [0206.384] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.386] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d988) returned 1 [0206.451] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.451] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.451] CoTaskMemFree (pv=0x75ad70) [0206.451] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.452] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37 [0206.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9f4) returned 1 [0206.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x37ecb8 | out: lpFileInformation=0x37ecb8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0206.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9f0) returned 1 [0206.453] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.453] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.453] CoTaskMemFree (pv=0x75ad70) [0206.453] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecb4) returned 1 [0206.454] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x37 [0206.455] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x37ea64 | out: lpFindFileData=0x37ea64*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x702e90 [0206.456] FindNextFileW (in: hFindFile=0x702e90, lpFindFileData=0x37ea6c | out: lpFindFileData=0x37ea6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.456] FindNextFileW (in: hFindFile=0x702e90, lpFindFileData=0x37ea6c | out: lpFindFileData=0x37ea6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x798876f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x798876f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0206.456] FindClose (in: hFindFile=0x702e90 | out: hFindFile=0x702e90) returned 1 [0206.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea24) returned 1 [0206.456] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ec84) returned 1 [0206.458] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.458] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0206.458] CoTaskMemFree (pv=0x75ad70) [0206.458] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0206.458] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39 [0206.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9f4) returned 1 [0206.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x37ecb8 | out: lpFileInformation=0x37ecb8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0206.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9f0) returned 1 [0206.458] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.459] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0206.459] CoTaskMemFree (pv=0x75ad70) [0206.459] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e728, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0206.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ecb4) returned 1 [0206.459] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x37e794, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x39 [0206.459] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x37ea64 | out: lpFindFileData=0x37ea64*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x702e90 [0206.459] FindNextFileW (in: hFindFile=0x702e90, lpFindFileData=0x37ea6c | out: lpFindFileData=0x37ea6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0206.460] FindNextFileW (in: hFindFile=0x702e90, lpFindFileData=0x37ea6c | out: lpFindFileData=0x37ea6c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x796260f0, ftCreationTime.dwHighDateTime=0x1d70509, ftLastAccessTime.dwLowDateTime=0x796260f0, ftLastAccessTime.dwHighDateTime=0x1d70509, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0206.460] FindClose (in: hFindFile=0x702e90 | out: hFindFile=0x702e90) returned 1 [0206.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea24) returned 1 [0206.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ec84) returned 1 [0206.504] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ec80 | out: phkResult=0x37ec80*=0x0) returned 0x2 [0206.507] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x37e7c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\Desktop\\Folder.lst", lpFilePart=0x0) returned 0x25 [0206.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ea04) returned 1 [0206.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\Desktop\\Folder.lst" (normalized: "c:\\users\\keecfmwgj\\desktop\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x37ecc8 | out: lpFileInformation=0x37ecc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.508] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea00) returned 1 [0206.523] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.523] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.523] CoTaskMemFree (pv=0x75ad70) [0206.523] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e748, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eccc) returned 1 [0206.529] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x37e7ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2b [0206.530] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucbrowser\\*"), lpFindFileData=0x37ea7c | out: lpFindFileData=0x37ea7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37ea3c) returned 1 [0206.543] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.543] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0206.543] CoTaskMemFree (pv=0x75ad70) [0206.543] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x37e758, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0206.548] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x37e77c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x39 [0206.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9b8) returned 1 [0206.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x37ec7c | out: lpFileInformation=0x37ec7c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9b4) returned 1 [0206.594] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.594] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x22 [0206.594] CoTaskMemFree (pv=0x75ad70) [0206.595] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x37e7b8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2b [0206.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9f4) returned 1 [0206.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x37ecb8 | out: lpFileInformation=0x37ecb8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9f0) returned 1 [0206.632] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x37ecbc | out: phkResult=0x37ecbc*=0x0) returned 0x2 [0206.645] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45 [0206.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.646] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.651] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x45 [0206.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.651] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.703] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x37eca8 | out: phkResult=0x37eca8*=0x0) returned 0x2 [0206.707] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f [0206.707] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.707] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.712] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x3f [0206.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.712] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.727] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.727] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x22 [0206.727] CoTaskMemFree (pv=0x75ad70) [0206.729] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.729] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x22 [0206.729] CoTaskMemFree (pv=0x75ad70) [0206.733] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x37e720, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x54 [0206.733] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x37e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e [0206.733] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37ebec) returned 1 [0206.734] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x37e6cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x4e [0206.734] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\smartftp\\client 2.0\\favorites\\quick connect\\*.xml"), lpFindFileData=0x37e99c | out: lpFindFileData=0x37e99c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0206.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e95c) returned 1 [0206.748] SetErrorInfo (dwReserved=0x0, perrinfo=0x5247944) returned 0x0 [0206.749] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x37e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x4f [0206.778] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.778] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x22 [0206.778] CoTaskMemFree (pv=0x75ad70) [0206.781] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x37e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x3e [0206.781] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eba8) returned 1 [0206.781] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.783] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9c8) returned 1 [0206.855] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.855] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0206.855] CoTaskMemFree (pv=0x75ad70) [0206.855] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x37e664, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0206.858] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x37e6f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x2d [0206.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e930) returned 1 [0206.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x37ebf4 | out: lpFileInformation=0x37ebf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e92c) returned 1 [0206.861] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x37e6fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x35 [0206.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e93c) returned 1 [0206.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x37ec00 | out: lpFileInformation=0x37ec00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e938) returned 1 [0206.874] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38 [0206.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.874] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.880] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x37e680, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x38 [0206.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37eb98) returned 1 [0206.880] CreateFileW (lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0206.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37d9b8) returned 1 [0206.926] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0206.926] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x22 [0206.927] CoTaskMemFree (pv=0x75ad70) [0206.929] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x37e79c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x38 [0206.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x37e9dc) returned 1 [0206.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x37eca0 | out: lpFileInformation=0x37eca0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0206.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x37e9d8) returned 1 [0206.953] GetUserNameW (in: lpBuffer=0x37ee1c, pcbBuffer=0x2465664 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x2465664) returned 1 [0206.954] GetComputerNameW (in: lpBuffer=0x37ee1c, nSize=0x2465b18 | out: lpBuffer="Q9IATRKPRH", nSize=0x2465b18) returned 1 [0206.984] GetUserNameW (in: lpBuffer=0x37ee0c, pcbBuffer=0x24663f8 | out: lpBuffer="kEecfMwgj", pcbBuffer=0x24663f8) returned 1 [0206.987] GetComputerNameW (in: lpBuffer=0x37ee0c, nSize=0x2466888 | out: lpBuffer="Q9IATRKPRH", nSize=0x2466888) returned 1 [0206.992] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x434 [0206.992] SetEvent (hEvent=0x2b4) returned 1 [0206.993] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef8c*=0x434, lpdwindex=0x37edb0 | out: lpdwindex=0x37edb0) returned 0x0 [0206.997] CoGetContextToken (in: pToken=0x37ee64 | out: pToken=0x37ee64) returned 0x0 [0206.998] CoGetContextToken (in: pToken=0x37edc4 | out: pToken=0x37edc4) returned 0x0 [0206.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x37ee94*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee90 | out: ppvObject=0x37ee90*=0x731a80) returned 0x0 [0206.998] WbemDefPath:IUnknown:AddRef (This=0x731a80) returned 0x3 [0206.998] WbemDefPath:IUnknown:Release (This=0x731a80) returned 0x2 [0206.998] WbemDefPath:IWbemPath:SetText (This=0x731a80, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0206.998] WbemDefPath:IWbemPath:GetInfo (in: This=0x731a80, uRequestedInfo=0x0, puResponse=0x37f038 | out: puResponse=0x37f038*=0xc15) returned 0x0 [0206.998] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731a80, puCount=0x37f030 | out: puCount=0x37f030*=0x0) returned 0x0 [0207.000] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37f008 | out: puCount=0x37f008*=0x2) returned 0x0 [0207.000] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37f004*=0x0, pszText=0x0 | out: puBuffLength=0x37f004*=0xf, pszText=0x0) returned 0x0 [0207.000] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37f004*=0xf, pszText="00000000000000" | out: puBuffLength=0x37f004*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.015] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea0*=0x448, lpdwindex=0x37ed58 | out: lpdwindex=0x37ed58) returned 0x0 [0207.039] CoGetContextToken (in: pToken=0x37ed54 | out: pToken=0x37ed54) returned 0x0 [0207.039] CoGetContextToken (in: pToken=0x37ecb4 | out: pToken=0x37ecb4) returned 0x0 [0207.039] CoGetContextToken (in: pToken=0x37ecb4 | out: pToken=0x37ecb4) returned 0x0 [0207.039] CoGetContextToken (in: pToken=0x37ec54 | out: pToken=0x37ec54) returned 0x0 [0207.039] IUnknown:QueryInterface (in: This=0x6ad938, riid=0x71938ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ec2c | out: ppvObject=0x37ec2c*=0x6ad948) returned 0x0 [0207.040] CObjectContext::ContextCallback () returned 0x0 [0207.041] IUnknown:Release (This=0x6ad948) returned 0x1 [0207.041] CoUnmarshalInterface (in: pStm=0x5231db0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37eca8 | out: ppv=0x37eca8*=0x732ce4) returned 0x0 [0207.042] CoMarshalInterface (pStm=0x5231db0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x732ce4, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0207.042] WbemLocator:IUnknown:QueryInterface (in: This=0x732ce4, riid=0x37ed84*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ed80 | out: ppvObject=0x37ed80*=0x52426c8) returned 0x0 [0207.043] WbemLocator:IUnknown:Release (This=0x732ce4) returned 0x1 [0207.043] IWbemServices:ExecQuery (in: This=0x52426c8, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x37ef68 | out: ppEnum=0x37ef68*=0x6e7058) returned 0x0 [0207.059] IUnknown:QueryInterface (in: This=0x6e7058, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edb8 | out: ppvObject=0x37edb8*=0x6e705c) returned 0x0 [0207.059] IClientSecurity:QueryBlanket (in: This=0x6e705c, pProxy=0x6e7058, pAuthnSvc=0x37ee08, pAuthzSvc=0x37ee04, pServerPrincName=0x37edfc, pAuthnLevel=0x37ee00, pImpLevel=0x37edf0, pAuthInfo=0x37edf4, pCapabilites=0x37edf8 | out: pAuthnSvc=0x37ee08*=0xa, pAuthzSvc=0x37ee04*=0x0, pServerPrincName=0x37edfc, pAuthnLevel=0x37ee00*=0x6, pImpLevel=0x37edf0*=0x2, pAuthInfo=0x37edf4, pCapabilites=0x37edf8*=0x1) returned 0x0 [0207.059] IUnknown:Release (This=0x6e705c) returned 0x1 [0207.059] IUnknown:QueryInterface (in: This=0x6e7058, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edac | out: ppvObject=0x37edac*=0x732dd4) returned 0x0 [0207.059] IUnknown:QueryInterface (in: This=0x6e7058, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ed98 | out: ppvObject=0x37ed98*=0x6e705c) returned 0x0 [0207.059] IClientSecurity:SetBlanket (This=0x6e705c, pProxy=0x6e7058, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.070] IUnknown:Release (This=0x6e705c) returned 0x2 [0207.070] WbemLocator:IUnknown:Release (This=0x732dd4) returned 0x1 [0207.070] CoTaskMemFree (pv=0x52442a8) [0207.070] IUnknown:AddRef (This=0x6e7058) returned 0x2 [0207.071] CoGetContextToken (in: pToken=0x37e2d8 | out: pToken=0x37e2d8) returned 0x0 [0207.071] CoGetContextToken (in: pToken=0x37e6ec | out: pToken=0x37e6ec) returned 0x0 [0207.071] IUnknown:QueryInterface (in: This=0x6e7058, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e684 | out: ppvObject=0x37e684*=0x732dbc) returned 0x0 [0207.071] WbemLocator:IRpcOptions:Query (in: This=0x732dbc, pPrx=0x524a940, dwProperty=2, pdwValue=0x37e778 | out: pdwValue=0x37e778) returned 0x80004002 [0207.071] WbemLocator:IUnknown:Release (This=0x732dbc) returned 0x2 [0207.071] CoGetContextToken (in: pToken=0x37ecbc | out: pToken=0x37ecbc) returned 0x0 [0207.071] CoGetContextToken (in: pToken=0x37ec1c | out: pToken=0x37ec1c) returned 0x0 [0207.071] IUnknown:QueryInterface (in: This=0x6e7058, riid=0x37ecec*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ebb8 | out: ppvObject=0x37ebb8*=0x6e7058) returned 0x0 [0207.072] IUnknown:Release (This=0x6e7058) returned 0x2 [0207.072] WbemLocator:IUnknown:Release (This=0x52426c8) returned 0x0 [0207.072] SysStringLen (param_1=0x0) returned 0x0 [0207.072] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37efb4 | out: puCount=0x37efb4*=0x2) returned 0x0 [0207.072] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efb0*=0x0, pszText=0x0 | out: puBuffLength=0x37efb0*=0xf, pszText=0x0) returned 0x0 [0207.072] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efb0*=0xf, pszText="00000000000000" | out: puBuffLength=0x37efb0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.073] CoGetContextToken (in: pToken=0x37edfc | out: pToken=0x37edfc) returned 0x0 [0207.073] IEnumWbemClassObject:Clone (in: This=0x6e7058, ppEnum=0x37efb0 | out: ppEnum=0x37efb0*=0x6e71e8) returned 0x0 [0207.074] IUnknown:QueryInterface (in: This=0x6e71e8, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee6c | out: ppvObject=0x37ee6c*=0x6e71ec) returned 0x0 [0207.074] IClientSecurity:QueryBlanket (in: This=0x6e71ec, pProxy=0x6e71e8, pAuthnSvc=0x37eebc, pAuthzSvc=0x37eeb8, pServerPrincName=0x37eeb0, pAuthnLevel=0x37eeb4, pImpLevel=0x37eea4, pAuthInfo=0x37eea8, pCapabilites=0x37eeac | out: pAuthnSvc=0x37eebc*=0xa, pAuthzSvc=0x37eeb8*=0x0, pServerPrincName=0x37eeb0, pAuthnLevel=0x37eeb4*=0x6, pImpLevel=0x37eea4*=0x2, pAuthInfo=0x37eea8, pCapabilites=0x37eeac*=0x1) returned 0x0 [0207.074] IUnknown:Release (This=0x6e71ec) returned 0x1 [0207.074] IUnknown:QueryInterface (in: This=0x6e71e8, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee60 | out: ppvObject=0x37ee60*=0x732ce4) returned 0x0 [0207.074] IUnknown:QueryInterface (in: This=0x6e71e8, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee4c | out: ppvObject=0x37ee4c*=0x6e71ec) returned 0x0 [0207.074] IClientSecurity:SetBlanket (This=0x6e71ec, pProxy=0x6e71e8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.076] IUnknown:Release (This=0x6e71ec) returned 0x2 [0207.076] WbemLocator:IUnknown:Release (This=0x732ce4) returned 0x1 [0207.076] CoTaskMemFree (pv=0x5244218) [0207.076] IUnknown:AddRef (This=0x6e71e8) returned 0x2 [0207.077] CoGetContextToken (in: pToken=0x37e37c | out: pToken=0x37e37c) returned 0x0 [0207.077] CoGetContextToken (in: pToken=0x37e78c | out: pToken=0x37e78c) returned 0x0 [0207.077] IUnknown:QueryInterface (in: This=0x6e71e8, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e728 | out: ppvObject=0x37e728*=0x732ccc) returned 0x0 [0207.077] WbemLocator:IRpcOptions:Query (in: This=0x732ccc, pPrx=0x524a9b8, dwProperty=2, pdwValue=0x37e81c | out: pdwValue=0x37e81c) returned 0x80004002 [0207.077] WbemLocator:IUnknown:Release (This=0x732ccc) returned 0x2 [0207.077] CoGetContextToken (in: pToken=0x37ed5c | out: pToken=0x37ed5c) returned 0x0 [0207.077] CoGetContextToken (in: pToken=0x37ecbc | out: pToken=0x37ecbc) returned 0x0 [0207.077] IUnknown:QueryInterface (in: This=0x6e71e8, riid=0x37ed8c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ec58 | out: ppvObject=0x37ec58*=0x6e71e8) returned 0x0 [0207.077] IUnknown:Release (This=0x6e71e8) returned 0x2 [0207.078] SysStringLen (param_1=0x0) returned 0x0 [0207.078] IEnumWbemClassObject:Reset (This=0x6e71e8) returned 0x0 [0207.079] CoTaskMemAlloc (cb=0x4) returned 0x522c780 [0207.079] IEnumWbemClassObject:Next (in: This=0x6e71e8, lTimeout=-1, uCount=0x1, apObjects=0x522c780, puReturned=0x2467da0 | out: apObjects=0x522c780*=0x522fde8, puReturned=0x2467da0*=0x1) returned 0x0 [0207.083] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e604 | out: ppvObject=0x37e604*=0x522fde8) returned 0x0 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e5b8 | out: ppvObject=0x37e5b8*=0x0) returned 0x80004002 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e3e0 | out: ppvObject=0x37e3e0*=0x0) returned 0x80004002 [0207.084] IUnknown:AddRef (This=0x522fde8) returned 0x3 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37df14 | out: ppvObject=0x37df14*=0x0) returned 0x80004002 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37dec4 | out: ppvObject=0x37dec4*=0x0) returned 0x80004002 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ded0 | out: ppvObject=0x37ded0*=0x522fdec) returned 0x0 [0207.084] IMarshal:GetUnmarshalClass (in: This=0x522fdec, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37ded8 | out: pCid=0x37ded8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0207.084] IUnknown:Release (This=0x522fdec) returned 0x3 [0207.084] CoGetContextToken (in: pToken=0x37df30 | out: pToken=0x37df30) returned 0x0 [0207.084] CoGetContextToken (in: pToken=0x37e344 | out: pToken=0x37e344) returned 0x0 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3c4 | out: ppvObject=0x37e3c4*=0x0) returned 0x80004002 [0207.084] IUnknown:Release (This=0x522fde8) returned 0x2 [0207.084] CoGetContextToken (in: pToken=0x37e934 | out: pToken=0x37e934) returned 0x0 [0207.084] CoGetContextToken (in: pToken=0x37e894 | out: pToken=0x37e894) returned 0x0 [0207.084] IUnknown:QueryInterface (in: This=0x522fde8, riid=0x37e964*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e960 | out: ppvObject=0x37e960*=0x522fde8) returned 0x0 [0207.085] IUnknown:AddRef (This=0x522fde8) returned 0x4 [0207.085] IUnknown:Release (This=0x522fde8) returned 0x3 [0207.085] IUnknown:Release (This=0x522fde8) returned 0x2 [0207.085] CoTaskMemFree (pv=0x522c780) [0207.085] CoGetContextToken (in: pToken=0x37eca4 | out: pToken=0x37eca4) returned 0x0 [0207.085] IUnknown:AddRef (This=0x522fde8) returned 0x3 [0207.085] CoTaskMemAlloc (cb=0x4) returned 0x522c780 [0207.085] IEnumWbemClassObject:Next (in: This=0x6e71e8, lTimeout=-1, uCount=0x1, apObjects=0x522c780, puReturned=0x2467da0 | out: apObjects=0x522c780*=0x0, puReturned=0x2467da0*=0x0) returned 0x1 [0207.086] CoTaskMemFree (pv=0x522c780) [0207.086] CoGetContextToken (in: pToken=0x37ee0c | out: pToken=0x37ee0c) returned 0x0 [0207.086] IEnumWbemClassObject:Clone (in: This=0x6e7058, ppEnum=0x37efc0 | out: ppEnum=0x37efc0*=0x6e72b0) returned 0x0 [0207.087] IUnknown:QueryInterface (in: This=0x6e72b0, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee7c | out: ppvObject=0x37ee7c*=0x6e72b4) returned 0x0 [0207.087] IClientSecurity:QueryBlanket (in: This=0x6e72b4, pProxy=0x6e72b0, pAuthnSvc=0x37eecc, pAuthzSvc=0x37eec8, pServerPrincName=0x37eec0, pAuthnLevel=0x37eec4, pImpLevel=0x37eeb4, pAuthInfo=0x37eeb8, pCapabilites=0x37eebc | out: pAuthnSvc=0x37eecc*=0xa, pAuthzSvc=0x37eec8*=0x0, pServerPrincName=0x37eec0, pAuthnLevel=0x37eec4*=0x6, pImpLevel=0x37eeb4*=0x2, pAuthInfo=0x37eeb8, pCapabilites=0x37eebc*=0x1) returned 0x0 [0207.087] IUnknown:Release (This=0x6e72b4) returned 0x1 [0207.088] IUnknown:QueryInterface (in: This=0x6e72b0, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee70 | out: ppvObject=0x37ee70*=0x7330a4) returned 0x0 [0207.088] IUnknown:QueryInterface (in: This=0x6e72b0, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee5c | out: ppvObject=0x37ee5c*=0x6e72b4) returned 0x0 [0207.088] IClientSecurity:SetBlanket (This=0x6e72b4, pProxy=0x6e72b0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.090] IUnknown:Release (This=0x6e72b4) returned 0x2 [0207.090] WbemLocator:IUnknown:Release (This=0x7330a4) returned 0x1 [0207.090] CoTaskMemFree (pv=0x52443c8) [0207.090] IUnknown:AddRef (This=0x6e72b0) returned 0x2 [0207.090] CoGetContextToken (in: pToken=0x37e38c | out: pToken=0x37e38c) returned 0x0 [0207.090] CoGetContextToken (in: pToken=0x37e79c | out: pToken=0x37e79c) returned 0x0 [0207.090] IUnknown:QueryInterface (in: This=0x6e72b0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e738 | out: ppvObject=0x37e738*=0x73308c) returned 0x0 [0207.091] WbemLocator:IRpcOptions:Query (in: This=0x73308c, pPrx=0x524aa78, dwProperty=2, pdwValue=0x37e82c | out: pdwValue=0x37e82c) returned 0x80004002 [0207.091] WbemLocator:IUnknown:Release (This=0x73308c) returned 0x2 [0207.091] CoGetContextToken (in: pToken=0x37ed6c | out: pToken=0x37ed6c) returned 0x0 [0207.091] CoGetContextToken (in: pToken=0x37eccc | out: pToken=0x37eccc) returned 0x0 [0207.091] IUnknown:QueryInterface (in: This=0x6e72b0, riid=0x37ed9c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ec68 | out: ppvObject=0x37ec68*=0x6e72b0) returned 0x0 [0207.091] IUnknown:Release (This=0x6e72b0) returned 0x2 [0207.091] SysStringLen (param_1=0x0) returned 0x0 [0207.091] IEnumWbemClassObject:Reset (This=0x6e72b0) returned 0x0 [0207.092] CoTaskMemAlloc (cb=0x4) returned 0x522c7b0 [0207.092] IEnumWbemClassObject:Next (in: This=0x6e72b0, lTimeout=-1, uCount=0x1, apObjects=0x522c7b0, puReturned=0x2467e84 | out: apObjects=0x522c7b0*=0x5230118, puReturned=0x2467e84*=0x1) returned 0x0 [0207.094] IUnknown:QueryInterface (in: This=0x5230118, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e614 | out: ppvObject=0x37e614*=0x5230118) returned 0x0 [0207.094] IUnknown:QueryInterface (in: This=0x5230118, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e5c8 | out: ppvObject=0x37e5c8*=0x0) returned 0x80004002 [0207.094] IUnknown:QueryInterface (in: This=0x5230118, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e3f0 | out: ppvObject=0x37e3f0*=0x0) returned 0x80004002 [0207.095] IUnknown:AddRef (This=0x5230118) returned 0x3 [0207.095] IUnknown:QueryInterface (in: This=0x5230118, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37df24 | out: ppvObject=0x37df24*=0x0) returned 0x80004002 [0207.095] IUnknown:QueryInterface (in: This=0x5230118, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37ded4 | out: ppvObject=0x37ded4*=0x0) returned 0x80004002 [0207.095] IUnknown:QueryInterface (in: This=0x5230118, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dee0 | out: ppvObject=0x37dee0*=0x523011c) returned 0x0 [0207.095] IMarshal:GetUnmarshalClass (in: This=0x523011c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37dee8 | out: pCid=0x37dee8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0207.095] IUnknown:Release (This=0x523011c) returned 0x3 [0207.095] CoGetContextToken (in: pToken=0x37df40 | out: pToken=0x37df40) returned 0x0 [0207.095] CoGetContextToken (in: pToken=0x37e354 | out: pToken=0x37e354) returned 0x0 [0207.095] IUnknown:QueryInterface (in: This=0x5230118, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3d4 | out: ppvObject=0x37e3d4*=0x0) returned 0x80004002 [0207.095] IUnknown:Release (This=0x5230118) returned 0x2 [0207.095] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0207.095] CoGetContextToken (in: pToken=0x37e8a4 | out: pToken=0x37e8a4) returned 0x0 [0207.095] IUnknown:QueryInterface (in: This=0x5230118, riid=0x37e974*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e970 | out: ppvObject=0x37e970*=0x5230118) returned 0x0 [0207.095] IUnknown:AddRef (This=0x5230118) returned 0x4 [0207.095] IUnknown:Release (This=0x5230118) returned 0x3 [0207.095] IUnknown:Release (This=0x5230118) returned 0x2 [0207.095] CoTaskMemFree (pv=0x522c7b0) [0207.096] CoGetContextToken (in: pToken=0x37ecb4 | out: pToken=0x37ecb4) returned 0x0 [0207.096] IUnknown:AddRef (This=0x5230118) returned 0x3 [0207.096] IWbemClassObject:Get (in: This=0x5230118, wszName="__GENUS", lFlags=0, pVal=0x37efb0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f030*=0, plFlavor=0x37f02c*=0 | out: pVal=0x37efb0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f030*=3, plFlavor=0x37f02c*=64) returned 0x0 [0207.096] IWbemClassObject:Get (in: This=0x5230118, wszName="__PATH", lFlags=0, pVal=0x37ef94*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f018*=0, plFlavor=0x37f014*=0 | out: pVal=0x37ef94*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"", varVal2=0x0), pType=0x37f018*=8, plFlavor=0x37f014*=64) returned 0x0 [0207.097] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0207.097] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x82 [0207.097] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x44c [0207.097] SetEvent (hEvent=0x2b4) returned 1 [0207.098] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef6c*=0x44c, lpdwindex=0x37ed90 | out: lpdwindex=0x37ed90) returned 0x0 [0207.100] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0207.100] CoGetContextToken (in: pToken=0x37eda4 | out: pToken=0x37eda4) returned 0x0 [0207.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x37ee74*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee70 | out: ppvObject=0x37ee70*=0x731af0) returned 0x0 [0207.100] WbemDefPath:IUnknown:AddRef (This=0x731af0) returned 0x3 [0207.100] WbemDefPath:IUnknown:Release (This=0x731af0) returned 0x2 [0207.101] WbemDefPath:IWbemPath:SetText (This=0x731af0, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"Q9IATRKPRH\"") returned 0x0 [0207.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37efec | out: puCount=0x37efec*=0x2) returned 0x0 [0207.101] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efe8*=0x0, pszText=0x0 | out: puBuffLength=0x37efe8*=0xf, pszText=0x0) returned 0x0 [0207.101] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efe8*=0xf, pszText="00000000000000" | out: puBuffLength=0x37efe8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.101] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37efe0 | out: puCount=0x37efe0*=0x2) returned 0x0 [0207.101] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efdc*=0x0, pszText=0x0 | out: puBuffLength=0x37efdc*=0xf, pszText=0x0) returned 0x0 [0207.101] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efdc*=0xf, pszText="00000000000000" | out: puBuffLength=0x37efdc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.101] IWbemClassObject:Get (in: This=0x5230118, wszName="Name", lFlags=0, pVal=0x37efdc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24686fc*=0, plFlavor=0x2468700*=0 | out: pVal=0x37efdc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x24686fc*=8, plFlavor=0x2468700*=0) returned 0x0 [0207.101] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0207.101] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0207.101] IWbemClassObject:Get (in: This=0x5230118, wszName="Name", lFlags=0, pVal=0x37efe4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x24686fc*=8, plFlavor=0x2468700*=0 | out: pVal=0x37efe4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x24686fc*=8, plFlavor=0x2468700*=0) returned 0x0 [0207.101] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0207.101] SysStringByteLen (bstr="Microsoft Windows 7 Professional |C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x92 [0207.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37eff8 | out: puCount=0x37eff8*=0x2) returned 0x0 [0207.128] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37eff4*=0x0, pszText=0x0 | out: puBuffLength=0x37eff4*=0xf, pszText=0x0) returned 0x0 [0207.128] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37eff4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eff4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.138] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37eea0*=0x460, lpdwindex=0x37ed58 | out: lpdwindex=0x37ed58) returned 0x0 [0207.148] CoGetContextToken (in: pToken=0x37ed64 | out: pToken=0x37ed64) returned 0x0 [0207.148] CoGetContextToken (in: pToken=0x37ecc4 | out: pToken=0x37ecc4) returned 0x0 [0207.148] CoGetContextToken (in: pToken=0x37ecc4 | out: pToken=0x37ecc4) returned 0x0 [0207.148] CoGetContextToken (in: pToken=0x37ec64 | out: pToken=0x37ec64) returned 0x0 [0207.148] IUnknown:QueryInterface (in: This=0x6ad938, riid=0x71938ae0*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ec3c | out: ppvObject=0x37ec3c*=0x6ad948) returned 0x0 [0207.148] CObjectContext::ContextCallback () returned 0x0 [0207.150] IUnknown:Release (This=0x6ad948) returned 0x1 [0207.150] CoUnmarshalInterface (in: pStm=0x5231e30, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x37ecb8 | out: ppv=0x37ecb8*=0x733464) returned 0x0 [0207.150] CoMarshalInterface (pStm=0x5231e30, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x733464, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0207.150] WbemLocator:IUnknown:QueryInterface (in: This=0x733464, riid=0x37ed94*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x37ed90 | out: ppvObject=0x37ed90*=0x5242858) returned 0x0 [0207.151] WbemLocator:IUnknown:Release (This=0x733464) returned 0x1 [0207.151] IWbemServices:ExecQuery (in: This=0x5242858, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x37ef68 | out: ppEnum=0x37ef68*=0x6e7440) returned 0x0 [0207.162] IUnknown:QueryInterface (in: This=0x6e7440, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edc4 | out: ppvObject=0x37edc4*=0x6e7444) returned 0x0 [0207.162] IClientSecurity:QueryBlanket (in: This=0x6e7444, pProxy=0x6e7440, pAuthnSvc=0x37ee14, pAuthzSvc=0x37ee10, pServerPrincName=0x37ee08, pAuthnLevel=0x37ee0c, pImpLevel=0x37edfc, pAuthInfo=0x37ee00, pCapabilites=0x37ee04 | out: pAuthnSvc=0x37ee14*=0xa, pAuthzSvc=0x37ee10*=0x0, pServerPrincName=0x37ee08, pAuthnLevel=0x37ee0c*=0x6, pImpLevel=0x37edfc*=0x2, pAuthInfo=0x37ee00, pCapabilites=0x37ee04*=0x1) returned 0x0 [0207.162] IUnknown:Release (This=0x6e7444) returned 0x1 [0207.162] IUnknown:QueryInterface (in: This=0x6e7440, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37edb8 | out: ppvObject=0x37edb8*=0x733554) returned 0x0 [0207.162] IUnknown:QueryInterface (in: This=0x6e7440, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37eda4 | out: ppvObject=0x37eda4*=0x6e7444) returned 0x0 [0207.162] IClientSecurity:SetBlanket (This=0x6e7444, pProxy=0x6e7440, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.262] IUnknown:Release (This=0x6e7444) returned 0x2 [0207.262] WbemLocator:IUnknown:Release (This=0x733554) returned 0x1 [0207.262] CoTaskMemFree (pv=0x52444e8) [0207.262] IUnknown:AddRef (This=0x6e7440) returned 0x2 [0207.263] CoGetContextToken (in: pToken=0x37e2e4 | out: pToken=0x37e2e4) returned 0x0 [0207.263] CoGetContextToken (in: pToken=0x37e6f4 | out: pToken=0x37e6f4) returned 0x0 [0207.263] IUnknown:QueryInterface (in: This=0x6e7440, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e690 | out: ppvObject=0x37e690*=0x73353c) returned 0x0 [0207.263] WbemLocator:IRpcOptions:Query (in: This=0x73353c, pPrx=0x524ad18, dwProperty=2, pdwValue=0x37e784 | out: pdwValue=0x37e784) returned 0x80004002 [0207.263] WbemLocator:IUnknown:Release (This=0x73353c) returned 0x2 [0207.263] CoGetContextToken (in: pToken=0x37ecc4 | out: pToken=0x37ecc4) returned 0x0 [0207.263] CoGetContextToken (in: pToken=0x37ec24 | out: pToken=0x37ec24) returned 0x0 [0207.263] IUnknown:QueryInterface (in: This=0x6e7440, riid=0x37ecf4*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ebc0 | out: ppvObject=0x37ebc0*=0x6e7440) returned 0x0 [0207.264] IUnknown:Release (This=0x6e7440) returned 0x2 [0207.264] WbemLocator:IUnknown:Release (This=0x5242858) returned 0x0 [0207.264] SysStringLen (param_1=0x0) returned 0x0 [0207.264] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37efb4 | out: puCount=0x37efb4*=0x2) returned 0x0 [0207.264] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efb0*=0x0, pszText=0x0 | out: puBuffLength=0x37efb0*=0xf, pszText=0x0) returned 0x0 [0207.264] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efb0*=0xf, pszText="00000000000000" | out: puBuffLength=0x37efb0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.264] CoGetContextToken (in: pToken=0x37ee0c | out: pToken=0x37ee0c) returned 0x0 [0207.264] IEnumWbemClassObject:Clone (in: This=0x6e7440, ppEnum=0x37efc0 | out: ppEnum=0x37efc0*=0x6e7508) returned 0x0 [0207.355] IUnknown:QueryInterface (in: This=0x6e7508, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee7c | out: ppvObject=0x37ee7c*=0x6e750c) returned 0x0 [0207.355] IClientSecurity:QueryBlanket (in: This=0x6e750c, pProxy=0x6e7508, pAuthnSvc=0x37eecc, pAuthzSvc=0x37eec8, pServerPrincName=0x37eec0, pAuthnLevel=0x37eec4, pImpLevel=0x37eeb4, pAuthInfo=0x37eeb8, pCapabilites=0x37eebc | out: pAuthnSvc=0x37eecc*=0xa, pAuthzSvc=0x37eec8*=0x0, pServerPrincName=0x37eec0, pAuthnLevel=0x37eec4*=0x6, pImpLevel=0x37eeb4*=0x2, pAuthInfo=0x37eeb8, pCapabilites=0x37eebc*=0x1) returned 0x0 [0207.355] IUnknown:Release (This=0x6e750c) returned 0x1 [0207.355] IUnknown:QueryInterface (in: This=0x6e7508, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee70 | out: ppvObject=0x37ee70*=0x733464) returned 0x0 [0207.355] IUnknown:QueryInterface (in: This=0x6e7508, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37ee5c | out: ppvObject=0x37ee5c*=0x6e750c) returned 0x0 [0207.355] IClientSecurity:SetBlanket (This=0x6e750c, pProxy=0x6e7508, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.541] IUnknown:Release (This=0x6e750c) returned 0x2 [0207.541] WbemLocator:IUnknown:Release (This=0x733464) returned 0x1 [0207.542] CoTaskMemFree (pv=0x52443f8) [0207.542] IUnknown:AddRef (This=0x6e7508) returned 0x2 [0207.542] CoGetContextToken (in: pToken=0x37e38c | out: pToken=0x37e38c) returned 0x0 [0207.543] CoGetContextToken (in: pToken=0x37e79c | out: pToken=0x37e79c) returned 0x0 [0207.543] IUnknown:QueryInterface (in: This=0x6e7508, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e738 | out: ppvObject=0x37e738*=0x73344c) returned 0x0 [0207.543] WbemLocator:IRpcOptions:Query (in: This=0x73344c, pPrx=0x524ad90, dwProperty=2, pdwValue=0x37e82c | out: pdwValue=0x37e82c) returned 0x80004002 [0207.543] WbemLocator:IUnknown:Release (This=0x73344c) returned 0x2 [0207.543] CoGetContextToken (in: pToken=0x37ed6c | out: pToken=0x37ed6c) returned 0x0 [0207.543] CoGetContextToken (in: pToken=0x37eccc | out: pToken=0x37eccc) returned 0x0 [0207.543] IUnknown:QueryInterface (in: This=0x6e7508, riid=0x37ed9c*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x37ec68 | out: ppvObject=0x37ec68*=0x6e7508) returned 0x0 [0207.544] IUnknown:Release (This=0x6e7508) returned 0x2 [0207.544] SysStringLen (param_1=0x0) returned 0x0 [0207.544] IEnumWbemClassObject:Reset (This=0x6e7508) returned 0x0 [0207.653] CoTaskMemAlloc (cb=0x4) returned 0x52527a0 [0207.653] IEnumWbemClassObject:Next (in: This=0x6e7508, lTimeout=-1, uCount=0x1, apObjects=0x52527a0, puReturned=0x2469420 | out: apObjects=0x52527a0*=0x5230448, puReturned=0x2469420*=0x1) returned 0x0 [0210.886] IUnknown:QueryInterface (in: This=0x5230448, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e614 | out: ppvObject=0x37e614*=0x5230448) returned 0x0 [0210.886] IUnknown:QueryInterface (in: This=0x5230448, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x37e5c8 | out: ppvObject=0x37e5c8*=0x0) returned 0x80004002 [0210.886] IUnknown:QueryInterface (in: This=0x5230448, riid=0x71881e84*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x37e3f0 | out: ppvObject=0x37e3f0*=0x0) returned 0x80004002 [0210.887] IUnknown:AddRef (This=0x5230448) returned 0x3 [0210.887] IUnknown:QueryInterface (in: This=0x5230448, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x37df24 | out: ppvObject=0x37df24*=0x0) returned 0x80004002 [0210.887] IUnknown:QueryInterface (in: This=0x5230448, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x37ded4 | out: ppvObject=0x37ded4*=0x0) returned 0x80004002 [0210.887] IUnknown:QueryInterface (in: This=0x5230448, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37dee0 | out: ppvObject=0x37dee0*=0x523044c) returned 0x0 [0210.887] IMarshal:GetUnmarshalClass (in: This=0x523044c, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x37dee8 | out: pCid=0x37dee8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0210.887] IUnknown:Release (This=0x523044c) returned 0x3 [0210.887] CoGetContextToken (in: pToken=0x37df40 | out: pToken=0x37df40) returned 0x0 [0210.887] CoGetContextToken (in: pToken=0x37e354 | out: pToken=0x37e354) returned 0x0 [0210.887] IUnknown:QueryInterface (in: This=0x5230448, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x37e3d4 | out: ppvObject=0x37e3d4*=0x0) returned 0x80004002 [0210.887] IUnknown:Release (This=0x5230448) returned 0x2 [0210.887] CoGetContextToken (in: pToken=0x37e944 | out: pToken=0x37e944) returned 0x0 [0210.888] CoGetContextToken (in: pToken=0x37e8a4 | out: pToken=0x37e8a4) returned 0x0 [0210.888] IUnknown:QueryInterface (in: This=0x5230448, riid=0x37e974*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x37e970 | out: ppvObject=0x37e970*=0x5230448) returned 0x0 [0210.888] IUnknown:AddRef (This=0x5230448) returned 0x4 [0210.888] IUnknown:Release (This=0x5230448) returned 0x3 [0210.888] IUnknown:Release (This=0x5230448) returned 0x2 [0210.888] CoTaskMemFree (pv=0x52527a0) [0210.888] CoGetContextToken (in: pToken=0x37ecb4 | out: pToken=0x37ecb4) returned 0x0 [0210.888] IUnknown:AddRef (This=0x5230448) returned 0x3 [0210.888] IWbemClassObject:Get (in: This=0x5230448, wszName="__GENUS", lFlags=0, pVal=0x37efb0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f030*=0, plFlavor=0x37f02c*=0 | out: pVal=0x37efb0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x37f030*=3, plFlavor=0x37f02c*=64) returned 0x0 [0210.889] IWbemClassObject:Get (in: This=0x5230448, wszName="__PATH", lFlags=0, pVal=0x37ef94*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x37f018*=0, plFlavor=0x37f014*=0 | out: pVal=0x37ef94*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x37f018*=8, plFlavor=0x37f014*=64) returned 0x0 [0210.889] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0210.889] SysStringByteLen (bstr="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6e [0210.890] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x464 [0210.890] SetEvent (hEvent=0x2b4) returned 1 [0210.890] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x37ef6c*=0x464, lpdwindex=0x37ed90 | out: lpdwindex=0x37ed90) returned 0x0 [0210.896] CoGetContextToken (in: pToken=0x37ee44 | out: pToken=0x37ee44) returned 0x0 [0210.896] CoGetContextToken (in: pToken=0x37eda4 | out: pToken=0x37eda4) returned 0x0 [0210.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x37ee74*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x37ee70 | out: ppvObject=0x37ee70*=0x731b60) returned 0x0 [0210.897] WbemDefPath:IUnknown:AddRef (This=0x731b60) returned 0x3 [0210.897] WbemDefPath:IUnknown:Release (This=0x731b60) returned 0x2 [0210.897] WbemDefPath:IWbemPath:SetText (This=0x731b60, uMode=0x4, pszPath="\\\\Q9IATRKPRH\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0210.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37efec | out: puCount=0x37efec*=0x2) returned 0x0 [0210.897] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efe8*=0x0, pszText=0x0 | out: puBuffLength=0x37efe8*=0xf, pszText=0x0) returned 0x0 [0210.897] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efe8*=0xf, pszText="00000000000000" | out: puBuffLength=0x37efe8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.904] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37efbc | out: puCount=0x37efbc*=0x2) returned 0x0 [0210.904] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efb8*=0x0, pszText=0x0 | out: puBuffLength=0x37efb8*=0xf, pszText=0x0) returned 0x0 [0210.904] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37efb8*=0xf, pszText="00000000000000" | out: puBuffLength=0x37efb8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.905] IWbemClassObject:Get (in: This=0x5230448, wszName="Name", lFlags=0, pVal=0x37efb8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2469c90*=0, plFlavor=0x2469c94*=0 | out: pVal=0x37efb8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2469c90*=8, plFlavor=0x2469c94*=0) returned 0x0 [0210.905] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0210.905] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0210.905] IWbemClassObject:Get (in: This=0x5230448, wszName="Name", lFlags=0, pVal=0x37efc0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2469c90*=8, plFlavor=0x2469c94*=0 | out: pVal=0x37efc0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2469c90*=8, plFlavor=0x2469c94*=0) returned 0x0 [0210.905] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0210.905] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0210.905] CoTaskMemAlloc (cb=0x4) returned 0x52527e0 [0210.905] IEnumWbemClassObject:Next (in: This=0x6e7508, lTimeout=-1, uCount=0x1, apObjects=0x52527e0, puReturned=0x2469420 | out: apObjects=0x52527e0*=0x0, puReturned=0x2469420*=0x0) returned 0x1 [0210.907] CoTaskMemFree (pv=0x52527e0) [0210.907] CoGetContextToken (in: pToken=0x37eee4 | out: pToken=0x37eee4) returned 0x0 [0210.907] IUnknown:Release (This=0x6e7508) returned 0x1 [0210.907] IUnknown:Release (This=0x6e7508) returned 0x0 [0210.913] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x37eff8 | out: puCount=0x37eff8*=0x2) returned 0x0 [0210.913] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37eff4*=0x0, pszText=0x0 | out: puBuffLength=0x37eff4*=0xf, pszText=0x0) returned 0x0 [0210.913] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=4, puBuffLength=0x37eff4*=0xf, pszText="00000000000000" | out: puBuffLength=0x37eff4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0210.916] GlobalMemoryStatusEx (in: lpBuffer=0x2469ecc | out: lpBuffer=0x2469ecc) returned 1 [0211.039] GetCurrentProcess () returned 0xffffffff [0211.039] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ec04 | out: TokenHandle=0x37ec04*=0x468) returned 1 [0211.045] CloseHandle (hObject=0x468) returned 1 [0211.045] GetCurrentProcess () returned 0xffffffff [0211.045] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ec1c | out: TokenHandle=0x37ec1c*=0x468) returned 1 [0211.046] CloseHandle (hObject=0x468) returned 1 [0211.069] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x37ef30 | out: pFixedInfo=0x0, pOutBufLen=0x37ef30) returned 0x6f [0211.110] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x5256578 [0211.111] GetNetworkParams (in: pFixedInfo=0x5256578, pOutBufLen=0x37ef30 | out: pFixedInfo=0x5256578, pOutBufLen=0x37ef30) returned 0x0 [0211.128] LocalFree (hMem=0x5256578) returned 0x0 [0211.140] SystemFunction041 (in: Memory=0x52450a4, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x52450a4) returned 0x0 [0211.146] SysStringLen (param_1="logs@multimetals.cfd\x08") returned 0x18 [0211.146] SystemFunction040 (in: Memory=0x5251be4, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x5251be4) returned 0x0 [0211.171] GetCurrentProcess () returned 0xffffffff [0211.172] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb4c | out: TokenHandle=0x37eb4c*=0x478) returned 1 [0211.173] CloseHandle (hObject=0x478) returned 1 [0211.173] GetCurrentProcess () returned 0xffffffff [0211.173] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb64 | out: TokenHandle=0x37eb64*=0x478) returned 1 [0211.173] CloseHandle (hObject=0x478) returned 1 [0211.179] SetEvent (hEvent=0x1e4) returned 1 [0211.200] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x37ec70 | out: lpWSAData=0x37ec70) returned 0 [0211.210] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4b0 [0211.230] setsockopt (s=0x4b0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0211.230] closesocket (s=0x4b0) returned 0 [0211.231] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4b0 [0211.236] setsockopt (s=0x4b0, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0211.236] closesocket (s=0x4b0) returned 0 [0211.240] GetCurrentProcess () returned 0xffffffff [0211.240] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ea70 | out: TokenHandle=0x37ea70*=0x4b0) returned 1 [0211.245] CloseHandle (hObject=0x4b0) returned 1 [0211.245] GetCurrentProcess () returned 0xffffffff [0211.245] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ea88 | out: TokenHandle=0x37ea88*=0x4b0) returned 1 [0211.246] CloseHandle (hObject=0x4b0) returned 1 [0211.265] CreateSemaphoreA (lpSemaphoreAttributes=0x0, lInitialCount=0, lMaximumCount=1048576, lpName=0x0) returned 0x4b0 [0211.267] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x4b4 [0211.272] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x4b8 [0211.273] SetEvent (hEvent=0x1e4) returned 1 [0211.274] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x186a0, cHandles=0x3, pHandles=0x37eda0*=0x4b0, lpdwindex=0x37ec64 | out: lpdwindex=0x37ec64) returned 0x0 [0211.275] ReleaseMutex (hMutex=0x4b8) returned 1 [0211.277] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0211.278] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c0 [0211.279] GetAddrInfoW (in: pNodeName="multimetals.cfd", pServiceName=0x0, pHints=0x37ed54*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x37ecfc | out: ppResult=0x37ecfc*=0x753080*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="multimetals.cfd", ai_addr=0x5256228*(sa_family=2, sin_port=0x0, sin_addr="192.185.37.183"), ai_next=0x0)) returned 0 [0211.645] FreeAddrInfoW (pAddrInfo=0x753080*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="multimetals.cfd", ai_addr=0x5256228*(sa_family=2, sin_port=0x0, sin_addr="192.185.37.183"), ai_next=0x0)) [0211.649] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4c8 [0211.650] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0 [0211.651] ioctlsocket (in: s=0x4c8, cmd=-2147195266, argp=0x37ed2c | out: argp=0x37ed2c) returned 0 [0211.652] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4d4 [0211.652] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d8 [0211.652] ioctlsocket (in: s=0x4d4, cmd=-2147195266, argp=0x37ed2c | out: argp=0x37ed2c) returned 0 [0211.653] WSAIoctl (in: s=0x4c8, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x37ed14, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x37ed14, lpOverlapped=0x0) returned -1 [0211.654] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x37ea44, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0211.655] WSAEventSelect (s=0x4c8, hEventObject=0x4d0, lNetworkEvents=512) returned 0 [0211.655] WSAIoctl (in: s=0x4d4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x37ed14, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x37ed14, lpOverlapped=0x0) returned -1 [0211.655] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x37ea44, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0211.655] WSAEventSelect (s=0x4d4, hEventObject=0x4d8, lNetworkEvents=512) returned 0 [0211.656] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x37ed10*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x37ed10*=0x7ec) returned 0x6f [0211.669] LocalAlloc (uFlags=0x0, uBytes=0x7ec) returned 0x5268db8 [0211.669] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5268db8, SizePointer=0x37ed10*=0x7ec | out: AdapterAddresses=0x5268db8*(Alignment=0x1000000178, Length=0x178, IfIndex=0x10, Next=0x5269084, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x5268ff8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x7, [2]=0x7d, [3]=0xd7, [4]=0x58, [5]=0x38, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x5268f30*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x37ed10*=0x7ec) returned 0x0 [0211.688] LocalFree (hMem=0x5268db8) returned 0x0 [0211.689] WSAConnect (in: s=0x4bc, name=0x2474160*(sa_family=2, sin_port=0x24b, sin_addr="192.185.37.183"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0211.870] closesocket (s=0x4c0) returned 0 [0211.871] setsockopt (s=0x4bc, level=6, optname=1, optval="\x01", optlen=4) returned 0 [0211.878] recv (in: s=0x4bc, buf=0x2474254, len=256, flags=0 | out: buf=0x2474254*) returned 181 [0212.565] send (s=0x4bc, buf=0x246dc98*, len=17, flags=0) returned 17 [0212.567] recv (in: s=0x4bc, buf=0x2474254, len=256, flags=0 | out: buf=0x2474254*) returned 209 [0212.739] send (s=0x4bc, buf=0x246dc98*, len=10, flags=0) returned 10 [0212.739] recv (in: s=0x4bc, buf=0x2474254, len=256, flags=0 | out: buf=0x2474254*) returned 18 [0212.927] EnumerateSecurityPackagesW (in: pcPackages=0x37ed80, ppPackageInfo=0x37ed14 | out: pcPackages=0x37ed80, ppPackageInfo=0x37ed14) returned 0x0 [0212.939] FreeContextBuffer (in: pvContextBuffer=0x5268db8 | out: pvContextBuffer=0x5268db8) returned 0x0 [0212.944] GetCurrentProcess () returned 0xffffffff [0212.944] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37eb3c | out: TokenHandle=0x37eb3c*=0x4cc) returned 1 [0212.946] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x24757e4, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x37eb90, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x2476e74, ptsExpiry=0x37eb14 | out: phCredential=0x2476e74, ptsExpiry=0x37eb14) returned 0x0 [0212.954] CloseHandle (hObject=0x4cc) returned 1 [0212.956] InitializeSecurityContextW (in: phCredential=0x37eb60, phContext=0x0, pTargetName=0x246c280, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2477078, pOutput=0x2477010, pfContextAttr=0x24757b8, ptsExpiry=0x37eb58 | out: phNewContext=0x2477078, pOutput=0x2477010, pfContextAttr=0x24757b8, ptsExpiry=0x37eb58) returned 0x90312 [0212.957] FreeContextBuffer (in: pvContextBuffer=0x706ce8 | out: pvContextBuffer=0x706ce8) returned 0x0 [0212.959] send (s=0x4bc, buf=0x247708c*, len=157, flags=0) returned 157 [0212.960] recv (in: s=0x4bc, buf=0x247708c, len=5, flags=0 | out: buf=0x247708c*) returned 5 [0213.137] recv (in: s=0x4bc, buf=0x2477091, len=85, flags=0 | out: buf=0x2477091*) returned 85 [0213.137] InitializeSecurityContextW (in: phCredential=0x37eabc, phContext=0x37eaac, pTargetName=0x246c280, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x24772b8, Reserved2=0x0, phNewContext=0x2477078, pOutput=0x24772cc, pfContextAttr=0x24757b8, ptsExpiry=0x37eab4 | out: phNewContext=0x2477078, pOutput=0x24772cc, pfContextAttr=0x24757b8, ptsExpiry=0x37eab4) returned 0x90312 [0213.138] recv (in: s=0x4bc, buf=0x247735c, len=5, flags=0 | out: buf=0x247735c*) returned 5 [0213.139] recv (in: s=0x4bc, buf=0x2477381, len=4084, flags=0 | out: buf=0x2477381*) returned 2625 [0213.139] recv (in: s=0x4bc, buf=0x2477dc2, len=1459, flags=0 | out: buf=0x2477dc2*) returned 1376 [0213.140] recv (in: s=0x4bc, buf=0x2478322, len=83, flags=0 | out: buf=0x2478322*) returned 83 [0213.140] InitializeSecurityContextW (in: phCredential=0x37ea1c, phContext=0x37ea0c, pTargetName=0x246c280, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x24783e8, Reserved2=0x0, phNewContext=0x2477078, pOutput=0x24783fc, pfContextAttr=0x24757b8, ptsExpiry=0x37ea14 | out: phNewContext=0x2477078, pOutput=0x24783fc, pfContextAttr=0x24757b8, ptsExpiry=0x37ea14) returned 0x90312 [0213.143] recv (in: s=0x4bc, buf=0x247848c, len=5, flags=0 | out: buf=0x247848c*) returned 5 [0213.143] recv (in: s=0x4bc, buf=0x24784a5, len=4, flags=0 | out: buf=0x24784a5*) returned 4 [0213.144] InitializeSecurityContextW (in: phCredential=0x37e97c, phContext=0x37e96c, pTargetName=0x246c280, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x247851c, Reserved2=0x0, phNewContext=0x2477078, pOutput=0x2478530, pfContextAttr=0x24757b8, ptsExpiry=0x37e974 | out: phNewContext=0x2477078, pOutput=0x2478530, pfContextAttr=0x24757b8, ptsExpiry=0x37e974) returned 0x90312 [0213.146] FreeContextBuffer (in: pvContextBuffer=0x525ca30 | out: pvContextBuffer=0x525ca30) returned 0x0 [0213.146] send (s=0x4bc, buf=0x24785ac*, len=358, flags=0) returned 358 [0213.147] recv (in: s=0x4bc, buf=0x24785ac, len=5, flags=0 | out: buf=0x24785ac*) returned 5 [0213.318] recv (in: s=0x4bc, buf=0x24785b1, len=1, flags=0 | out: buf=0x24785b1*) returned 1 [0213.319] InitializeSecurityContextW (in: phCredential=0x37e8dc, phContext=0x37e8cc, pTargetName=0x246c280, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2478798, Reserved2=0x0, phNewContext=0x2477078, pOutput=0x24787ac, pfContextAttr=0x24757b8, ptsExpiry=0x37e8d4 | out: phNewContext=0x2477078, pOutput=0x24787ac, pfContextAttr=0x24757b8, ptsExpiry=0x37e8d4) returned 0x90312 [0213.319] recv (in: s=0x4bc, buf=0x247883c, len=5, flags=0 | out: buf=0x247883c*) returned 5 [0213.319] recv (in: s=0x4bc, buf=0x2478855, len=80, flags=0 | out: buf=0x2478855*) returned 80 [0213.319] InitializeSecurityContextW (in: phCredential=0x37e83c, phContext=0x37e82c, pTargetName=0x246c280, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2478918, Reserved2=0x0, phNewContext=0x2477078, pOutput=0x247892c, pfContextAttr=0x24757b8, ptsExpiry=0x37e834 | out: phNewContext=0x2477078, pOutput=0x247892c, pfContextAttr=0x24757b8, ptsExpiry=0x37e834) returned 0x0 [0213.338] QueryContextAttributesW (in: phContext=0x2477078, ulAttribute=0x4, pBuffer=0x24789d8 | out: pBuffer=0x24789d8) returned 0x0 [0213.338] QueryContextAttributesW (in: phContext=0x2477078, ulAttribute=0x5a, pBuffer=0x2478a30 | out: pBuffer=0x2478a30) returned 0x0 [0213.340] QueryContextAttributesW (in: phContext=0x2477078, ulAttribute=0x53, pBuffer=0x2478adc | out: pBuffer=0x2478adc) returned 0x0 [0213.348] CertDuplicateCRLContext (pCrlContext=0x5242de8) returned 0x5242de8 [0213.349] CertDuplicateStore (hCertStore=0x5245820) returned 0x5245820 [0213.350] CertEnumCertificatesInStore (hCertStore=0x5245820, pPrevCertContext=0x0) returned 0x5242e88 [0213.350] CertDuplicateCRLContext (pCrlContext=0x5242e88) returned 0x5242e88 [0213.350] CertEnumCertificatesInStore (hCertStore=0x5245820, pPrevCertContext=0x5242e88) returned 0x5242e38 [0213.351] CertDuplicateCRLContext (pCrlContext=0x5242e38) returned 0x5242e38 [0213.351] CertEnumCertificatesInStore (hCertStore=0x5245820, pPrevCertContext=0x5242e38) returned 0x5242de8 [0213.351] CertDuplicateCRLContext (pCrlContext=0x5242de8) returned 0x5242de8 [0213.351] CertEnumCertificatesInStore (hCertStore=0x5245820, pPrevCertContext=0x5242de8) returned 0x0 [0213.351] CertCloseStore (hCertStore=0x5245820, dwFlags=0x0) returned 1 [0213.352] CertFreeCRLContext (pCrlContext=0x5242de8) returned 1 [0213.364] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x5245898 [0213.365] CertAddCRLLinkToStore (in: hCertStore=0x5245898, pCrlContext=0x5242e88, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0213.365] CertAddCRLLinkToStore (in: hCertStore=0x5245898, pCrlContext=0x5242e38, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0213.366] CertAddCRLLinkToStore (in: hCertStore=0x5245898, pCrlContext=0x5242de8, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0213.367] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x5232090 [0213.369] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x5242de8, pTime=0x37e848, hAdditionalStore=0x5245898, pChainPara=0x37e788, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x37e77c | out: ppChainContext=0x37e77c) returned 1 [0217.585] LocalFree (hMem=0x5232090) returned 0x0 [0217.586] CertDuplicateCertificateChain (pChainContext=0x5262b78) returned 0x5262b78 [0217.587] CertDuplicateCRLContext (pCrlContext=0x5242de8) returned 0x5242de8 [0217.588] CertDuplicateCRLContext (pCrlContext=0x5e19bc8) returned 0x5e19bc8 [0217.588] CertDuplicateCRLContext (pCrlContext=0x5e19ad8) returned 0x5e19ad8 [0217.588] CertFreeCertificateChain (pChainContext=0x5262b78) [0217.589] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5262b78, pPolicyPara=0x37e928, pPolicyStatus=0x37e914 | out: pPolicyStatus=0x37e914) returned 1 [0217.589] SetLastError (dwErrCode=0x0) [0217.591] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5262b78, pPolicyPara=0x37e988, pPolicyStatus=0x37e93c | out: pPolicyStatus=0x37e93c) returned 1 [0217.592] CertFreeCertificateChain (pChainContext=0x5262b78) [0217.592] CertFreeCRLContext (pCrlContext=0x5242de8) returned 1 [0217.598] EtwEventRegister () returned 0x0 [0217.610] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0217.610] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0217.610] CoTaskMemFree (pv=0x75ad70) [0217.610] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0217.610] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0217.610] CoTaskMemFree (pv=0x75ad70) [0217.611] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0217.611] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0217.611] CoTaskMemFree (pv=0x75ad70) [0217.611] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0217.611] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x75ad70, nSize=0x104 | out: lpBuffer="") returned 0x0 [0217.611] CoTaskMemFree (pv=0x75ad70) [0217.613] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x2481cdc, MessageSeqNo=0x0 | out: pMessage=0x2481cdc) returned 0x0 [0217.615] send (s=0x4bc, buf=0x24807b4*, len=85, flags=0) returned 85 [0217.620] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0217.791] recv (in: s=0x4bc, buf=0x248e145, len=256, flags=0 | out: buf=0x248e145*) returned 256 [0217.792] DecryptMessage (in: phContext=0x2477078, pMessage=0x2492200, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2492200, pfQOP=0x0) returned 0x0 [0217.800] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x2492d28, MessageSeqNo=0x0 | out: pMessage=0x2492d28) returned 0x0 [0217.800] send (s=0x4bc, buf=0x24807b4*, len=101, flags=0) returned 101 [0217.801] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0217.980] recv (in: s=0x4bc, buf=0x248e145, len=80, flags=0 | out: buf=0x248e145*) returned 80 [0217.980] DecryptMessage (in: phContext=0x2477078, pMessage=0x2492ea8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2492ea8, pfQOP=0x0) returned 0x0 [0217.983] SysStringLen (param_1="ᯬ虞\蓛椩ᘅວ♏⯝徧剽ꀀ벾﬒祟⓷瀮᫱⏾鯀黁⊢) returned 0x18 [0217.983] SystemFunction041 (in: Memory=0x5251be4, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x5251be4) returned 0x0 [0217.984] SysStringLen (param_1="logs@multimetals.cfd\x08") returned 0x18 [0217.984] SystemFunction040 (in: Memory=0x5251be4, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x5251be4) returned 0x0 [0217.984] SysStringLen (param_1="logs@multimetals.cfd") returned 0x14 [0217.984] SysStringLen (param_1="logs@multimetals.cfd") returned 0x14 [0217.985] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x24931f8, MessageSeqNo=0x0 | out: pMessage=0x24931f8) returned 0x0 [0217.985] send (s=0x4bc, buf=0x24807b4*, len=85, flags=0) returned 85 [0217.995] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0218.216] recv (in: s=0x4bc, buf=0x248e145, len=80, flags=0 | out: buf=0x248e145*) returned 80 [0218.217] DecryptMessage (in: phContext=0x2477078, pMessage=0x2493378, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2493378, pfQOP=0x0) returned 0x0 [0218.239] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x2493880, MessageSeqNo=0x0 | out: pMessage=0x2493880) returned 0x0 [0218.239] send (s=0x4bc, buf=0x24807b4*, len=101, flags=0) returned 101 [0218.240] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0218.408] recv (in: s=0x4bc, buf=0x248e145, len=64, flags=0 | out: buf=0x248e145*) returned 64 [0218.408] DecryptMessage (in: phContext=0x2477078, pMessage=0x2493a00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2493a00, pfQOP=0x0) returned 0x0 [0218.409] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x2493c90, MessageSeqNo=0x0 | out: pMessage=0x2493c90) returned 0x0 [0218.409] send (s=0x4bc, buf=0x24807b4*, len=101, flags=0) returned 101 [0218.410] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0218.585] recv (in: s=0x4bc, buf=0x248e145, len=64, flags=0 | out: buf=0x248e145*) returned 64 [0218.585] DecryptMessage (in: phContext=0x2477078, pMessage=0x2493e10, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2493e10, pfQOP=0x0) returned 0x0 [0218.586] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x2493fa8, MessageSeqNo=0x0 | out: pMessage=0x2493fa8) returned 0x0 [0218.586] send (s=0x4bc, buf=0x24807b4*, len=69, flags=0) returned 69 [0218.587] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0218.758] recv (in: s=0x4bc, buf=0x248e145, len=112, flags=0 | out: buf=0x248e145*) returned 112 [0218.759] DecryptMessage (in: phContext=0x2477078, pMessage=0x2494134, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x2494134, pfQOP=0x0) returned 0x0 [0218.793] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x249a714, MessageSeqNo=0x0 | out: pMessage=0x249a714) returned 0x0 [0218.793] send (s=0x4bc, buf=0x24807b4*, len=293, flags=0) returned 293 [0218.796] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x249b338, MessageSeqNo=0x0 | out: pMessage=0x249b338) returned 0x0 [0218.796] send (s=0x4bc, buf=0x24807b4*, len=421, flags=0) returned 421 [0218.801] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x249b458, MessageSeqNo=0x0 | out: pMessage=0x249b458) returned 0x0 [0218.802] send (s=0x4bc, buf=0x24807b4*, len=69, flags=0) returned 69 [0218.802] EncryptMessage (in: phContext=0x2477078, fQOP=0x0, pMessage=0x249b578, MessageSeqNo=0x0 | out: pMessage=0x249b578) returned 0x0 [0218.803] send (s=0x4bc, buf=0x24807b4*, len=69, flags=0) returned 69 [0218.803] recv (in: s=0x4bc, buf=0x248e140, len=5, flags=0 | out: buf=0x248e140*) returned 5 [0218.975] recv (in: s=0x4bc, buf=0x248e145, len=80, flags=0 | out: buf=0x248e145*) returned 80 [0218.975] DecryptMessage (in: phContext=0x2477078, pMessage=0x249b6f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x249b6f8, pfQOP=0x0) returned 0x0 [0218.988] ReleaseSemaphore (in: hSemaphore=0x4b0, lReleaseCount=1, lpPreviousCount=0x0 | out: lpPreviousCount=0x0) returned 1 [0219.010] GetCurrentProcess () returned 0xffffffff [0219.010] GetCurrentThread () returned 0xfffffffe [0219.011] GetCurrentProcess () returned 0xffffffff [0219.011] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x37f138, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x37f138*=0x6f4) returned 1 [0219.012] GetCurrentThreadId () returned 0xfb0 [0219.026] GetCurrentProcess () returned 0xffffffff [0219.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ed18 | out: TokenHandle=0x37ed18*=0x5dc) returned 1 [0219.027] CloseHandle (hObject=0x5dc) returned 1 [0219.027] GetCurrentProcess () returned 0xffffffff [0219.028] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x37ed30 | out: TokenHandle=0x37ed30*=0x5dc) returned 1 [0219.028] CloseHandle (hObject=0x5dc) returned 1 [0219.040] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1cb [0219.040] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1ca [0219.045] GetSystemMetrics (nIndex=75) returned 1 [0219.087] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0219.112] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x752b0000 [0219.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AddDllDirectory", cchWideChar=15, lpMultiByteStr=0x37ef50, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AddDllDirectoryq¸g0n", lpUsedDefaultChar=0x0) returned 15 [0219.113] GetProcAddress (hModule=0x752b0000, lpProcName="AddDllDirectory") returned 0x753d1e91 [0219.113] LoadLibraryExW (lpLibFileName="comctl32.dll", hFile=0x0, dwFlags=0x800) returned 0x6ce80000 [0219.172] GetModuleHandleW (lpModuleName="user32.dll") returned 0x76860000 [0219.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x37ee94, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW0n", lpUsedDefaultChar=0x0) returned 14 [0219.172] GetProcAddress (hModule=0x76860000, lpProcName="DefWindowProcW") returned 0x76f325dd [0219.173] GetStockObject (i=5) returned 0x1900015 [0219.175] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0219.177] CoTaskMemAlloc (cb=0x5c) returned 0x5d8ea68 [0219.177] RegisterClassW (lpWndClass=0x37ee84) returned 0xc076 [0219.178] CoTaskMemFree (pv=0x5d8ea68) [0219.178] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0219.179] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.3c47a4f_r14_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x60182 [0219.182] SetWindowLongW (hWnd=0x60182, nIndex=-4, dwNewLong=1995646429) returned 4789062 [0219.183] GetWindowLongW (hWnd=0x60182, nIndex=-4) returned 1995646429 [0219.185] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x37e798 | out: phkResult=0x37e798*=0x6f8) returned 0x0 [0219.185] RegQueryValueExW (in: hKey=0x6f8, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x37e7b8, lpData=0x0, lpcbData=0x37e7b4*=0x0 | out: lpType=0x37e7b8*=0x0, lpData=0x0, lpcbData=0x37e7b4*=0x0) returned 0x2 [0219.185] RegQueryValueExW (in: hKey=0x6f8, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x37e7b8, lpData=0x0, lpcbData=0x37e7b4*=0x0 | out: lpType=0x37e7b8*=0x0, lpData=0x0, lpcbData=0x37e7b4*=0x0) returned 0x2 [0219.186] RegCloseKey (hKey=0x6f8) returned 0x0 [0219.187] SetWindowLongW (hWnd=0x60182, nIndex=-4, dwNewLong=4789102) returned 1995646429 [0219.187] GetWindowLongW (hWnd=0x60182, nIndex=-4) returned 4789102 [0219.187] GetWindowLongW (hWnd=0x60182, nIndex=-16) returned 113311744 [0219.188] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc12d [0219.188] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x60182, Msg=0x24, wParam=0x0, lParam=0x37ea70) returned 0x0 [0219.188] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc073 [0219.189] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x60182, Msg=0x81, wParam=0x0, lParam=0x37ea64) returned 0x1 [0219.189] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x60182, Msg=0x83, wParam=0x0, lParam=0x37ea50) returned 0x0 [0219.189] CallWindowProcW (lpPrevWndFunc=0x76f325dd, hWnd=0x60182, Msg=0x1, wParam=0x0, lParam=0x37ea64) returned 0x0 [0219.190] GetClientRect (in: hWnd=0x60182, lpRect=0x37e7cc | out: lpRect=0x37e7cc) returned 1 [0219.190] GetWindowRect (in: hWnd=0x60182, lpRect=0x37e7cc | out: lpRect=0x37e7cc) returned 1 [0219.191] GetParent (hWnd=0x60182) returned 0x0 [0219.192] OleInitialize (pvReserved=0x0) returned 0x0 [0219.193] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x37f0b4 | out: lplpMessageFilter=0x37f0b4*=0x0) returned 0x0 [0219.195] PeekMessageW (in: lpMsg=0x37f088, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x37f088) returned 0 [0219.196] PeekMessageW (in: lpMsg=0x37f088, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x37f088) returned 0 [0219.196] WaitMessage () Thread: id = 126 os_tid = 0xffc Thread: id = 127 os_tid = 0xb24 [0184.872] CoGetContextToken (in: pToken=0x454f5ec | out: pToken=0x454f5ec) returned 0x800401f0 [0184.872] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 128 os_tid = 0xb44 Thread: id = 129 os_tid = 0xb14 Thread: id = 130 os_tid = 0xb18 Thread: id = 131 os_tid = 0xb78 Thread: id = 154 os_tid = 0xb48 [0189.649] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0189.679] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x555f52c | out: lpiid=0x555f52c) returned 0x0 [0189.681] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x7245f0) returned 0x0 [0189.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x7245f0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0189.682] WbemDefPath:IClassFactory:CreateInstance (in: This=0x7245f0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x730f90) returned 0x0 [0189.682] WbemDefPath:IUnknown:Release (This=0x7245f0) returned 0x0 [0189.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x730f90) returned 0x0 [0189.682] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0189.683] WbemDefPath:IUnknown:AddRef (This=0x730f90) returned 0x3 [0189.683] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0189.683] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0189.683] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x7245d0) returned 0x0 [0189.683] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7245d0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0189.683] WbemDefPath:IUnknown:Release (This=0x7245d0) returned 0x3 [0189.683] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0189.684] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0189.684] WbemDefPath:IUnknown:QueryInterface (in: This=0x730f90, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0189.684] WbemDefPath:IUnknown:Release (This=0x730f90) returned 0x2 [0189.684] WbemDefPath:IUnknown:Release (This=0x730f90) returned 0x1 [0189.685] SetEvent (hEvent=0x2b0) returned 1 [0189.700] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x724710) returned 0x0 [0189.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x724710, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0189.701] WbemDefPath:IClassFactory:CreateInstance (in: This=0x724710, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731000) returned 0x0 [0189.701] WbemDefPath:IUnknown:Release (This=0x724710) returned 0x0 [0189.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731000) returned 0x0 [0189.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0189.701] WbemDefPath:IUnknown:AddRef (This=0x731000) returned 0x3 [0189.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0189.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0189.701] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x724720) returned 0x0 [0189.702] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x724720, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0189.702] WbemDefPath:IUnknown:Release (This=0x724720) returned 0x3 [0189.702] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0189.702] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0189.702] WbemDefPath:IUnknown:QueryInterface (in: This=0x731000, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0189.702] WbemDefPath:IUnknown:Release (This=0x731000) returned 0x2 [0189.702] WbemDefPath:IUnknown:Release (This=0x731000) returned 0x1 [0189.702] SetEvent (hEvent=0x2e4) returned 1 [0189.705] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x724750) returned 0x0 [0189.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x724750, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0189.705] WbemDefPath:IClassFactory:CreateInstance (in: This=0x724750, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731070) returned 0x0 [0189.705] WbemDefPath:IUnknown:Release (This=0x724750) returned 0x0 [0189.705] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731070) returned 0x0 [0189.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0189.706] WbemDefPath:IUnknown:AddRef (This=0x731070) returned 0x3 [0189.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0189.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0189.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x724760) returned 0x0 [0189.706] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x724760, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0189.706] WbemDefPath:IUnknown:Release (This=0x724760) returned 0x3 [0189.706] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0189.706] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0189.706] WbemDefPath:IUnknown:QueryInterface (in: This=0x731070, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0189.706] WbemDefPath:IUnknown:Release (This=0x731070) returned 0x2 [0189.706] WbemDefPath:IUnknown:Release (This=0x731070) returned 0x1 [0189.706] SetEvent (hEvent=0x2e8) returned 1 [0190.569] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x724800) returned 0x0 [0190.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x724800, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0190.569] WbemDefPath:IClassFactory:CreateInstance (in: This=0x724800, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7310e0) returned 0x0 [0190.569] WbemDefPath:IUnknown:Release (This=0x724800) returned 0x0 [0190.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7310e0) returned 0x0 [0190.569] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0190.570] WbemDefPath:IUnknown:AddRef (This=0x7310e0) returned 0x3 [0190.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0190.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0190.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x724810) returned 0x0 [0190.570] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x724810, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0190.570] WbemDefPath:IUnknown:Release (This=0x724810) returned 0x3 [0190.570] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0190.570] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0190.570] WbemDefPath:IUnknown:QueryInterface (in: This=0x7310e0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0190.570] WbemDefPath:IUnknown:Release (This=0x7310e0) returned 0x2 [0190.570] WbemDefPath:IUnknown:Release (This=0x7310e0) returned 0x1 [0190.570] SetEvent (hEvent=0x33c) returned 1 [0201.375] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x7248a0) returned 0x0 [0201.375] WbemDefPath:IUnknown:QueryInterface (in: This=0x7248a0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.376] WbemDefPath:IClassFactory:CreateInstance (in: This=0x7248a0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7311c0) returned 0x0 [0201.376] WbemDefPath:IUnknown:Release (This=0x7248a0) returned 0x0 [0201.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7311c0) returned 0x0 [0201.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.376] WbemDefPath:IUnknown:AddRef (This=0x7311c0) returned 0x3 [0201.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.376] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x7248c0) returned 0x0 [0201.377] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7248c0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.377] WbemDefPath:IUnknown:Release (This=0x7248c0) returned 0x3 [0201.377] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.377] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.377] WbemDefPath:IUnknown:QueryInterface (in: This=0x7311c0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.377] WbemDefPath:IUnknown:Release (This=0x7311c0) returned 0x2 [0201.377] WbemDefPath:IUnknown:Release (This=0x7311c0) returned 0x1 [0201.377] SetEvent (hEvent=0x344) returned 1 [0201.422] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x7248f0) returned 0x0 [0201.422] WbemDefPath:IUnknown:QueryInterface (in: This=0x7248f0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.422] WbemDefPath:IClassFactory:CreateInstance (in: This=0x7248f0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731230) returned 0x0 [0201.423] WbemDefPath:IUnknown:Release (This=0x7248f0) returned 0x0 [0201.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731230) returned 0x0 [0201.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.423] WbemDefPath:IUnknown:AddRef (This=0x731230) returned 0x3 [0201.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x724890) returned 0x0 [0201.423] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x724890, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.423] WbemDefPath:IUnknown:Release (This=0x724890) returned 0x3 [0201.423] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.423] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.423] WbemDefPath:IUnknown:QueryInterface (in: This=0x731230, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.424] WbemDefPath:IUnknown:Release (This=0x731230) returned 0x2 [0201.424] WbemDefPath:IUnknown:Release (This=0x731230) returned 0x1 [0201.424] SetEvent (hEvent=0x348) returned 1 [0201.427] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x724880) returned 0x0 [0201.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x724880, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.427] WbemDefPath:IClassFactory:CreateInstance (in: This=0x724880, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7312a0) returned 0x0 [0201.427] WbemDefPath:IUnknown:Release (This=0x724880) returned 0x0 [0201.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7312a0) returned 0x0 [0201.427] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.428] WbemDefPath:IUnknown:AddRef (This=0x7312a0) returned 0x3 [0201.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x724900) returned 0x0 [0201.428] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x724900, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.428] WbemDefPath:IUnknown:Release (This=0x724900) returned 0x3 [0201.428] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.428] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.428] WbemDefPath:IUnknown:QueryInterface (in: This=0x7312a0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.428] WbemDefPath:IUnknown:Release (This=0x7312a0) returned 0x2 [0201.428] WbemDefPath:IUnknown:Release (This=0x7312a0) returned 0x1 [0201.428] SetEvent (hEvent=0x34c) returned 1 [0201.547] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fb40) returned 0x0 [0201.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fb40, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.547] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fb40, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731310) returned 0x0 [0201.547] WbemDefPath:IUnknown:Release (This=0x74fb40) returned 0x0 [0201.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731310) returned 0x0 [0201.547] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.548] WbemDefPath:IUnknown:AddRef (This=0x731310) returned 0x3 [0201.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fb70) returned 0x0 [0201.548] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fb70, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.548] WbemDefPath:IUnknown:Release (This=0x74fb70) returned 0x3 [0201.548] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.548] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.548] WbemDefPath:IUnknown:QueryInterface (in: This=0x731310, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.548] WbemDefPath:IUnknown:Release (This=0x731310) returned 0x2 [0201.548] WbemDefPath:IUnknown:Release (This=0x731310) returned 0x1 [0201.548] SetEvent (hEvent=0x37c) returned 1 [0201.957] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fbf0) returned 0x0 [0201.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fbf0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.957] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fbf0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731380) returned 0x0 [0201.957] WbemDefPath:IUnknown:Release (This=0x74fbf0) returned 0x0 [0201.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731380) returned 0x0 [0201.957] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.958] WbemDefPath:IUnknown:AddRef (This=0x731380) returned 0x3 [0201.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fc00) returned 0x0 [0201.958] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fc00, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.958] WbemDefPath:IUnknown:Release (This=0x74fc00) returned 0x3 [0201.958] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.958] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.958] WbemDefPath:IUnknown:QueryInterface (in: This=0x731380, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.958] WbemDefPath:IUnknown:Release (This=0x731380) returned 0x2 [0201.958] WbemDefPath:IUnknown:Release (This=0x731380) returned 0x1 [0201.958] SetEvent (hEvent=0x380) returned 1 [0201.975] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fc40) returned 0x0 [0201.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fc40, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.975] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fc40, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7313f0) returned 0x0 [0201.975] WbemDefPath:IUnknown:Release (This=0x74fc40) returned 0x0 [0201.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7313f0) returned 0x0 [0201.975] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.976] WbemDefPath:IUnknown:AddRef (This=0x7313f0) returned 0x3 [0201.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fc50) returned 0x0 [0201.976] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fc50, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.976] WbemDefPath:IUnknown:Release (This=0x74fc50) returned 0x3 [0201.976] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.976] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.976] WbemDefPath:IUnknown:QueryInterface (in: This=0x7313f0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.976] WbemDefPath:IUnknown:Release (This=0x7313f0) returned 0x2 [0201.976] WbemDefPath:IUnknown:Release (This=0x7313f0) returned 0x1 [0201.976] SetEvent (hEvent=0x384) returned 1 [0201.983] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fc90) returned 0x0 [0201.983] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fc90, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.983] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fc90, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731460) returned 0x0 [0201.983] WbemDefPath:IUnknown:Release (This=0x74fc90) returned 0x0 [0201.983] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731460) returned 0x0 [0201.983] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.984] WbemDefPath:IUnknown:AddRef (This=0x731460) returned 0x3 [0201.984] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.984] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.984] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fca0) returned 0x0 [0201.984] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fca0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.984] WbemDefPath:IUnknown:Release (This=0x74fca0) returned 0x3 [0201.984] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.984] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.984] WbemDefPath:IUnknown:QueryInterface (in: This=0x731460, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.984] WbemDefPath:IUnknown:Release (This=0x731460) returned 0x2 [0201.984] WbemDefPath:IUnknown:Release (This=0x731460) returned 0x1 [0201.984] SetEvent (hEvent=0x388) returned 1 [0201.991] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fce0) returned 0x0 [0201.991] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fce0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.991] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fce0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7314d0) returned 0x0 [0201.991] WbemDefPath:IUnknown:Release (This=0x74fce0) returned 0x0 [0201.991] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7314d0) returned 0x0 [0201.991] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.992] WbemDefPath:IUnknown:AddRef (This=0x7314d0) returned 0x3 [0201.992] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.992] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.992] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fcf0) returned 0x0 [0201.992] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fcf0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.992] WbemDefPath:IUnknown:Release (This=0x74fcf0) returned 0x3 [0201.992] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.992] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.992] WbemDefPath:IUnknown:QueryInterface (in: This=0x7314d0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.992] WbemDefPath:IUnknown:Release (This=0x7314d0) returned 0x2 [0201.992] WbemDefPath:IUnknown:Release (This=0x7314d0) returned 0x1 [0201.992] SetEvent (hEvent=0x38c) returned 1 [0201.998] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fd30) returned 0x0 [0201.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fd30, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0201.998] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fd30, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731540) returned 0x0 [0201.998] WbemDefPath:IUnknown:Release (This=0x74fd30) returned 0x0 [0201.998] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731540) returned 0x0 [0201.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0201.999] WbemDefPath:IUnknown:AddRef (This=0x731540) returned 0x3 [0201.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0201.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0201.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fd40) returned 0x0 [0201.999] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fd40, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0201.999] WbemDefPath:IUnknown:Release (This=0x74fd40) returned 0x3 [0201.999] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0201.999] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0201.999] WbemDefPath:IUnknown:QueryInterface (in: This=0x731540, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0201.999] WbemDefPath:IUnknown:Release (This=0x731540) returned 0x2 [0201.999] WbemDefPath:IUnknown:Release (This=0x731540) returned 0x1 [0201.999] SetEvent (hEvent=0x390) returned 1 [0202.006] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fd80) returned 0x0 [0202.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fd80, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.006] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fd80, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7315b0) returned 0x0 [0202.006] WbemDefPath:IUnknown:Release (This=0x74fd80) returned 0x0 [0202.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7315b0) returned 0x0 [0202.006] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.007] WbemDefPath:IUnknown:AddRef (This=0x7315b0) returned 0x3 [0202.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fd90) returned 0x0 [0202.007] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fd90, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.007] WbemDefPath:IUnknown:Release (This=0x74fd90) returned 0x3 [0202.007] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.007] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.007] WbemDefPath:IUnknown:QueryInterface (in: This=0x7315b0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.007] WbemDefPath:IUnknown:Release (This=0x7315b0) returned 0x2 [0202.007] WbemDefPath:IUnknown:Release (This=0x7315b0) returned 0x1 [0202.007] SetEvent (hEvent=0x394) returned 1 [0202.013] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fdd0) returned 0x0 [0202.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fdd0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.013] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fdd0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731620) returned 0x0 [0202.013] WbemDefPath:IUnknown:Release (This=0x74fdd0) returned 0x0 [0202.013] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731620) returned 0x0 [0202.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.014] WbemDefPath:IUnknown:AddRef (This=0x731620) returned 0x3 [0202.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fde0) returned 0x0 [0202.014] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fde0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.014] WbemDefPath:IUnknown:Release (This=0x74fde0) returned 0x3 [0202.014] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.014] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.014] WbemDefPath:IUnknown:QueryInterface (in: This=0x731620, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.014] WbemDefPath:IUnknown:Release (This=0x731620) returned 0x2 [0202.014] WbemDefPath:IUnknown:Release (This=0x731620) returned 0x1 [0202.014] SetEvent (hEvent=0x398) returned 1 [0202.020] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fe20) returned 0x0 [0202.021] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fe20, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.021] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fe20, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731690) returned 0x0 [0202.021] WbemDefPath:IUnknown:Release (This=0x74fe20) returned 0x0 [0202.021] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731690) returned 0x0 [0202.021] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.021] WbemDefPath:IUnknown:AddRef (This=0x731690) returned 0x3 [0202.021] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.021] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.021] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fe30) returned 0x0 [0202.021] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fe30, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.022] WbemDefPath:IUnknown:Release (This=0x74fe30) returned 0x3 [0202.022] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.022] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.022] WbemDefPath:IUnknown:QueryInterface (in: This=0x731690, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.022] WbemDefPath:IUnknown:Release (This=0x731690) returned 0x2 [0202.022] WbemDefPath:IUnknown:Release (This=0x731690) returned 0x1 [0202.022] SetEvent (hEvent=0x39c) returned 1 [0202.030] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fe70) returned 0x0 [0202.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fe70, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.030] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fe70, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731700) returned 0x0 [0202.030] WbemDefPath:IUnknown:Release (This=0x74fe70) returned 0x0 [0202.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731700) returned 0x0 [0202.030] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.031] WbemDefPath:IUnknown:AddRef (This=0x731700) returned 0x3 [0202.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fe80) returned 0x0 [0202.031] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fe80, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.031] WbemDefPath:IUnknown:Release (This=0x74fe80) returned 0x3 [0202.031] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.031] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.031] WbemDefPath:IUnknown:QueryInterface (in: This=0x731700, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.031] WbemDefPath:IUnknown:Release (This=0x731700) returned 0x2 [0202.031] WbemDefPath:IUnknown:Release (This=0x731700) returned 0x1 [0202.031] SetEvent (hEvent=0x3a0) returned 1 [0202.039] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74fec0) returned 0x0 [0202.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x74fec0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.039] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74fec0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731770) returned 0x0 [0202.039] WbemDefPath:IUnknown:Release (This=0x74fec0) returned 0x0 [0202.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731770) returned 0x0 [0202.039] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.040] WbemDefPath:IUnknown:AddRef (This=0x731770) returned 0x3 [0202.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fed0) returned 0x0 [0202.040] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fed0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.040] WbemDefPath:IUnknown:Release (This=0x74fed0) returned 0x3 [0202.040] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.040] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.040] WbemDefPath:IUnknown:QueryInterface (in: This=0x731770, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.040] WbemDefPath:IUnknown:Release (This=0x731770) returned 0x2 [0202.040] WbemDefPath:IUnknown:Release (This=0x731770) returned 0x1 [0202.040] SetEvent (hEvent=0x3a4) returned 1 [0202.046] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x74ff10) returned 0x0 [0202.046] WbemDefPath:IUnknown:QueryInterface (in: This=0x74ff10, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.047] WbemDefPath:IClassFactory:CreateInstance (in: This=0x74ff10, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7317e0) returned 0x0 [0202.047] WbemDefPath:IUnknown:Release (This=0x74ff10) returned 0x0 [0202.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7317e0) returned 0x0 [0202.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.047] WbemDefPath:IUnknown:AddRef (This=0x7317e0) returned 0x3 [0202.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x522c3e0) returned 0x0 [0202.047] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x522c3e0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.047] WbemDefPath:IUnknown:Release (This=0x522c3e0) returned 0x3 [0202.047] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.047] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.047] WbemDefPath:IUnknown:QueryInterface (in: This=0x7317e0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.047] WbemDefPath:IUnknown:Release (This=0x7317e0) returned 0x2 [0202.047] WbemDefPath:IUnknown:Release (This=0x7317e0) returned 0x1 [0202.047] SetEvent (hEvent=0x3a8) returned 1 [0202.054] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x522c420) returned 0x0 [0202.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x522c420, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.055] WbemDefPath:IClassFactory:CreateInstance (in: This=0x522c420, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731850) returned 0x0 [0202.055] WbemDefPath:IUnknown:Release (This=0x522c420) returned 0x0 [0202.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731850) returned 0x0 [0202.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.055] WbemDefPath:IUnknown:AddRef (This=0x731850) returned 0x3 [0202.055] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x522c430) returned 0x0 [0202.056] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x522c430, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.056] WbemDefPath:IUnknown:Release (This=0x522c430) returned 0x3 [0202.056] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.056] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.056] WbemDefPath:IUnknown:QueryInterface (in: This=0x731850, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.056] WbemDefPath:IUnknown:Release (This=0x731850) returned 0x2 [0202.056] WbemDefPath:IUnknown:Release (This=0x731850) returned 0x1 [0202.056] SetEvent (hEvent=0x3ac) returned 1 [0202.063] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x522c470) returned 0x0 [0202.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x522c470, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.064] WbemDefPath:IClassFactory:CreateInstance (in: This=0x522c470, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7318c0) returned 0x0 [0202.064] WbemDefPath:IUnknown:Release (This=0x522c470) returned 0x0 [0202.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7318c0) returned 0x0 [0202.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.064] WbemDefPath:IUnknown:AddRef (This=0x7318c0) returned 0x3 [0202.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.064] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x522c480) returned 0x0 [0202.064] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x522c480, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.064] WbemDefPath:IUnknown:Release (This=0x522c480) returned 0x3 [0202.064] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.065] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.065] WbemDefPath:IUnknown:QueryInterface (in: This=0x7318c0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.065] WbemDefPath:IUnknown:Release (This=0x7318c0) returned 0x2 [0202.065] WbemDefPath:IUnknown:Release (This=0x7318c0) returned 0x1 [0202.065] SetEvent (hEvent=0x3b0) returned 1 [0202.071] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x522c4c0) returned 0x0 [0202.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x522c4c0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.071] WbemDefPath:IClassFactory:CreateInstance (in: This=0x522c4c0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731930) returned 0x0 [0202.071] WbemDefPath:IUnknown:Release (This=0x522c4c0) returned 0x0 [0202.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731930) returned 0x0 [0202.071] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.072] WbemDefPath:IUnknown:AddRef (This=0x731930) returned 0x3 [0202.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x522c4d0) returned 0x0 [0202.072] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x522c4d0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.072] WbemDefPath:IUnknown:Release (This=0x522c4d0) returned 0x3 [0202.072] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.072] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.072] WbemDefPath:IUnknown:QueryInterface (in: This=0x731930, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.072] WbemDefPath:IUnknown:Release (This=0x731930) returned 0x2 [0202.072] WbemDefPath:IUnknown:Release (This=0x731930) returned 0x1 [0202.072] SetEvent (hEvent=0x3b4) returned 1 [0202.079] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x522c510) returned 0x0 [0202.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x522c510, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0202.079] WbemDefPath:IClassFactory:CreateInstance (in: This=0x522c510, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x7319a0) returned 0x0 [0202.079] WbemDefPath:IUnknown:Release (This=0x522c510) returned 0x0 [0202.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x7319a0) returned 0x0 [0202.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0202.079] WbemDefPath:IUnknown:AddRef (This=0x7319a0) returned 0x3 [0202.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0202.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0202.079] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x522c520) returned 0x0 [0202.080] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x522c520, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0202.080] WbemDefPath:IUnknown:Release (This=0x522c520) returned 0x3 [0202.080] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0202.080] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0202.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x7319a0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0202.080] WbemDefPath:IUnknown:Release (This=0x7319a0) returned 0x2 [0202.080] WbemDefPath:IUnknown:Release (This=0x7319a0) returned 0x1 [0202.080] SetEvent (hEvent=0x3b8) returned 1 [0206.995] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x522c700) returned 0x0 [0206.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x522c700, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0206.996] WbemDefPath:IClassFactory:CreateInstance (in: This=0x522c700, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731a80) returned 0x0 [0206.996] WbemDefPath:IUnknown:Release (This=0x522c700) returned 0x0 [0206.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731a80) returned 0x0 [0206.996] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0206.997] WbemDefPath:IUnknown:AddRef (This=0x731a80) returned 0x3 [0206.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0206.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0206.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x522c5c0) returned 0x0 [0206.997] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x522c5c0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0206.997] WbemDefPath:IUnknown:Release (This=0x522c5c0) returned 0x3 [0206.997] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0206.997] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0206.997] WbemDefPath:IUnknown:QueryInterface (in: This=0x731a80, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0206.997] WbemDefPath:IUnknown:Release (This=0x731a80) returned 0x2 [0206.997] WbemDefPath:IUnknown:Release (This=0x731a80) returned 0x1 [0206.997] SetEvent (hEvent=0x434) returned 1 [0207.099] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x522c7b0) returned 0x0 [0207.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x522c7b0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0207.099] WbemDefPath:IClassFactory:CreateInstance (in: This=0x522c7b0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731af0) returned 0x0 [0207.099] WbemDefPath:IUnknown:Release (This=0x522c7b0) returned 0x0 [0207.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731af0) returned 0x0 [0207.099] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0207.100] WbemDefPath:IUnknown:AddRef (This=0x731af0) returned 0x3 [0207.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0207.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0207.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x74fbe0) returned 0x0 [0207.100] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x74fbe0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0207.100] WbemDefPath:IUnknown:Release (This=0x74fbe0) returned 0x3 [0207.100] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0207.100] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0207.100] WbemDefPath:IUnknown:QueryInterface (in: This=0x731af0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0207.100] WbemDefPath:IUnknown:Release (This=0x731af0) returned 0x2 [0207.100] WbemDefPath:IUnknown:Release (This=0x731af0) returned 0x1 [0207.100] SetEvent (hEvent=0x44c) returned 1 [0210.894] CoGetClassObject (in: rclsid=0x724d1c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x555f248 | out: ppv=0x555f248*=0x52527a0) returned 0x0 [0210.894] WbemDefPath:IUnknown:QueryInterface (in: This=0x52527a0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x555f460 | out: ppvObject=0x555f460*=0x0) returned 0x80004002 [0210.894] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52527a0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f46c | out: ppvObject=0x555f46c*=0x731b60) returned 0x0 [0210.895] WbemDefPath:IUnknown:Release (This=0x52527a0) returned 0x0 [0210.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555f08c | out: ppvObject=0x555f08c*=0x731b60) returned 0x0 [0210.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x555f040 | out: ppvObject=0x555f040*=0x0) returned 0x80004002 [0210.895] WbemDefPath:IUnknown:AddRef (This=0x731b60) returned 0x3 [0210.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x555e99c | out: ppvObject=0x555e99c*=0x0) returned 0x80004002 [0210.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x555e94c | out: ppvObject=0x555e94c*=0x0) returned 0x80004002 [0210.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555e958 | out: ppvObject=0x555e958*=0x52527b0) returned 0x0 [0210.896] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x52527b0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x555e960 | out: pCid=0x555e960*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0210.896] WbemDefPath:IUnknown:Release (This=0x52527b0) returned 0x3 [0210.896] CoGetContextToken (in: pToken=0x555e9b8 | out: pToken=0x555e9b8) returned 0x0 [0210.896] CoGetContextToken (in: pToken=0x555edcc | out: pToken=0x555edcc) returned 0x0 [0210.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x731b60, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x555ee4c | out: ppvObject=0x555ee4c*=0x0) returned 0x80004002 [0210.896] WbemDefPath:IUnknown:Release (This=0x731b60) returned 0x2 [0210.896] WbemDefPath:IUnknown:Release (This=0x731b60) returned 0x1 [0210.896] SetEvent (hEvent=0x464) returned 1 Thread: id = 155 os_tid = 0xb58 [0189.713] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0189.713] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x57ef604 | out: lpiid=0x57ef604) returned 0x0 [0189.715] CoGetClassObject (in: rclsid=0x724dac*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x57ef320 | out: ppv=0x57ef320*=0x735d88) returned 0x0 [0189.715] WbemLocator:IUnknown:QueryInterface (in: This=0x735d88, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x57ef538 | out: ppvObject=0x57ef538*=0x0) returned 0x80004002 [0189.715] WbemLocator:IClassFactory:CreateInstance (in: This=0x735d88, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ef544 | out: ppvObject=0x57ef544*=0x724790) returned 0x0 [0189.715] WbemLocator:IUnknown:Release (This=0x735d88) returned 0x0 [0189.715] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ef164 | out: ppvObject=0x57ef164*=0x724790) returned 0x0 [0189.715] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x57ef118 | out: ppvObject=0x57ef118*=0x0) returned 0x80004002 [0189.716] WbemLocator:IUnknown:AddRef (This=0x724790) returned 0x3 [0189.716] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x57eea74 | out: ppvObject=0x57eea74*=0x0) returned 0x80004002 [0189.716] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x57eea24 | out: ppvObject=0x57eea24*=0x0) returned 0x80004002 [0189.716] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57eea30 | out: ppvObject=0x57eea30*=0x0) returned 0x80004002 [0189.716] CoGetContextToken (in: pToken=0x57eea90 | out: pToken=0x57eea90) returned 0x0 [0189.716] CoGetObjectContext (in: riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x735d8c | out: ppv=0x735d8c*=0x6ad938) returned 0x0 [0189.718] CoGetContextToken (in: pToken=0x57eeea4 | out: pToken=0x57eeea4) returned 0x0 [0189.718] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57eef24 | out: ppvObject=0x57eef24*=0x0) returned 0x80004002 [0189.718] WbemLocator:IUnknown:Release (This=0x724790) returned 0x2 [0189.718] WbemLocator:IUnknown:Release (This=0x724790) returned 0x1 [0189.719] CoGetContextToken (in: pToken=0x57ef51c | out: pToken=0x57ef51c) returned 0x0 [0189.719] CoGetContextToken (in: pToken=0x57ef47c | out: pToken=0x57ef47c) returned 0x0 [0189.719] WbemLocator:IUnknown:QueryInterface (in: This=0x724790, riid=0x57ef54c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x57ef548 | out: ppvObject=0x57ef548*=0x724790) returned 0x0 [0189.719] WbemLocator:IUnknown:AddRef (This=0x724790) returned 0x3 [0189.719] WbemLocator:IUnknown:Release (This=0x724790) returned 0x2 [0189.723] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731070, puCount=0x57ef6dc | out: puCount=0x57ef6dc*=0x2) returned 0x0 [0189.723] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=8, puBuffLength=0x57ef6d8*=0x0, pszText=0x0 | out: puBuffLength=0x57ef6d8*=0xf, pszText=0x0) returned 0x0 [0189.724] WbemDefPath:IWbemPath:GetText (in: This=0x731070, lFlags=8, puBuffLength=0x57ef6d8*=0xf, pszText="00000000000000" | out: puBuffLength=0x57ef6d8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0189.738] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x57ee900, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0189.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x57eee28, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0189.740] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x704b0000 [0189.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x57eee5c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecuritymZp", lpUsedDefaultChar=0x0) returned 13 [0189.888] GetProcAddress (hModule=0x704b0000, lpProcName="ResetSecurity") returned 0x704b7dd0 [0189.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x57eee5c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0189.899] GetProcAddress (hModule=0x704b0000, lpProcName="SetSecurity") returned 0x704b7e20 [0189.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x57eee58, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesZp", lpUsedDefaultChar=0x0) returned 18 [0189.909] GetProcAddress (hModule=0x704b0000, lpProcName="BlessIWbemServices") returned 0x704b6e70 [0189.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x57eee50, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject»mZp", lpUsedDefaultChar=0x0) returned 24 [0189.940] GetProcAddress (hModule=0x704b0000, lpProcName="BlessIWbemServicesObject") returned 0x704b6ed0 [0189.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x57eee58, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandlemZp", lpUsedDefaultChar=0x0) returned 17 [0189.966] GetProcAddress (hModule=0x704b0000, lpProcName="GetPropertyHandle") returned 0x704b7820 [0189.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x57eee58, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValueZp", lpUsedDefaultChar=0x0) returned 18 [0189.983] GetProcAddress (hModule=0x704b0000, lpProcName="WritePropertyValue") returned 0x704b7fa0 [0189.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x57eee64, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemZp", lpUsedDefaultChar=0x0) returned 5 [0189.997] GetProcAddress (hModule=0x704b0000, lpProcName="Clone") returned 0x704b6f30 [0190.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x57eee58, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0190.009] GetProcAddress (hModule=0x704b0000, lpProcName="VerifyClientKey") returned 0x704b7f20 [0190.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x57eee58, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0190.017] GetProcAddress (hModule=0x704b0000, lpProcName="GetQualifierSet") returned 0x704b78e0 [0190.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x57eee64, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0190.019] GetProcAddress (hModule=0x704b0000, lpProcName="Get") returned 0x704b75c0 [0190.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x57eee64, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0190.041] GetProcAddress (hModule=0x704b0000, lpProcName="Put") returned 0x704b7a00 [0190.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x57eee64, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteZp", lpUsedDefaultChar=0x0) returned 6 [0190.063] GetProcAddress (hModule=0x704b0000, lpProcName="Delete") returned 0x704b7300 [0190.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x57eee60, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames»mZp", lpUsedDefaultChar=0x0) returned 8 [0190.076] GetProcAddress (hModule=0x704b0000, lpProcName="GetNames") returned 0x704b77c0 [0190.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x57eee58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration»mZp", lpUsedDefaultChar=0x0) returned 16 [0190.103] GetProcAddress (hModule=0x704b0000, lpProcName="BeginEnumeration") returned 0x704b6e30 [0190.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x57eee64, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next»mZp", lpUsedDefaultChar=0x0) returned 4 [0190.111] GetProcAddress (hModule=0x704b0000, lpProcName="Next") returned 0x704b79a0 [0190.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x57eee5c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationZp", lpUsedDefaultChar=0x0) returned 14 [0190.127] GetProcAddress (hModule=0x704b0000, lpProcName="EndEnumeration") returned 0x704b73c0 [0190.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x57eee50, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0190.134] GetProcAddress (hModule=0x704b0000, lpProcName="GetPropertyQualifierSet") returned 0x704b78b0 [0190.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x57eee64, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ClonemZp", lpUsedDefaultChar=0x0) returned 5 [0190.148] GetProcAddress (hModule=0x704b0000, lpProcName="Clone") returned 0x704b6f30 [0190.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x57eee5c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectTextmZp", lpUsedDefaultChar=0x0) returned 13 [0190.149] GetProcAddress (hModule=0x704b0000, lpProcName="GetObjectText") returned 0x704b77f0 [0190.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x57eee58, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClassmZp", lpUsedDefaultChar=0x0) returned 17 [0190.161] GetProcAddress (hModule=0x704b0000, lpProcName="SpawnDerivedClass") returned 0x704b7e80 [0190.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x57eee5c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstancemZp", lpUsedDefaultChar=0x0) returned 13 [0190.171] GetProcAddress (hModule=0x704b0000, lpProcName="SpawnInstance") returned 0x704b7eb0 [0190.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x57eee60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTomZp", lpUsedDefaultChar=0x0) returned 9 [0190.173] GetProcAddress (hModule=0x704b0000, lpProcName="CompareTo") returned 0x704b7020 [0190.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x57eee58, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOriginmZp", lpUsedDefaultChar=0x0) returned 17 [0190.182] GetProcAddress (hModule=0x704b0000, lpProcName="GetPropertyOrigin") returned 0x704b7880 [0190.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x57eee5c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom»mZp", lpUsedDefaultChar=0x0) returned 12 [0190.199] GetProcAddress (hModule=0x704b0000, lpProcName="InheritsFrom") returned 0x704b7900 [0190.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x57eee60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodmZp", lpUsedDefaultChar=0x0) returned 9 [0190.200] GetProcAddress (hModule=0x704b0000, lpProcName="GetMethod") returned 0x704b7730 [0190.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x57eee60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethodmZp", lpUsedDefaultChar=0x0) returned 9 [0190.218] GetProcAddress (hModule=0x704b0000, lpProcName="PutMethod") returned 0x704b7bf0 [0190.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x57eee5c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod»mZp", lpUsedDefaultChar=0x0) returned 12 [0190.232] GetProcAddress (hModule=0x704b0000, lpProcName="DeleteMethod") returned 0x704b7320 [0190.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x57eee54, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationZp", lpUsedDefaultChar=0x0) returned 22 [0190.235] GetProcAddress (hModule=0x704b0000, lpProcName="BeginMethodEnumeration") returned 0x704b6e50 [0190.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x57eee60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodZp", lpUsedDefaultChar=0x0) returned 10 [0190.236] GetProcAddress (hModule=0x704b0000, lpProcName="NextMethod") returned 0x704b79d0 [0190.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x57eee54, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration»mZp", lpUsedDefaultChar=0x0) returned 20 [0190.252] GetProcAddress (hModule=0x704b0000, lpProcName="EndMethodEnumeration") returned 0x704b73e0 [0190.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x57eee54, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSetmZp", lpUsedDefaultChar=0x0) returned 21 [0190.254] GetProcAddress (hModule=0x704b0000, lpProcName="GetMethodQualifierSet") returned 0x704b7790 [0190.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x57eee58, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0190.257] GetProcAddress (hModule=0x704b0000, lpProcName="GetMethodOrigin") returned 0x704b7760 [0190.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x57eee58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get»mZp", lpUsedDefaultChar=0x0) returned 16 [0190.259] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_Get") returned 0x704b7c80 [0190.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x57eee58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put»mZp", lpUsedDefaultChar=0x0) returned 16 [0190.280] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_Put") returned 0x704b7d10 [0190.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x57eee54, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0190.299] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_Delete") returned 0x704b7c40 [0190.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x57eee54, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNamesmZp", lpUsedDefaultChar=0x0) returned 21 [0190.301] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_GetNames") returned 0x704b7cb0 [0190.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x57eee4c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumerationmZp", lpUsedDefaultChar=0x0) returned 29 [0190.317] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_BeginEnumeration") returned 0x704b7c20 [0190.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x57eee58, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_NextmZp", lpUsedDefaultChar=0x0) returned 17 [0190.319] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_Next") returned 0x704b7ce0 [0190.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x57eee4c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0190.336] GetProcAddress (hModule=0x704b0000, lpProcName="QualifierSet_EndEnumeration") returned 0x704b7c60 [0190.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x57eee50, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0190.338] GetProcAddress (hModule=0x704b0000, lpProcName="GetCurrentApartmentType") returned 0x704b78e0 [0190.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x57eee54, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub»mZp", lpUsedDefaultChar=0x0) returned 20 [0190.348] GetProcAddress (hModule=0x704b0000, lpProcName="GetDemultiplexedStub") returned 0x704b75f0 [0190.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x57eee54, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmimZp", lpUsedDefaultChar=0x0) returned 21 [0190.359] GetProcAddress (hModule=0x704b0000, lpProcName="CreateInstanceEnumWmi") returned 0x704b7230 [0190.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x57eee58, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmiZp", lpUsedDefaultChar=0x0) returned 18 [0190.398] GetProcAddress (hModule=0x704b0000, lpProcName="CreateClassEnumWmi") returned 0x704b7160 [0190.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x57eee5c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi»mZp", lpUsedDefaultChar=0x0) returned 12 [0190.400] GetProcAddress (hModule=0x704b0000, lpProcName="ExecQueryWmi") returned 0x704b74e0 [0190.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x57eee50, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi»mZp", lpUsedDefaultChar=0x0) returned 24 [0190.438] GetProcAddress (hModule=0x704b0000, lpProcName="ExecNotificationQueryWmi") returned 0x704b7400 [0190.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x57eee5c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmiZp", lpUsedDefaultChar=0x0) returned 14 [0190.440] GetProcAddress (hModule=0x704b0000, lpProcName="PutInstanceWmi") returned 0x704b7b10 [0190.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x57eee5c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0190.445] GetProcAddress (hModule=0x704b0000, lpProcName="PutClassWmi") returned 0x704b7a30 [0190.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x57eee50, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject»mZp", lpUsedDefaultChar=0x0) returned 24 [0190.447] GetProcAddress (hModule=0x704b0000, lpProcName="CloneEnumWbemClassObject") returned 0x704b6f50 [0190.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x57eee58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi»mZp", lpUsedDefaultChar=0x0) returned 16 [0190.474] GetProcAddress (hModule=0x704b0000, lpProcName="ConnectServerWmi") returned 0x704b7050 [0190.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetErrorInfo", cchWideChar=12, lpMultiByteStr=0x57eee5c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetErrorInfo»mZp", lpUsedDefaultChar=0x0) returned 12 [0190.484] GetProcAddress (hModule=0x704b0000, lpProcName="GetErrorInfo") returned 0x704b7650 [0190.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Initialize", cchWideChar=10, lpMultiByteStr=0x57eee60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InitializeZp", lpUsedDefaultChar=0x0) returned 10 [0190.489] GetProcAddress (hModule=0x704b0000, lpProcName="Initialize") returned 0x704b7920 [0190.495] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x57eee10 | out: phkResult=0x57eee10*=0x310) returned 0x0 [0190.495] RegQueryValueExW (in: hKey=0x310, lpValueName="WMIDisableCOMSecurity", lpReserved=0x0, lpType=0x57eee2c, lpData=0x0, lpcbData=0x57eee28*=0x0 | out: lpType=0x57eee2c*=0x0, lpData=0x0, lpcbData=0x57eee28*=0x0) returned 0x2 [0190.496] RegCloseKey (hKey=0x310) returned 0x0 [0190.496] CoCreateInstance (in: rclsid=0x704b3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x704b3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x57ef588 | out: ppv=0x57ef588*=0x7247d0) returned 0x0 [0190.497] WbemLocator:IWbemLocator:ConnectServer (in: This=0x7247d0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x57ef628 | out: ppNamespace=0x57ef628*=0x71ce98) returned 0x0 [0190.514] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ef4ac | out: ppvObject=0x57ef4ac*=0x732364) returned 0x0 [0190.514] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x732364, pProxy=0x71ce98, pAuthnSvc=0x57ef4fc, pAuthzSvc=0x57ef4f8, pServerPrincName=0x57ef4f0, pAuthnLevel=0x57ef4f4, pImpLevel=0x57ef4e4, pAuthInfo=0x57ef4e8, pCapabilites=0x57ef4ec | out: pAuthnSvc=0x57ef4fc*=0xa, pAuthzSvc=0x57ef4f8*=0x0, pServerPrincName=0x57ef4f0, pAuthnLevel=0x57ef4f4*=0x6, pImpLevel=0x57ef4e4*=0x2, pAuthInfo=0x57ef4e8, pCapabilites=0x57ef4ec*=0x1) returned 0x0 [0190.514] WbemLocator:IUnknown:Release (This=0x732364) returned 0x1 [0190.514] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ef4a0 | out: ppvObject=0x57ef4a0*=0x732384) returned 0x0 [0190.514] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57ef48c | out: ppvObject=0x57ef48c*=0x732364) returned 0x0 [0190.514] WbemLocator:IClientSecurity:SetBlanket (This=0x732364, pProxy=0x71ce98, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0190.514] WbemLocator:IUnknown:Release (This=0x732364) returned 0x2 [0190.515] WbemLocator:IUnknown:Release (This=0x732384) returned 0x1 [0190.515] CoTaskMemFree (pv=0x724e60) [0190.515] WbemLocator:IUnknown:AddRef (This=0x71ce98) returned 0x2 [0190.515] WbemLocator:IUnknown:Release (This=0x7247d0) returned 0x0 [0190.515] CoGetContextToken (in: pToken=0x57ee9e0 | out: pToken=0x57ee9e0) returned 0x0 [0190.516] CoGetContextToken (in: pToken=0x57eedf4 | out: pToken=0x57eedf4) returned 0x0 [0190.516] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57eed8c | out: ppvObject=0x57eed8c*=0x73236c) returned 0x0 [0190.516] WbemLocator:IRpcOptions:Query (in: This=0x73236c, pPrx=0x735f08, dwProperty=2, pdwValue=0x57eee80 | out: pdwValue=0x57eee80) returned 0x80004002 [0190.516] WbemLocator:IUnknown:Release (This=0x73236c) returned 0x2 [0190.516] CoGetContextToken (in: pToken=0x57ef3c4 | out: pToken=0x57ef3c4) returned 0x0 [0190.516] CoGetContextToken (in: pToken=0x57ef324 | out: pToken=0x57ef324) returned 0x0 [0190.516] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x57ef3f4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x57ef2c0 | out: ppvObject=0x57ef2c0*=0x71ce98) returned 0x0 [0190.517] WbemLocator:IUnknown:Release (This=0x71ce98) returned 0x2 [0190.523] SysStringLen (param_1=0x0) returned 0x0 [0190.525] CoUninitialize () Thread: id = 156 os_tid = 0xb54 [0190.544] CoGetContextToken (in: pToken=0x57af028 | out: pToken=0x57af028) returned 0x0 [0190.544] CoGetContextToken (in: pToken=0x57af014 | out: pToken=0x57af014) returned 0x0 [0190.544] CoGetMarshalSizeMax (in: pulSize=0x57aefd0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x735f08, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x57aefd0) returned 0x0 [0190.545] CoMarshalInterface (pStm=0x6fbaa8, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x735f08, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 Thread: id = 157 os_tid = 0xb50 [0190.552] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x704a38*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f140 | out: ppvObject=0x595f140*=0x71ce98) returned 0x0 [0190.552] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f0dc | out: ppvObject=0x595f0dc*=0x71ce98) returned 0x0 [0190.552] WbemLocator:IUnknown:QueryInterface (in: This=0x71ce98, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f094 | out: ppvObject=0x595f094*=0x71ce98) returned 0x0 [0190.554] IWbemServices:GetObject (in: This=0x71ce98, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x595f260*=0x0, ppCallResult=0x0 | out: ppObject=0x595f260*=0x747370, ppCallResult=0x0) returned 0x0 [0201.486] CoGetContextToken (in: pToken=0x595f260 | out: pToken=0x595f260) returned 0x0 [0201.486] CoGetContextToken (in: pToken=0x595f24c | out: pToken=0x595f24c) returned 0x0 [0201.486] CoGetMarshalSizeMax (in: pulSize=0x595f208, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x74b488, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x595f208) returned 0x0 [0201.486] CoMarshalInterface (pStm=0x6fba88, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x74b488, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0201.488] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x704c18*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f140 | out: ppvObject=0x595f140*=0x71d208) returned 0x0 [0201.489] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f0dc | out: ppvObject=0x595f0dc*=0x71d208) returned 0x0 [0201.489] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f094 | out: ppvObject=0x595f094*=0x71d208) returned 0x0 [0201.490] IWbemServices:GetObject (in: This=0x71d208, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x595f260*=0x0, ppCallResult=0x0 | out: ppObject=0x595f260*=0x74bc70, ppCallResult=0x0) returned 0x0 [0207.040] CoGetContextToken (in: pToken=0x595f260 | out: pToken=0x595f260) returned 0x0 [0207.040] CoGetContextToken (in: pToken=0x595f24c | out: pToken=0x595f24c) returned 0x0 [0207.040] CoGetMarshalSizeMax (in: pulSize=0x595f208, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x524a8e0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x595f208) returned 0x0 [0207.040] CoMarshalInterface (pStm=0x5231db0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x524a8e0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0207.042] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x704df8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f140 | out: ppvObject=0x595f140*=0x5242718) returned 0x0 [0207.042] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f0dc | out: ppvObject=0x595f0dc*=0x5242718) returned 0x0 [0207.042] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f094 | out: ppvObject=0x595f094*=0x5242718) returned 0x0 [0207.149] CoGetContextToken (in: pToken=0x595f260 | out: pToken=0x595f260) returned 0x0 [0207.149] CoGetContextToken (in: pToken=0x595f24c | out: pToken=0x595f24c) returned 0x0 [0207.149] CoGetMarshalSizeMax (in: pulSize=0x595f208, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x524ace8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x595f208) returned 0x0 [0207.149] CoMarshalInterface (pStm=0x5231e30, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x524ace8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0207.150] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x7051b8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f140 | out: ppvObject=0x595f140*=0x5242808) returned 0x0 [0207.150] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f0dc | out: ppvObject=0x595f0dc*=0x5242808) returned 0x0 [0207.150] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x706962ec*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x595f094 | out: ppvObject=0x595f094*=0x5242808) returned 0x0 Thread: id = 158 os_tid = 0xaf4 [0201.437] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0201.439] CoGetClassObject (in: rclsid=0x724dac*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5b3f410 | out: ppv=0x5b3f410*=0x747ad0) returned 0x0 [0201.439] WbemLocator:IUnknown:QueryInterface (in: This=0x747ad0, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5b3f628 | out: ppvObject=0x5b3f628*=0x0) returned 0x80004002 [0201.439] WbemLocator:IClassFactory:CreateInstance (in: This=0x747ad0, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3f634 | out: ppvObject=0x5b3f634*=0x6fd3d0) returned 0x0 [0201.439] WbemLocator:IUnknown:Release (This=0x747ad0) returned 0x0 [0201.439] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3f254 | out: ppvObject=0x5b3f254*=0x6fd3d0) returned 0x0 [0201.440] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5b3f208 | out: ppvObject=0x5b3f208*=0x0) returned 0x80004002 [0201.440] WbemLocator:IUnknown:AddRef (This=0x6fd3d0) returned 0x3 [0201.440] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5b3eb64 | out: ppvObject=0x5b3eb64*=0x0) returned 0x80004002 [0201.440] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5b3eb14 | out: ppvObject=0x5b3eb14*=0x0) returned 0x80004002 [0201.440] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3eb20 | out: ppvObject=0x5b3eb20*=0x0) returned 0x80004002 [0201.440] CoGetContextToken (in: pToken=0x5b3eb80 | out: pToken=0x5b3eb80) returned 0x0 [0201.441] CoGetContextToken (in: pToken=0x5b3ef94 | out: pToken=0x5b3ef94) returned 0x0 [0201.441] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3f014 | out: ppvObject=0x5b3f014*=0x0) returned 0x80004002 [0201.443] WbemLocator:IUnknown:Release (This=0x6fd3d0) returned 0x2 [0201.443] WbemLocator:IUnknown:Release (This=0x6fd3d0) returned 0x1 [0201.443] CoGetContextToken (in: pToken=0x5b3f60c | out: pToken=0x5b3f60c) returned 0x0 [0201.443] CoGetContextToken (in: pToken=0x5b3f56c | out: pToken=0x5b3f56c) returned 0x0 [0201.443] WbemLocator:IUnknown:QueryInterface (in: This=0x6fd3d0, riid=0x5b3f63c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5b3f638 | out: ppvObject=0x5b3f638*=0x6fd3d0) returned 0x0 [0201.443] WbemLocator:IUnknown:AddRef (This=0x6fd3d0) returned 0x3 [0201.443] WbemLocator:IUnknown:Release (This=0x6fd3d0) returned 0x2 [0201.443] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x7312a0, puCount=0x5b3f7cc | out: puCount=0x5b3f7cc*=0x2) returned 0x0 [0201.443] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=8, puBuffLength=0x5b3f7c8*=0x0, pszText=0x0 | out: puBuffLength=0x5b3f7c8*=0xf, pszText=0x0) returned 0x0 [0201.443] WbemDefPath:IWbemPath:GetText (in: This=0x7312a0, lFlags=8, puBuffLength=0x5b3f7c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x5b3f7c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0201.443] CoCreateInstance (in: rclsid=0x704b3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x704b3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5b3f678 | out: ppv=0x5b3f678*=0x74fb50) returned 0x0 [0201.444] WbemLocator:IWbemLocator:ConnectServer (in: This=0x74fb50, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5b3f718 | out: ppNamespace=0x5b3f718*=0x71d208) returned 0x0 [0201.473] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3f59c | out: ppvObject=0x5b3f59c*=0x732814) returned 0x0 [0201.473] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x732814, pProxy=0x71d208, pAuthnSvc=0x5b3f5ec, pAuthzSvc=0x5b3f5e8, pServerPrincName=0x5b3f5e0, pAuthnLevel=0x5b3f5e4, pImpLevel=0x5b3f5d4, pAuthInfo=0x5b3f5d8, pCapabilites=0x5b3f5dc | out: pAuthnSvc=0x5b3f5ec*=0xa, pAuthzSvc=0x5b3f5e8*=0x0, pServerPrincName=0x5b3f5e0, pAuthnLevel=0x5b3f5e4*=0x6, pImpLevel=0x5b3f5d4*=0x2, pAuthInfo=0x5b3f5d8, pCapabilites=0x5b3f5dc*=0x1) returned 0x0 [0201.473] WbemLocator:IUnknown:Release (This=0x732814) returned 0x1 [0201.473] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3f590 | out: ppvObject=0x5b3f590*=0x732834) returned 0x0 [0201.473] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3f57c | out: ppvObject=0x5b3f57c*=0x732814) returned 0x0 [0201.473] WbemLocator:IClientSecurity:SetBlanket (This=0x732814, pProxy=0x71d208, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0201.474] WbemLocator:IUnknown:Release (This=0x732814) returned 0x2 [0201.474] WbemLocator:IUnknown:Release (This=0x732834) returned 0x1 [0201.474] CoTaskMemFree (pv=0x7250a0) [0201.474] WbemLocator:IUnknown:AddRef (This=0x71d208) returned 0x2 [0201.474] WbemLocator:IUnknown:Release (This=0x74fb50) returned 0x0 [0201.474] CoGetContextToken (in: pToken=0x5b3ead0 | out: pToken=0x5b3ead0) returned 0x0 [0201.474] CoGetContextToken (in: pToken=0x5b3eee4 | out: pToken=0x5b3eee4) returned 0x0 [0201.475] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5b3ee7c | out: ppvObject=0x5b3ee7c*=0x73281c) returned 0x0 [0201.475] WbemLocator:IRpcOptions:Query (in: This=0x73281c, pPrx=0x74b488, dwProperty=2, pdwValue=0x5b3ef70 | out: pdwValue=0x5b3ef70) returned 0x80004002 [0201.475] WbemLocator:IUnknown:Release (This=0x73281c) returned 0x2 [0201.475] CoGetContextToken (in: pToken=0x5b3f4b4 | out: pToken=0x5b3f4b4) returned 0x0 [0201.475] CoGetContextToken (in: pToken=0x5b3f414 | out: pToken=0x5b3f414) returned 0x0 [0201.475] WbemLocator:IUnknown:QueryInterface (in: This=0x71d208, riid=0x5b3f4e4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5b3f3b0 | out: ppvObject=0x5b3f3b0*=0x71d208) returned 0x0 [0201.475] WbemLocator:IUnknown:Release (This=0x71d208) returned 0x2 [0201.475] SysStringLen (param_1=0x0) returned 0x0 [0201.476] CoUninitialize () Thread: id = 159 os_tid = 0xadc [0202.357] CoGetContextToken (in: pToken=0x43ff6ec | out: pToken=0x43ff6ec) returned 0x0 [0202.370] IUnknown:QueryInterface (in: This=0x6ad938, riid=0x7181b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x43ff710 | out: ppvObject=0x43ff710*=0x6ad944) returned 0x0 [0202.370] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ad944, pThreadType=0x43ff73c | out: pThreadType=0x43ff73c*=0) returned 0x0 [0202.370] IUnknown:Release (This=0x6ad944) returned 0x1 [0202.370] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 Thread: id = 160 os_tid = 0xae0 [0202.536] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0202.537] CoGetContextToken (in: pToken=0x5a9f864 | out: pToken=0x5a9f864) returned 0x0 [0202.537] IUnknown:QueryInterface (in: This=0x6ad938, riid=0x7181b24c*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a9f888 | out: ppvObject=0x5a9f888*=0x6ad944) returned 0x0 [0202.537] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ad944, pThreadType=0x5a9f8b4 | out: pThreadType=0x5a9f8b4*=0) returned 0x0 [0202.538] IUnknown:Release (This=0x6ad944) returned 0x1 [0202.538] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0202.538] CoUninitialize () [0224.411] CoUninitialize () Thread: id = 161 os_tid = 0xb1c Thread: id = 162 os_tid = 0x8cc [0207.006] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0207.008] CoGetClassObject (in: rclsid=0x724dac*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x569f140 | out: ppv=0x569f140*=0x524a838) returned 0x0 [0207.009] WbemLocator:IUnknown:QueryInterface (in: This=0x524a838, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x569f358 | out: ppvObject=0x569f358*=0x0) returned 0x80004002 [0207.009] WbemLocator:IClassFactory:CreateInstance (in: This=0x524a838, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569f364 | out: ppvObject=0x569f364*=0x522c6a0) returned 0x0 [0207.009] WbemLocator:IUnknown:Release (This=0x524a838) returned 0x0 [0207.009] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569ef84 | out: ppvObject=0x569ef84*=0x522c6a0) returned 0x0 [0207.009] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x569ef38 | out: ppvObject=0x569ef38*=0x0) returned 0x80004002 [0207.009] WbemLocator:IUnknown:AddRef (This=0x522c6a0) returned 0x3 [0207.009] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x569e894 | out: ppvObject=0x569e894*=0x0) returned 0x80004002 [0207.009] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x569e844 | out: ppvObject=0x569e844*=0x0) returned 0x80004002 [0207.010] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569e850 | out: ppvObject=0x569e850*=0x0) returned 0x80004002 [0207.010] CoGetContextToken (in: pToken=0x569e8b0 | out: pToken=0x569e8b0) returned 0x0 [0207.011] CoGetContextToken (in: pToken=0x569ecc4 | out: pToken=0x569ecc4) returned 0x0 [0207.011] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569ed44 | out: ppvObject=0x569ed44*=0x0) returned 0x80004002 [0207.011] WbemLocator:IUnknown:Release (This=0x522c6a0) returned 0x2 [0207.011] WbemLocator:IUnknown:Release (This=0x522c6a0) returned 0x1 [0207.011] CoGetContextToken (in: pToken=0x569f33c | out: pToken=0x569f33c) returned 0x0 [0207.011] CoGetContextToken (in: pToken=0x569f29c | out: pToken=0x569f29c) returned 0x0 [0207.011] WbemLocator:IUnknown:QueryInterface (in: This=0x522c6a0, riid=0x569f36c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x569f368 | out: ppvObject=0x569f368*=0x522c6a0) returned 0x0 [0207.011] WbemLocator:IUnknown:AddRef (This=0x522c6a0) returned 0x3 [0207.011] WbemLocator:IUnknown:Release (This=0x522c6a0) returned 0x2 [0207.011] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x569f4fc | out: puCount=0x569f4fc*=0x2) returned 0x0 [0207.011] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=8, puBuffLength=0x569f4f8*=0x0, pszText=0x0 | out: puBuffLength=0x569f4f8*=0xf, pszText=0x0) returned 0x0 [0207.011] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=8, puBuffLength=0x569f4f8*=0xf, pszText="00000000000000" | out: puBuffLength=0x569f4f8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.012] CoCreateInstance (in: rclsid=0x704b3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x704b3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x569f3a8 | out: ppv=0x569f3a8*=0x522c720) returned 0x0 [0207.012] WbemLocator:IWbemLocator:ConnectServer (in: This=0x522c720, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x569f448 | out: ppNamespace=0x569f448*=0x5242718) returned 0x0 [0207.033] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569f2cc | out: ppvObject=0x569f2cc*=0x732bd4) returned 0x0 [0207.033] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x732bd4, pProxy=0x5242718, pAuthnSvc=0x569f31c, pAuthzSvc=0x569f318, pServerPrincName=0x569f310, pAuthnLevel=0x569f314, pImpLevel=0x569f304, pAuthInfo=0x569f308, pCapabilites=0x569f30c | out: pAuthnSvc=0x569f31c*=0xa, pAuthzSvc=0x569f318*=0x0, pServerPrincName=0x569f310, pAuthnLevel=0x569f314*=0x6, pImpLevel=0x569f304*=0x2, pAuthInfo=0x569f308, pCapabilites=0x569f30c*=0x1) returned 0x0 [0207.033] WbemLocator:IUnknown:Release (This=0x732bd4) returned 0x1 [0207.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569f2c0 | out: ppvObject=0x569f2c0*=0x732bf4) returned 0x0 [0207.034] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569f2ac | out: ppvObject=0x569f2ac*=0x732bd4) returned 0x0 [0207.034] WbemLocator:IClientSecurity:SetBlanket (This=0x732bd4, pProxy=0x5242718, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.034] WbemLocator:IUnknown:Release (This=0x732bd4) returned 0x2 [0207.034] WbemLocator:IUnknown:Release (This=0x732bf4) returned 0x1 [0207.034] CoTaskMemFree (pv=0x52442a8) [0207.034] WbemLocator:IUnknown:AddRef (This=0x5242718) returned 0x2 [0207.034] WbemLocator:IUnknown:Release (This=0x522c720) returned 0x0 [0207.035] CoGetContextToken (in: pToken=0x569e800 | out: pToken=0x569e800) returned 0x0 [0207.036] CoGetContextToken (in: pToken=0x569ec14 | out: pToken=0x569ec14) returned 0x0 [0207.036] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x569ebac | out: ppvObject=0x569ebac*=0x732bdc) returned 0x0 [0207.036] WbemLocator:IRpcOptions:Query (in: This=0x732bdc, pPrx=0x524a8e0, dwProperty=2, pdwValue=0x569eca0 | out: pdwValue=0x569eca0) returned 0x80004002 [0207.036] WbemLocator:IUnknown:Release (This=0x732bdc) returned 0x2 [0207.036] CoGetContextToken (in: pToken=0x569f1e4 | out: pToken=0x569f1e4) returned 0x0 [0207.036] CoGetContextToken (in: pToken=0x569f144 | out: pToken=0x569f144) returned 0x0 [0207.036] WbemLocator:IUnknown:QueryInterface (in: This=0x5242718, riid=0x569f214*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x569f0e0 | out: ppvObject=0x569f0e0*=0x5242718) returned 0x0 [0207.036] WbemLocator:IUnknown:Release (This=0x5242718) returned 0x2 [0207.036] SysStringLen (param_1=0x0) returned 0x0 [0207.037] CoUninitialize () Thread: id = 163 os_tid = 0x8c0 [0207.132] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0207.133] CoGetClassObject (in: rclsid=0x724dac*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x718e6bd4*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5bbf300 | out: ppv=0x5bbf300*=0x524ac40) returned 0x0 [0207.134] WbemLocator:IUnknown:QueryInterface (in: This=0x524ac40, riid=0x718add3c*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x5bbf518 | out: ppvObject=0x5bbf518*=0x0) returned 0x80004002 [0207.134] WbemLocator:IClassFactory:CreateInstance (in: This=0x524ac40, pUnkOuter=0x0, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbf524 | out: ppvObject=0x5bbf524*=0x5252720) returned 0x0 [0207.134] WbemLocator:IUnknown:Release (This=0x524ac40) returned 0x0 [0207.134] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x71792a54*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbf144 | out: ppvObject=0x5bbf144*=0x5252720) returned 0x0 [0207.134] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x71881b6c*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x5bbf0f8 | out: ppvObject=0x5bbf0f8*=0x0) returned 0x80004002 [0207.135] WbemLocator:IUnknown:AddRef (This=0x5252720) returned 0x3 [0207.135] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x7188182c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x5bbea54 | out: ppvObject=0x5bbea54*=0x0) returned 0x80004002 [0207.135] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x71881764*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x5bbea04 | out: ppvObject=0x5bbea04*=0x0) returned 0x80004002 [0207.135] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x717b1388*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbea10 | out: ppvObject=0x5bbea10*=0x0) returned 0x80004002 [0207.135] CoGetContextToken (in: pToken=0x5bbea70 | out: pToken=0x5bbea70) returned 0x0 [0207.136] CoGetContextToken (in: pToken=0x5bbee84 | out: pToken=0x5bbee84) returned 0x0 [0207.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbef04 | out: ppvObject=0x5bbef04*=0x0) returned 0x80004002 [0207.136] WbemLocator:IUnknown:Release (This=0x5252720) returned 0x2 [0207.136] WbemLocator:IUnknown:Release (This=0x5252720) returned 0x1 [0207.136] CoGetContextToken (in: pToken=0x5bbf4fc | out: pToken=0x5bbf4fc) returned 0x0 [0207.136] CoGetContextToken (in: pToken=0x5bbf45c | out: pToken=0x5bbf45c) returned 0x0 [0207.136] WbemLocator:IUnknown:QueryInterface (in: This=0x5252720, riid=0x5bbf52c*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x5bbf528 | out: ppvObject=0x5bbf528*=0x5252720) returned 0x0 [0207.136] WbemLocator:IUnknown:AddRef (This=0x5252720) returned 0x3 [0207.136] WbemLocator:IUnknown:Release (This=0x5252720) returned 0x2 [0207.136] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x731000, puCount=0x5bbf6bc | out: puCount=0x5bbf6bc*=0x2) returned 0x0 [0207.136] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=8, puBuffLength=0x5bbf6b8*=0x0, pszText=0x0 | out: puBuffLength=0x5bbf6b8*=0xf, pszText=0x0) returned 0x0 [0207.136] WbemDefPath:IWbemPath:GetText (in: This=0x731000, lFlags=8, puBuffLength=0x5bbf6b8*=0xf, pszText="00000000000000" | out: puBuffLength=0x5bbf6b8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0207.136] CoCreateInstance (in: rclsid=0x704b3734*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x704b3794*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x5bbf568 | out: ppv=0x5bbf568*=0x5252740) returned 0x0 [0207.137] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5252740, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x5bbf608 | out: ppNamespace=0x5bbf608*=0x5242808) returned 0x0 [0207.143] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbf48c | out: ppvObject=0x5bbf48c*=0x733354) returned 0x0 [0207.143] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x733354, pProxy=0x5242808, pAuthnSvc=0x5bbf4dc, pAuthzSvc=0x5bbf4d8, pServerPrincName=0x5bbf4d0, pAuthnLevel=0x5bbf4d4, pImpLevel=0x5bbf4c4, pAuthInfo=0x5bbf4c8, pCapabilites=0x5bbf4cc | out: pAuthnSvc=0x5bbf4dc*=0xa, pAuthzSvc=0x5bbf4d8*=0x0, pServerPrincName=0x5bbf4d0, pAuthnLevel=0x5bbf4d4*=0x6, pImpLevel=0x5bbf4c4*=0x2, pAuthInfo=0x5bbf4c8, pCapabilites=0x5bbf4cc*=0x1) returned 0x0 [0207.143] WbemLocator:IUnknown:Release (This=0x733354) returned 0x1 [0207.143] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x704b35a4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbf480 | out: ppvObject=0x5bbf480*=0x733374) returned 0x0 [0207.143] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x704b35b4*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbf46c | out: ppvObject=0x5bbf46c*=0x733354) returned 0x0 [0207.143] WbemLocator:IClientSecurity:SetBlanket (This=0x733354, pProxy=0x5242808, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0207.143] WbemLocator:IUnknown:Release (This=0x733354) returned 0x2 [0207.144] WbemLocator:IUnknown:Release (This=0x733374) returned 0x1 [0207.144] CoTaskMemFree (pv=0x52444e8) [0207.144] WbemLocator:IUnknown:AddRef (This=0x5242808) returned 0x2 [0207.144] WbemLocator:IUnknown:Release (This=0x5252740) returned 0x0 [0207.144] CoGetContextToken (in: pToken=0x5bbe9c0 | out: pToken=0x5bbe9c0) returned 0x0 [0207.144] CoGetContextToken (in: pToken=0x5bbedd4 | out: pToken=0x5bbedd4) returned 0x0 [0207.144] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x71881aa8*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5bbed6c | out: ppvObject=0x5bbed6c*=0x73335c) returned 0x0 [0207.144] WbemLocator:IRpcOptions:Query (in: This=0x73335c, pPrx=0x524ace8, dwProperty=2, pdwValue=0x5bbee60 | out: pdwValue=0x5bbee60) returned 0x80004002 [0207.145] WbemLocator:IUnknown:Release (This=0x73335c) returned 0x2 [0207.145] CoGetContextToken (in: pToken=0x5bbf3a4 | out: pToken=0x5bbf3a4) returned 0x0 [0207.145] CoGetContextToken (in: pToken=0x5bbf304 | out: pToken=0x5bbf304) returned 0x0 [0207.145] WbemLocator:IUnknown:QueryInterface (in: This=0x5242808, riid=0x5bbf3d4*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x5bbf2a0 | out: ppvObject=0x5bbf2a0*=0x5242808) returned 0x0 [0207.145] WbemLocator:IUnknown:Release (This=0x5242808) returned 0x2 [0207.145] SysStringLen (param_1=0x0) returned 0x0 [0207.145] CoUninitialize () Thread: id = 164 os_tid = 0x8c4 [0211.184] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0211.186] ResetEvent (hEvent=0x1e4) returned 1 Thread: id = 165 os_tid = 0x8b8 Thread: id = 166 os_tid = 0x8b4 Thread: id = 167 os_tid = 0x6b0 [0218.997] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0219.071] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0219.071] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Local") returned 0x0 [0219.072] CoTaskMemFree (pv=0x75ad70) [0219.072] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x648d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local", lpFilePart=0x0) returned 0x20 [0219.072] CoTaskMemAlloc (cb=0x20c) returned 0x75ad70 [0219.072] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x75ad70 | out: pszPath="C:\\Users\\kEecfMwgj\\AppData\\Roaming") returned 0x0 [0219.072] CoTaskMemFree (pv=0x75ad70) [0219.072] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x648d3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming", lpFilePart=0x0) returned 0x22 [0219.250] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x3e [0219.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.251] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x38 [0219.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.251] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x38 [0219.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.252] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0219.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.252] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0219.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.252] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x33 [0219.252] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.252] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x30 [0219.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.253] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x46 [0219.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.253] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x32 [0219.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.253] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x41 [0219.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.254] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x36 [0219.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.254] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x3f [0219.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.254] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x30 [0219.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.255] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x36 [0219.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.255] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x39 [0219.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.255] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x31 [0219.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.255] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3b [0219.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.256] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x31 [0219.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.256] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.256] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.256] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x56 [0219.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.257] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.257] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x3f [0219.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.257] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.257] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x38 [0219.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.257] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.258] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x31 [0219.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.258] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.258] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x33 [0219.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.258] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.258] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3c [0219.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.258] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.259] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2b [0219.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\UCBrowser\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucbrowser"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.259] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x32 [0219.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.259] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3a [0219.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.260] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x39 [0219.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.260] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x648eb60, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x32 [0219.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ed9c) returned 1 [0219.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\keecfmwgj\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x648f060 | out: lpFileInformation=0x648f060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ed98) returned 1 [0219.325] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.325] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.326] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.326] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.328] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.329] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x648efa8, nSize=0x80 | out: lpBuffer="") returned 0x22 [0219.330] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\", lpFilePart=0x0) returned 0x33 [0219.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\Firefox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\firefox"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.330] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\", lpFilePart=0x0) returned 0x32 [0219.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\icecat\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\icecat"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.330] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", lpFilePart=0x0) returned 0x43 [0219.330] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\moonchild productions\\pale moon"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.331] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", lpFilePart=0x0) returned 0x35 [0219.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Mozilla\\SeaMonkey\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\mozilla\\seamonkey"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.331] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\", lpFilePart=0x0) returned 0x31 [0219.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Flock\\Browser\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\flock\\browser"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.331] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\", lpFilePart=0x0) returned 0x2c [0219.331] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.331] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\K-Meleon\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\k-meleon"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.331] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\", lpFilePart=0x0) returned 0x2b [0219.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Postbox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\postbox"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.332] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\", lpFilePart=0x0) returned 0x2f [0219.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Thunderbird\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\thunderbird"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.332] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\", lpFilePart=0x0) returned 0x34 [0219.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Comodo\\IceDragon\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\comodo\\icedragon"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.332] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.332] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\", lpFilePart=0x0) returned 0x2c [0219.332] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Waterfox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\waterfox"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.333] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", lpFilePart=0x0) returned 0x42 [0219.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\netgate technologies\\blackhawk"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.333] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", nBufferLength=0x105, lpBuffer=0x648ebdc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", lpFilePart=0x0) returned 0x39 [0219.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648ee18) returned 1 [0219.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\8pecxstudios\\cyberfox"), fInfoLevelId=0x0, lpFileInformation=0x648f0dc | out: lpFileInformation=0x648f0dc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0219.333] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee14) returned 1 [0219.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x648f0d0) returned 1 [0219.393] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\u0tp2gh3.vfb", nBufferLength=0x105, lpBuffer=0x648ebb0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\u0tp2gh3.vfb", lpFilePart=0x0) returned 0x2f [0219.393] FindFirstFileW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\u0tp2gh3.vfb\\*" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\u0tp2gh3.vfb\\*"), lpFindFileData=0x648ee80 | out: lpFindFileData=0x648ee80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0219.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x648ee40) returned 1 [0219.443] CoUninitialize () Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1c9e2000" os_pid = "0x2c4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c0a0" [0xc000000f], "LOCAL" [0x7] Region: id = 2294 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2295 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 2296 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2297 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2298 start_va = 0x50000 end_va = 0x50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 2299 start_va = 0x60000 end_va = 0x60fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 2300 start_va = 0x70000 end_va = 0xaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000070000" filename = "" Region: id = 2301 start_va = 0xb0000 end_va = 0x12ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000b0000" filename = "" Region: id = 2302 start_va = 0x130000 end_va = 0x196fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2303 start_va = 0x1a0000 end_va = 0x25ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2304 start_va = 0x260000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000260000" filename = "" Region: id = 2305 start_va = 0x280000 end_va = 0x28cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2306 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 2307 start_va = 0x2a0000 end_va = 0x2a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002a0000" filename = "" Region: id = 2308 start_va = 0x2b0000 end_va = 0x2b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002b0000" filename = "" Region: id = 2309 start_va = 0x2c0000 end_va = 0x2c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000002c0000" filename = "" Region: id = 2310 start_va = 0x2d0000 end_va = 0x2d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 2311 start_va = 0x300000 end_va = 0x300fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000300000" filename = "" Region: id = 2312 start_va = 0x310000 end_va = 0x40ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 2313 start_va = 0x410000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 2314 start_va = 0x510000 end_va = 0x697fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 2315 start_va = 0x6a0000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 2316 start_va = 0x830000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 2317 start_va = 0x850000 end_va = 0x86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 2318 start_va = 0x870000 end_va = 0x870fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000870000" filename = "" Region: id = 2319 start_va = 0x880000 end_va = 0x880fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 2320 start_va = 0x890000 end_va = 0x90ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000890000" filename = "" Region: id = 2321 start_va = 0x910000 end_va = 0x962fff monitored = 0 entry_point = 0x923310 region_type = mapped_file name = "services.exe" filename = "\\Windows\\System32\\services.exe" (normalized: "c:\\windows\\system32\\services.exe") Region: id = 2322 start_va = 0x990000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 2323 start_va = 0xa90000 end_va = 0xa90fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a90000" filename = "" Region: id = 2324 start_va = 0xaa0000 end_va = 0xaa0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000aa0000" filename = "" Region: id = 2325 start_va = 0xab0000 end_va = 0xab0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshtcpip.dll.mui" filename = "\\Windows\\System32\\en-US\\wshtcpip.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wshtcpip.dll.mui") Region: id = 2326 start_va = 0xac0000 end_va = 0xb3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ac0000" filename = "" Region: id = 2327 start_va = 0xb40000 end_va = 0xb41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 2328 start_va = 0xc00000 end_va = 0xc7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c00000" filename = "" Region: id = 2329 start_va = 0xcc0000 end_va = 0xf8efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2330 start_va = 0xf90000 end_va = 0xff1fff monitored = 0 entry_point = 0xfa08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2331 start_va = 0x1020000 end_va = 0x109ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001020000" filename = "" Region: id = 2332 start_va = 0x10a0000 end_va = 0x111ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010a0000" filename = "" Region: id = 2333 start_va = 0x1160000 end_va = 0x1167fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001160000" filename = "" Region: id = 2334 start_va = 0x1180000 end_va = 0x11fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001180000" filename = "" Region: id = 2335 start_va = 0x1200000 end_va = 0x127ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001200000" filename = "" Region: id = 2336 start_va = 0x1360000 end_va = 0x13dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001360000" filename = "" Region: id = 2337 start_va = 0x13f0000 end_va = 0x146ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013f0000" filename = "" Region: id = 2338 start_va = 0x1490000 end_va = 0x150ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001490000" filename = "" Region: id = 2339 start_va = 0x15b0000 end_va = 0x16affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 2340 start_va = 0x16f0000 end_va = 0x176ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000016f0000" filename = "" Region: id = 2341 start_va = 0x1830000 end_va = 0x1a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001830000" filename = "" Region: id = 2342 start_va = 0x1ac0000 end_va = 0x1b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ac0000" filename = "" Region: id = 2343 start_va = 0x1b40000 end_va = 0x1f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b40000" filename = "" Region: id = 2344 start_va = 0x1f70000 end_va = 0x1feffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f70000" filename = "" Region: id = 2345 start_va = 0x2020000 end_va = 0x202ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002020000" filename = "" Region: id = 2346 start_va = 0x2050000 end_va = 0x20cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 2347 start_va = 0x20d0000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020d0000" filename = "" Region: id = 2348 start_va = 0x2180000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 2349 start_va = 0x2230000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 2350 start_va = 0x2250000 end_va = 0x22cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 2351 start_va = 0x2330000 end_va = 0x23affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 2352 start_va = 0x23b0000 end_va = 0x27b2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000023b0000" filename = "" Region: id = 2353 start_va = 0x2810000 end_va = 0x288ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002810000" filename = "" Region: id = 2354 start_va = 0x28b0000 end_va = 0x292ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000028b0000" filename = "" Region: id = 2355 start_va = 0x29f0000 end_va = 0x2a6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029f0000" filename = "" Region: id = 2356 start_va = 0x2b90000 end_va = 0x2c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b90000" filename = "" Region: id = 2357 start_va = 0x2cc0000 end_va = 0x2d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002cc0000" filename = "" Region: id = 2358 start_va = 0x2d40000 end_va = 0x2e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d40000" filename = "" Region: id = 2359 start_va = 0x2e40000 end_va = 0x363ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e40000" filename = "" Region: id = 2360 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2361 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2362 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2363 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2364 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2365 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2366 start_va = 0xffa90000 end_va = 0xffa9afff monitored = 0 entry_point = 0xffa9246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 2367 start_va = 0xffaa0000 end_va = 0xffb01fff monitored = 0 entry_point = 0xffab08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 2368 start_va = 0x7fef1a80000 end_va = 0x7fef1b2dfff monitored = 0 entry_point = 0x7fef1a84104 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 2369 start_va = 0x7fef1b40000 end_va = 0x7fef1b5afff monitored = 0 entry_point = 0x7fef1b41198 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll") Region: id = 2370 start_va = 0x7fef24e0000 end_va = 0x7fef2604fff monitored = 0 entry_point = 0x7fef2531570 region_type = mapped_file name = "dbghelp.dll" filename = "\\Windows\\System32\\dbghelp.dll" (normalized: "c:\\windows\\system32\\dbghelp.dll") Region: id = 2371 start_va = 0x7fef6140000 end_va = 0x7fef615bfff monitored = 0 entry_point = 0x7fef6141060 region_type = mapped_file name = "wscsvc.dll" filename = "\\Windows\\System32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll") Region: id = 2372 start_va = 0x7fef8690000 end_va = 0x7fef869afff monitored = 0 entry_point = 0x7fef86912e0 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 2373 start_va = 0x7fef8720000 end_va = 0x7fef8734fff monitored = 0 entry_point = 0x7fef87212a0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 2374 start_va = 0x7fef8740000 end_va = 0x7fef8758fff monitored = 0 entry_point = 0x7fef874177c region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 2375 start_va = 0x7fef8b90000 end_va = 0x7fef8b97fff monitored = 0 entry_point = 0x7fef8b91414 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 2376 start_va = 0x7fef9000000 end_va = 0x7fef9012fff monitored = 0 entry_point = 0x7fef9001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2377 start_va = 0x7fef92e0000 end_va = 0x7fef92edfff monitored = 0 entry_point = 0x7fef92e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2378 start_va = 0x7fef92f0000 end_va = 0x7fef9316fff monitored = 0 entry_point = 0x7fef92f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2379 start_va = 0x7fef9320000 end_va = 0x7fef93f2fff monitored = 0 entry_point = 0x7fef9398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2380 start_va = 0x7fef9580000 end_va = 0x7fef95f6fff monitored = 0 entry_point = 0x7fef95be7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2381 start_va = 0x7fefa4b0000 end_va = 0x7fefa4c7fff monitored = 0 entry_point = 0x7fefa4b1bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2382 start_va = 0x7fefa4d0000 end_va = 0x7fefa4e0fff monitored = 0 entry_point = 0x7fefa4d16ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2383 start_va = 0x7fefa520000 end_va = 0x7fefa572fff monitored = 0 entry_point = 0x7fefa522b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2384 start_va = 0x7fefa5b0000 end_va = 0x7fefa5eafff monitored = 0 entry_point = 0x7fefa5b4520 region_type = mapped_file name = "dhcpcore6.dll" filename = "\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll") Region: id = 2385 start_va = 0x7fefa640000 end_va = 0x7fefa68efff monitored = 0 entry_point = 0x7fefa642760 region_type = mapped_file name = "audioses.dll" filename = "\\Windows\\System32\\AudioSes.dll" (normalized: "c:\\windows\\system32\\audioses.dll") Region: id = 2386 start_va = 0x7fefa690000 end_va = 0x7fefa6e0fff monitored = 0 entry_point = 0x7fefa69f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 2387 start_va = 0x7fefa700000 end_va = 0x7fefa707fff monitored = 0 entry_point = 0x7fefa70284c region_type = mapped_file name = "nrpsrv.dll" filename = "\\Windows\\System32\\nrpsrv.dll" (normalized: "c:\\windows\\system32\\nrpsrv.dll") Region: id = 2388 start_va = 0x7fefa710000 end_va = 0x7fefa719fff monitored = 0 entry_point = 0x7fefa711adc region_type = mapped_file name = "lmhsvc.dll" filename = "\\Windows\\System32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll") Region: id = 2389 start_va = 0x7fefa730000 end_va = 0x7fefa73afff monitored = 0 entry_point = 0x7fefa731198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 2390 start_va = 0x7fefa740000 end_va = 0x7fefa766fff monitored = 0 entry_point = 0x7fefa7498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2391 start_va = 0x7fefa8e0000 end_va = 0x7fefa8f4fff monitored = 0 entry_point = 0x7fefa8e60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 2392 start_va = 0x7fefac00000 end_va = 0x7fefac08fff monitored = 0 entry_point = 0x7fefac01010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 2393 start_va = 0x7fefac10000 end_va = 0x7fefac3bfff monitored = 0 entry_point = 0x7fefac115c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2394 start_va = 0x7fefac40000 end_va = 0x7fefacebfff monitored = 0 entry_point = 0x7fefac56acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 2395 start_va = 0x7fefacf0000 end_va = 0x7fefad1cfff monitored = 0 entry_point = 0x7fefacf1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2396 start_va = 0x7fefae90000 end_va = 0x7fefaea4fff monitored = 0 entry_point = 0x7fefae91050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2397 start_va = 0x7fefaeb0000 end_va = 0x7fefaebbfff monitored = 0 entry_point = 0x7fefaeb18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2398 start_va = 0x7fefb1b0000 end_va = 0x7fefb1fafff monitored = 0 entry_point = 0x7fefb1befcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 2399 start_va = 0x7fefb620000 end_va = 0x7fefb74bfff monitored = 0 entry_point = 0x7fefb6294bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 2400 start_va = 0x7fefbc90000 end_va = 0x7fefbe25fff monitored = 0 entry_point = 0x7fefbc978e4 region_type = mapped_file name = "wevtsvc.dll" filename = "\\Windows\\System32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll") Region: id = 2401 start_va = 0x7fefbe30000 end_va = 0x7fefbe3bfff monitored = 0 entry_point = 0x7fefbe31064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 2402 start_va = 0x7fefbe40000 end_va = 0x7fefbefafff monitored = 0 entry_point = 0x7fefbe46de0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 2403 start_va = 0x7fefbf00000 end_va = 0x7fefbf06fff monitored = 0 entry_point = 0x7fefbf014b0 region_type = mapped_file name = "wshtcpip.dll" filename = "\\Windows\\System32\\WSHTCPIP.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll") Region: id = 2404 start_va = 0x7fefbff0000 end_va = 0x7fefc00afff monitored = 0 entry_point = 0x7fefbff2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 2405 start_va = 0x7fefc010000 end_va = 0x7fefc02dfff monitored = 0 entry_point = 0x7fefc0113b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 2406 start_va = 0x7fefc160000 end_va = 0x7fefc169fff monitored = 0 entry_point = 0x7fefc163cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2407 start_va = 0x7fefc260000 end_va = 0x7fefc2a6fff monitored = 0 entry_point = 0x7fefc261064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2408 start_va = 0x7fefc380000 end_va = 0x7fefc3dafff monitored = 0 entry_point = 0x7fefc386940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2409 start_va = 0x7fefc4f0000 end_va = 0x7fefc4f6fff monitored = 0 entry_point = 0x7fefc4f142c region_type = mapped_file name = "wship6.dll" filename = "\\Windows\\System32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll") Region: id = 2410 start_va = 0x7fefc500000 end_va = 0x7fefc554fff monitored = 0 entry_point = 0x7fefc501054 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 2411 start_va = 0x7fefc560000 end_va = 0x7fefc577fff monitored = 0 entry_point = 0x7fefc563b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2412 start_va = 0x7fefc6d0000 end_va = 0x7fefc6f1fff monitored = 0 entry_point = 0x7fefc6d5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2413 start_va = 0x7fefc790000 end_va = 0x7fefc7fcfff monitored = 0 entry_point = 0x7fefc791010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2414 start_va = 0x7fefcb00000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcb01030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2415 start_va = 0x7fefcb30000 end_va = 0x7fefcb54fff monitored = 0 entry_point = 0x7fefcb39658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2416 start_va = 0x7fefcb60000 end_va = 0x7fefcb6efff monitored = 0 entry_point = 0x7fefcb61010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2417 start_va = 0x7fefcc10000 end_va = 0x7fefcc4cfff monitored = 0 entry_point = 0x7fefcc118f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2418 start_va = 0x7fefcc50000 end_va = 0x7fefcc63fff monitored = 0 entry_point = 0x7fefcc510e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2419 start_va = 0x7fefcc70000 end_va = 0x7fefcc7efff monitored = 0 entry_point = 0x7fefcc719b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 2420 start_va = 0x7fefcd10000 end_va = 0x7fefcd1efff monitored = 0 entry_point = 0x7fefcd11020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2421 start_va = 0x7fefcd20000 end_va = 0x7fefcd8bfff monitored = 0 entry_point = 0x7fefcd22780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2422 start_va = 0x7fefcd90000 end_va = 0x7fefcefcfff monitored = 0 entry_point = 0x7fefcd910b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2423 start_va = 0x7fefcf00000 end_va = 0x7fefcf35fff monitored = 0 entry_point = 0x7fefcf01474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2424 start_va = 0x7fefcf40000 end_va = 0x7fefcf59fff monitored = 0 entry_point = 0x7fefcf41558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2425 start_va = 0x7fefd000000 end_va = 0x7fefd03afff monitored = 0 entry_point = 0x7fefd001324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2426 start_va = 0x7fefd420000 end_va = 0x7fefd486fff monitored = 0 entry_point = 0x7fefd42b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2427 start_va = 0x7fefd490000 end_va = 0x7fefd4dcfff monitored = 0 entry_point = 0x7fefd491070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2428 start_va = 0x7fefd4e0000 end_va = 0x7fefd6e2fff monitored = 0 entry_point = 0x7fefd503330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2429 start_va = 0x7fefe480000 end_va = 0x7fefe656fff monitored = 0 entry_point = 0x7fefe481010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2430 start_va = 0x7fefe680000 end_va = 0x7fefe7acfff monitored = 0 entry_point = 0x7fefe6ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2431 start_va = 0x7fefe7b0000 end_va = 0x7fefe88afff monitored = 0 entry_point = 0x7fefe7d0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2432 start_va = 0x7fefe890000 end_va = 0x7fefe900fff monitored = 0 entry_point = 0x7fefe8a1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 2433 start_va = 0x7fefe910000 end_va = 0x7fefe9d8fff monitored = 0 entry_point = 0x7fefe98a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2434 start_va = 0x7fefea60000 end_va = 0x7fefeab1fff monitored = 0 entry_point = 0x7fefea610d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2435 start_va = 0x7fefeb60000 end_va = 0x7fefeb6dfff monitored = 0 entry_point = 0x7fefeb61080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2436 start_va = 0x7fefeb70000 end_va = 0x7fefec46fff monitored = 0 entry_point = 0x7fefeb73274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2437 start_va = 0x7fefec50000 end_va = 0x7fefec6efff monitored = 0 entry_point = 0x7fefec560e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2438 start_va = 0x7fefec70000 end_va = 0x7fefed0efff monitored = 0 entry_point = 0x7fefec725a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2439 start_va = 0x7fefed10000 end_va = 0x7fefee18fff monitored = 0 entry_point = 0x7fefed11064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2440 start_va = 0x7fefef50000 end_va = 0x7fefefe8fff monitored = 0 entry_point = 0x7fefef51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2441 start_va = 0x7fefeff0000 end_va = 0x7fefeff7fff monitored = 0 entry_point = 0x7fefeff1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2442 start_va = 0x7feff000000 end_va = 0x7feff02dfff monitored = 0 entry_point = 0x7feff001010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2443 start_va = 0x7feff040000 end_va = 0x7feff040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2444 start_va = 0x7fffff8c000 end_va = 0x7fffff8dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8c000" filename = "" Region: id = 2445 start_va = 0x7fffff8e000 end_va = 0x7fffff8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff8e000" filename = "" Region: id = 2446 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 2447 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 2448 start_va = 0x7fffff96000 end_va = 0x7fffff97fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff96000" filename = "" Region: id = 2449 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 2450 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 2451 start_va = 0x7fffff9e000 end_va = 0x7fffff9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9e000" filename = "" Region: id = 2452 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 2453 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Region: id = 2454 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 2455 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 2456 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 2457 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 2458 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2459 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2460 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2461 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2462 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 2463 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 2464 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 2465 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 2466 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Region: id = 4420 start_va = 0x1280000 end_va = 0x12fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001280000" filename = "" Region: id = 4421 start_va = 0x29a0000 end_va = 0x2a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000029a0000" filename = "" Region: id = 4422 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4598 start_va = 0xb50000 end_va = 0xbb1fff monitored = 0 entry_point = 0xb608d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4599 start_va = 0xff650000 end_va = 0xff6a6fff monitored = 0 entry_point = 0xff663450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4600 start_va = 0x7fefa860000 end_va = 0x7fefa896fff monitored = 0 entry_point = 0x7fefa868424 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 4606 start_va = 0x7fefab30000 end_va = 0x7fefabdbfff monitored = 0 entry_point = 0x7fefab418d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4607 start_va = 0xffaa0000 end_va = 0xffb01fff monitored = 0 entry_point = 0xffab08d8 region_type = mapped_file name = "winlogon.exe" filename = "\\Windows\\System32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe") Region: id = 4608 start_va = 0x7fefaf90000 end_va = 0x7fefafe0fff monitored = 0 entry_point = 0x7fefaf9f6c0 region_type = mapped_file name = "dhcpcore.dll" filename = "\\Windows\\System32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll") Region: id = 4609 start_va = 0x7fefb780000 end_va = 0x7fefb79cfff monitored = 0 entry_point = 0x7fefb781a28 region_type = mapped_file name = "radardt.dll" filename = "\\Windows\\System32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll") Region: id = 4610 start_va = 0x7fefc070000 end_va = 0x7fefc0d6fff monitored = 0 entry_point = 0x7fefc07d320 region_type = mapped_file name = "umpnpmgr.dll" filename = "\\Windows\\System32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll") Region: id = 4613 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 4614 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Thread: id = 103 os_tid = 0xfb4 Thread: id = 104 os_tid = 0xc98 Thread: id = 105 os_tid = 0xc68 Thread: id = 106 os_tid = 0x834 Thread: id = 107 os_tid = 0xd0 Thread: id = 108 os_tid = 0x694 Thread: id = 109 os_tid = 0x460 Thread: id = 110 os_tid = 0x630 Thread: id = 111 os_tid = 0x7fc Thread: id = 112 os_tid = 0x518 Thread: id = 113 os_tid = 0x514 Thread: id = 114 os_tid = 0x510 Thread: id = 115 os_tid = 0x154 Thread: id = 116 os_tid = 0x3cc Thread: id = 117 os_tid = 0x3b4 Thread: id = 118 os_tid = 0x3b0 Thread: id = 119 os_tid = 0x3a0 Thread: id = 120 os_tid = 0x2f8 Thread: id = 121 os_tid = 0x2f4 Thread: id = 122 os_tid = 0x2d0 Thread: id = 123 os_tid = 0x2c8 Thread: id = 124 os_tid = 0xfe8 Thread: id = 168 os_tid = 0xd08 Thread: id = 169 os_tid = 0xd30 Thread: id = 192 os_tid = 0xde8 Thread: id = 197 os_tid = 0xa78 Process: id = "6" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x503e2000" os_pid = "0xc78" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00050f70" [0xc000000f] Region: id = 2626 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 2627 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 2628 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 2629 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 2630 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 2631 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 2632 start_va = 0xd0000 end_va = 0xd4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 2633 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 2634 start_va = 0xf0000 end_va = 0x16ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 2635 start_va = 0x170000 end_va = 0x170fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000170000" filename = "" Region: id = 2636 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000180000" filename = "" Region: id = 2637 start_va = 0x190000 end_va = 0x19cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 2638 start_va = 0x1b0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 2639 start_va = 0x340000 end_va = 0x342fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 2640 start_va = 0x360000 end_va = 0x36ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 2641 start_va = 0x370000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 2642 start_va = 0x470000 end_va = 0x5f7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 2643 start_va = 0x600000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 2644 start_va = 0x790000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 2645 start_va = 0x850000 end_va = 0xb1efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 2646 start_va = 0xb40000 end_va = 0xbbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b40000" filename = "" Region: id = 2647 start_va = 0xbe0000 end_va = 0xc5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000be0000" filename = "" Region: id = 2648 start_va = 0xc80000 end_va = 0xcfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c80000" filename = "" Region: id = 2649 start_va = 0xd00000 end_va = 0xd7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d00000" filename = "" Region: id = 2650 start_va = 0xe40000 end_va = 0xebffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e40000" filename = "" Region: id = 2651 start_va = 0xfb0000 end_va = 0x102ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fb0000" filename = "" Region: id = 2652 start_va = 0x1120000 end_va = 0x121ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001120000" filename = "" Region: id = 2653 start_va = 0x1270000 end_va = 0x12effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001270000" filename = "" Region: id = 2654 start_va = 0x71f20000 end_va = 0x71f22fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 2655 start_va = 0x71f30000 end_va = 0x71f32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 2656 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2657 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2658 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2659 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 2660 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 2661 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 2662 start_va = 0x13ff50000 end_va = 0x13ffbbfff monitored = 0 entry_point = 0x13ff8b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 2663 start_va = 0x7fef22e0000 end_va = 0x7fef24d9fff monitored = 1 entry_point = 0x7fef22f4c9c region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 2664 start_va = 0x7fef6110000 end_va = 0x7fef6119fff monitored = 0 entry_point = 0x7fef61131c8 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 2665 start_va = 0x7fef6120000 end_va = 0x7fef6131fff monitored = 0 entry_point = 0x7fef612aab8 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 2666 start_va = 0x7fef6a20000 end_va = 0x7fef6a4bfff monitored = 0 entry_point = 0x7fef6a38194 region_type = mapped_file name = "wmipcima.dll" filename = "\\Windows\\System32\\wbem\\wmipcima.dll" (normalized: "c:\\windows\\system32\\wbem\\wmipcima.dll") Region: id = 2667 start_va = 0x7fef6a50000 end_va = 0x7fef6a92fff monitored = 0 entry_point = 0x7fef6a71b50 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 2668 start_va = 0x7fef8d20000 end_va = 0x7fef8d31fff monitored = 0 entry_point = 0x7fef8d289d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 2669 start_va = 0x7fef8ee0000 end_va = 0x7fef8f00fff monitored = 0 entry_point = 0x7fef8ef03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 2670 start_va = 0x7fef9000000 end_va = 0x7fef9012fff monitored = 0 entry_point = 0x7fef9001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 2671 start_va = 0x7fef92e0000 end_va = 0x7fef92edfff monitored = 0 entry_point = 0x7fef92e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2672 start_va = 0x7fef92f0000 end_va = 0x7fef9316fff monitored = 0 entry_point = 0x7fef92f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 2673 start_va = 0x7fef9320000 end_va = 0x7fef93f2fff monitored = 0 entry_point = 0x7fef9398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 2674 start_va = 0x7fef9580000 end_va = 0x7fef95f6fff monitored = 1 entry_point = 0x7fef95be7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 2675 start_va = 0x7fefa1f0000 end_va = 0x7fefa1fefff monitored = 0 entry_point = 0x7fefa1f1040 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 2676 start_va = 0x7fefa5f0000 end_va = 0x7fefa5f7fff monitored = 0 entry_point = 0x7fefa5f11a0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 2677 start_va = 0x7fefa820000 end_va = 0x7fefa82bfff monitored = 0 entry_point = 0x7fefa8215d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 2678 start_va = 0x7fefac10000 end_va = 0x7fefac3bfff monitored = 0 entry_point = 0x7fefac115c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 2679 start_va = 0x7fefacf0000 end_va = 0x7fefad1cfff monitored = 0 entry_point = 0x7fefacf1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2680 start_va = 0x7fefae70000 end_va = 0x7fefae83fff monitored = 0 entry_point = 0x7fefae716b4 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 2681 start_va = 0x7fefae90000 end_va = 0x7fefaea4fff monitored = 0 entry_point = 0x7fefae91050 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 2682 start_va = 0x7fefaeb0000 end_va = 0x7fefaebbfff monitored = 0 entry_point = 0x7fefaeb18a4 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 2683 start_va = 0x7fefaec0000 end_va = 0x7fefaed5fff monitored = 0 entry_point = 0x7fefaec11a0 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 2684 start_va = 0x7fefaff0000 end_va = 0x7fefb000fff monitored = 0 entry_point = 0x7fefaff1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 2685 start_va = 0x7fefc160000 end_va = 0x7fefc169fff monitored = 0 entry_point = 0x7fefc163cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 2686 start_va = 0x7fefc260000 end_va = 0x7fefc2a6fff monitored = 0 entry_point = 0x7fefc261064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 2687 start_va = 0x7fefc2f0000 end_va = 0x7fefc346fff monitored = 0 entry_point = 0x7fefc2f5e38 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 2688 start_va = 0x7fefc350000 end_va = 0x7fefc37ffff monitored = 0 entry_point = 0x7fefc35194c region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 2689 start_va = 0x7fefc560000 end_va = 0x7fefc577fff monitored = 0 entry_point = 0x7fefc563b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 2690 start_va = 0x7fefc6d0000 end_va = 0x7fefc6f1fff monitored = 0 entry_point = 0x7fefc6d5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2691 start_va = 0x7fefca60000 end_va = 0x7fefca82fff monitored = 0 entry_point = 0x7fefca61198 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 2692 start_va = 0x7fefcb00000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcb01030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 2693 start_va = 0x7fefcb30000 end_va = 0x7fefcb54fff monitored = 0 entry_point = 0x7fefcb39658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 2694 start_va = 0x7fefcb60000 end_va = 0x7fefcb6efff monitored = 0 entry_point = 0x7fefcb61010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 2695 start_va = 0x7fefcc10000 end_va = 0x7fefcc4cfff monitored = 0 entry_point = 0x7fefcc118f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 2696 start_va = 0x7fefcc50000 end_va = 0x7fefcc63fff monitored = 0 entry_point = 0x7fefcc510e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 2697 start_va = 0x7fefcd10000 end_va = 0x7fefcd1efff monitored = 0 entry_point = 0x7fefcd11020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 2698 start_va = 0x7fefcd20000 end_va = 0x7fefcd8bfff monitored = 0 entry_point = 0x7fefcd22780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2699 start_va = 0x7fefcd90000 end_va = 0x7fefcefcfff monitored = 0 entry_point = 0x7fefcd910b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 2700 start_va = 0x7fefcf00000 end_va = 0x7fefcf35fff monitored = 0 entry_point = 0x7fefcf01474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 2701 start_va = 0x7fefcf40000 end_va = 0x7fefcf59fff monitored = 0 entry_point = 0x7fefcf41558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 2702 start_va = 0x7fefd000000 end_va = 0x7fefd03afff monitored = 0 entry_point = 0x7fefd001324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 2703 start_va = 0x7fefd420000 end_va = 0x7fefd486fff monitored = 0 entry_point = 0x7fefd42b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2704 start_va = 0x7fefd490000 end_va = 0x7fefd4dcfff monitored = 0 entry_point = 0x7fefd491070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2705 start_va = 0x7fefd4e0000 end_va = 0x7fefd6e2fff monitored = 0 entry_point = 0x7fefd503330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 2706 start_va = 0x7fefe480000 end_va = 0x7fefe656fff monitored = 0 entry_point = 0x7fefe481010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 2707 start_va = 0x7fefe680000 end_va = 0x7fefe7acfff monitored = 0 entry_point = 0x7fefe6ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2708 start_va = 0x7fefe7b0000 end_va = 0x7fefe88afff monitored = 0 entry_point = 0x7fefe7d0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2709 start_va = 0x7fefe910000 end_va = 0x7fefe9d8fff monitored = 0 entry_point = 0x7fefe98a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 2710 start_va = 0x7fefea60000 end_va = 0x7fefeab1fff monitored = 0 entry_point = 0x7fefea610d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 2711 start_va = 0x7fefeb60000 end_va = 0x7fefeb6dfff monitored = 0 entry_point = 0x7fefeb61080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 2712 start_va = 0x7fefeb70000 end_va = 0x7fefec46fff monitored = 0 entry_point = 0x7fefeb73274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2713 start_va = 0x7fefec50000 end_va = 0x7fefec6efff monitored = 0 entry_point = 0x7fefec560e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2714 start_va = 0x7fefec70000 end_va = 0x7fefed0efff monitored = 0 entry_point = 0x7fefec725a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2715 start_va = 0x7fefed10000 end_va = 0x7fefee18fff monitored = 0 entry_point = 0x7fefed11064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 2716 start_va = 0x7fefef50000 end_va = 0x7fefefe8fff monitored = 0 entry_point = 0x7fefef51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2717 start_va = 0x7fefeff0000 end_va = 0x7fefeff7fff monitored = 0 entry_point = 0x7fefeff1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2718 start_va = 0x7feff000000 end_va = 0x7feff02dfff monitored = 0 entry_point = 0x7feff001010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 2719 start_va = 0x7feff040000 end_va = 0x7feff040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 2720 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 2721 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 2722 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 2723 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 2724 start_va = 0x7fffffd5000 end_va = 0x7fffffd5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 2725 start_va = 0x7fffffd6000 end_va = 0x7fffffd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd6000" filename = "" Region: id = 2726 start_va = 0x7fffffd8000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd8000" filename = "" Region: id = 2727 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 2728 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 2729 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 2730 start_va = 0x1a0000 end_va = 0x1a2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2760 start_va = 0x1a0000 end_va = 0x1a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 2761 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2762 start_va = 0x2d0000 end_va = 0x2d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2763 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2764 start_va = 0x2d0000 end_va = 0x2d5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2765 start_va = 0x2b0000 end_va = 0x303fff monitored = 0 entry_point = 0x2c3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2766 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2767 start_va = 0x2b0000 end_va = 0x303fff monitored = 0 entry_point = 0x2c3450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2768 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2769 start_va = 0x2b0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x2ca06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2770 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2771 start_va = 0x2b0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x2ca06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2772 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2773 start_va = 0x2b0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x2ca06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2774 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2775 start_va = 0x2b0000 end_va = 0x2d0fff monitored = 0 entry_point = 0x2ca06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2776 start_va = 0x2e0000 end_va = 0x2e3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2777 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2778 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2779 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2780 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2781 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2782 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2783 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2784 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2785 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2786 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2787 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2788 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2789 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2790 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2791 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2792 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2793 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2f68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2794 start_va = 0x300000 end_va = 0x302fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2795 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2f68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2796 start_va = 0x300000 end_va = 0x302fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2797 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2798 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2799 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2800 start_va = 0x2b0000 end_va = 0x2b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2801 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2802 start_va = 0x2b0000 end_va = 0x2d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2803 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2804 start_va = 0x2b0000 end_va = 0x2d8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2805 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2806 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2807 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2808 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2809 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2810 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2811 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2812 start_va = 0x2b0000 end_va = 0x2b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2813 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2814 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2815 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2816 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2817 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2818 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2819 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2820 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2821 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2822 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2823 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2824 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2825 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2826 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2827 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2828 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2829 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2830 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2831 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2832 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2833 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2834 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2835 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2836 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2837 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2838 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2839 start_va = 0x2b0000 end_va = 0x2fffff monitored = 0 entry_point = 0x2b2b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2840 start_va = 0x300000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2841 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2842 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2843 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2844 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2845 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2846 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2847 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2848 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2849 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2850 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2851 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2852 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2853 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2854 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2855 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2856 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2857 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2858 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2859 start_va = 0x2b0000 end_va = 0x33afff monitored = 0 entry_point = 0x3251ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2860 start_va = 0x350000 end_va = 0x359fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2861 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 2862 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 2863 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 2864 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 2865 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2866 start_va = 0x2d0000 end_va = 0x2dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2867 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2868 start_va = 0x2d0000 end_va = 0x2dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2869 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2870 start_va = 0x2d0000 end_va = 0x2dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2871 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2872 start_va = 0x2d0000 end_va = 0x2dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2873 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2874 start_va = 0x2d0000 end_va = 0x2dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2875 start_va = 0x2b0000 end_va = 0x2c9fff monitored = 1 entry_point = 0x2b1380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2876 start_va = 0x2d0000 end_va = 0x2dbfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2877 start_va = 0x2b0000 end_va = 0x2d7fff monitored = 0 entry_point = 0x2b1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2878 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2879 start_va = 0x2b0000 end_va = 0x2d7fff monitored = 0 entry_point = 0x2b1860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 2880 start_va = 0x2e0000 end_va = 0x2e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 2881 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2882 start_va = 0x2c0000 end_va = 0x2c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2883 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2884 start_va = 0x2c0000 end_va = 0x2c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2885 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2886 start_va = 0x2c0000 end_va = 0x2c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2887 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2888 start_va = 0x2c0000 end_va = 0x2c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2889 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2890 start_va = 0x2c0000 end_va = 0x2c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2891 start_va = 0x2b0000 end_va = 0x2bafff monitored = 0 entry_point = 0x2b11a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 2892 start_va = 0x2c0000 end_va = 0x2c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 2893 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2894 start_va = 0x2c0000 end_va = 0x2cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2895 start_va = 0x2b0000 end_va = 0x2bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2896 start_va = 0x2c0000 end_va = 0x2cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2897 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2898 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 2899 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2900 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2901 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2902 start_va = 0x2b0000 end_va = 0x2b3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2903 start_va = 0x2b0000 end_va = 0x2f7fff monitored = 0 entry_point = 0x2efd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2904 start_va = 0x300000 end_va = 0x302fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2905 start_va = 0x2b0000 end_va = 0x2f7fff monitored = 0 entry_point = 0x2efd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2906 start_va = 0x300000 end_va = 0x302fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2907 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2908 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2909 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2910 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2911 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2912 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2913 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2914 start_va = 0x2b0000 end_va = 0x2b8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2915 start_va = 0x2b0000 end_va = 0x301fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32.dll.mui") Region: id = 2916 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2917 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2918 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2919 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2920 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2921 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2922 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2923 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2924 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2925 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2926 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 2927 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 2928 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2929 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2930 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2931 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2932 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2933 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2934 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2935 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 2936 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 2937 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2938 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2939 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2940 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2941 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2942 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2943 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2944 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2945 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2946 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2947 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2948 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2949 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2950 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2951 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2952 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2953 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2954 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2955 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2956 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2957 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2958 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2959 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2960 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2961 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2962 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2963 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2964 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2965 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2966 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2967 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2968 start_va = 0x310000 end_va = 0x310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2969 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2970 start_va = 0x310000 end_va = 0x310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2971 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2972 start_va = 0x310000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2973 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2974 start_va = 0x310000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2975 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2976 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2977 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2978 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2979 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2980 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2981 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2982 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2983 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2984 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2985 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2986 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2987 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2988 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2989 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2990 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2991 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2992 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2993 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2994 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2995 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2996 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2997 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2998 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2999 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3000 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3001 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3002 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3003 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3004 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3005 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3006 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3007 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3008 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3009 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3010 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3011 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3012 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3013 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3014 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3015 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3016 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3017 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3018 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3019 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3020 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3021 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3022 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3023 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3024 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3025 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3026 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3027 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3028 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3029 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3030 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3031 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3032 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3033 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3034 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3035 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3036 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3037 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3038 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3039 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3040 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3041 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3042 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3043 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3044 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3045 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3046 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3047 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3048 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3049 start_va = 0x310000 end_va = 0x337fff monitored = 0 entry_point = 0x311860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3050 start_va = 0x350000 end_va = 0x350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3051 start_va = 0x310000 end_va = 0x337fff monitored = 0 entry_point = 0x311860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3052 start_va = 0x350000 end_va = 0x350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3053 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3054 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3055 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3056 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3057 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3058 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3059 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3060 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3061 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3062 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3063 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3064 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3065 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3066 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3067 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3068 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3069 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3070 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3071 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3072 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3073 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3074 start_va = 0x310000 end_va = 0x313fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3075 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3076 start_va = 0x310000 end_va = 0x313fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3077 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3078 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3079 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3080 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3081 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3082 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3083 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3084 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3085 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3086 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3087 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3088 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3089 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3090 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3091 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3092 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3093 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3094 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3095 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3096 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3097 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3098 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3099 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3100 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3101 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3102 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3103 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3104 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3105 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3106 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3107 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3108 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3109 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3110 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3111 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3112 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3113 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3114 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3115 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3116 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3117 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3118 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3119 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3120 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3121 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3122 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3123 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3124 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3125 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3126 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3127 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3128 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3129 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3130 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3131 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3132 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3133 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3134 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3135 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3136 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3137 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3138 start_va = 0x310000 end_va = 0x310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3139 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3140 start_va = 0x310000 end_va = 0x310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3141 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3142 start_va = 0x310000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3143 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3144 start_va = 0x310000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3145 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3146 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3147 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3148 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3149 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3150 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3151 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3152 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3153 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3154 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3155 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3156 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3157 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3158 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3159 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3160 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3161 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3162 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3163 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3164 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3165 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3166 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3167 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3168 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3169 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3170 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3171 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3172 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3173 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3174 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3175 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3176 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3177 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3178 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3179 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3180 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3181 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3182 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3183 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3184 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3185 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3186 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3187 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3188 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3189 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3190 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3191 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3192 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3193 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3194 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3195 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3196 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3197 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3198 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3199 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3200 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3201 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3202 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3203 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3204 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3205 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3206 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3207 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3208 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3209 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3210 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3211 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3212 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3213 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3214 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3215 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3216 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3217 start_va = 0x310000 end_va = 0x337fff monitored = 0 entry_point = 0x311860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3218 start_va = 0x350000 end_va = 0x350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3219 start_va = 0x310000 end_va = 0x337fff monitored = 0 entry_point = 0x311860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3220 start_va = 0x350000 end_va = 0x350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3221 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3222 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3223 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3224 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3225 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3226 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3227 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3228 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3229 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3230 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3231 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3232 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3233 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3234 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3235 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3236 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3237 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3238 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3239 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3240 start_va = 0x310000 end_va = 0x313fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3241 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3242 start_va = 0x310000 end_va = 0x313fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3243 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3244 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3245 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3246 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3247 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3248 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3249 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3250 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3251 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3252 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3253 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3254 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3255 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3256 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3257 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3258 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3259 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3260 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3261 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3262 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3263 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3264 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3265 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3266 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3267 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3268 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3269 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3270 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3271 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3272 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3273 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3274 start_va = 0x310000 end_va = 0x311fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3275 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3276 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3277 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3278 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3279 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3280 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3281 start_va = 0x310000 end_va = 0x330fff monitored = 0 entry_point = 0x32a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3282 start_va = 0x350000 end_va = 0x353fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3283 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3284 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3285 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3286 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3287 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3288 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3289 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3290 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3291 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3292 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3293 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3294 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3295 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3296 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3297 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3298 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3299 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3300 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3301 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3302 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3303 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3304 start_va = 0x310000 end_va = 0x310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3305 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3306 start_va = 0x310000 end_va = 0x310fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3307 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3308 start_va = 0x310000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3309 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3310 start_va = 0x310000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3311 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3312 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3313 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3314 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3315 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3316 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3317 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3318 start_va = 0x310000 end_va = 0x314fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3319 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3320 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3321 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3322 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3323 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3324 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3325 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3326 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3327 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3328 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3329 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3330 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3331 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3332 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3333 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3334 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3335 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3336 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3337 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3338 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3339 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3340 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3341 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3342 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3343 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3344 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3345 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3346 start_va = 0x310000 end_va = 0x322fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3347 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3348 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3349 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3350 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3351 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3352 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3353 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3354 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3355 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3356 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3357 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3358 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3359 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3360 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3361 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3362 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3363 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3364 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3365 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3366 start_va = 0x310000 end_va = 0x319fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3367 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3368 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3369 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3370 start_va = 0x12f0000 end_va = 0x1420fff monitored = 0 entry_point = 0x134dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3371 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3372 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3373 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3374 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3375 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3376 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3377 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3378 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3379 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3380 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3381 start_va = 0x310000 end_va = 0x329fff monitored = 1 entry_point = 0x311380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3382 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3383 start_va = 0x310000 end_va = 0x337fff monitored = 0 entry_point = 0x311860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3384 start_va = 0x350000 end_va = 0x350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3385 start_va = 0x310000 end_va = 0x337fff monitored = 0 entry_point = 0x311860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3386 start_va = 0x350000 end_va = 0x350fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3387 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3388 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3389 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3390 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3391 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3392 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3393 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3394 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3395 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3396 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3397 start_va = 0x310000 end_va = 0x31afff monitored = 0 entry_point = 0x3111a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3398 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3399 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3400 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3401 start_va = 0x310000 end_va = 0x31dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3402 start_va = 0x320000 end_va = 0x32dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3403 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3404 start_va = 0x12f0000 end_va = 0x20e4fff monitored = 0 entry_point = 0x13d3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3405 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3406 start_va = 0x310000 end_va = 0x313fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3407 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3408 start_va = 0x310000 end_va = 0x313fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3409 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3410 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3411 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3412 start_va = 0x310000 end_va = 0x312fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3413 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3414 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3415 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3416 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3417 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3418 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3419 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3420 start_va = 0x310000 end_va = 0x318fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3421 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3422 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3423 start_va = 0x12f0000 end_va = 0x143cfff monitored = 0 entry_point = 0x13f2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3424 start_va = 0x310000 end_va = 0x315fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3425 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3426 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3427 start_va = 0x310000 end_va = 0x31efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3428 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3429 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3430 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3431 start_va = 0x310000 end_va = 0x31ffff monitored = 0 entry_point = 0x31a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3432 start_va = 0x320000 end_va = 0x321fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3433 start_va = 0x7fefa510000 end_va = 0x7fefa51afff monitored = 0 entry_point = 0x7fefa5146ec region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 3434 start_va = 0x12f0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 3435 start_va = 0x12f0000 end_va = 0x13effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012f0000" filename = "" Region: id = 3436 start_va = 0x14b0000 end_va = 0x14bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014b0000" filename = "" Region: id = 3437 start_va = 0x14c0000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 3448 start_va = 0x310000 end_va = 0x312fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000310000" filename = "" Region: id = 3449 start_va = 0x7fefa740000 end_va = 0x7fefa766fff monitored = 0 entry_point = 0x7fefa7498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 3450 start_va = 0x7fefa730000 end_va = 0x7fefa73afff monitored = 0 entry_point = 0x7fefa731198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 3451 start_va = 0x7fefa4d0000 end_va = 0x7fefa4e0fff monitored = 0 entry_point = 0x7fefa4d16ac region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 3452 start_va = 0x7fefa4b0000 end_va = 0x7fefa4c7fff monitored = 0 entry_point = 0x7fefa4b1bf8 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 3453 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3454 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3455 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3456 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3457 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3458 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3459 start_va = 0x320000 end_va = 0x320fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\System32\\tzres.dll" (normalized: "c:\\windows\\system32\\tzres.dll") Region: id = 3460 start_va = 0x330000 end_va = 0x336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\System32\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tzres.dll.mui") Region: id = 3461 start_va = 0x7fefc380000 end_va = 0x7fefc3dafff monitored = 0 entry_point = 0x7fefc386940 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 3462 start_va = 0x15c0000 end_va = 0x17dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015c0000" filename = "" Region: id = 3466 start_va = 0x320000 end_va = 0x324fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000320000" filename = "" Region: id = 3676 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3677 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3678 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3679 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3680 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3681 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3682 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3683 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3684 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3685 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3686 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3687 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3688 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3689 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3690 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3691 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3692 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3693 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3694 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3695 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3696 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3697 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3698 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3699 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3700 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3701 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3702 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3703 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3704 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3705 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3706 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3707 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3708 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3709 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3710 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3711 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3712 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3713 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3714 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3715 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3716 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3717 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3718 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3719 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3720 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3721 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3722 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3723 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3724 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3725 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3726 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3727 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3728 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3729 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3730 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3731 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3732 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3733 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3734 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3735 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3736 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3737 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3738 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3739 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3740 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3741 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3742 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3743 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3744 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3745 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3746 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3747 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3748 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3749 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3750 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3751 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3752 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3753 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3754 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3755 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3756 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3757 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3758 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3759 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3760 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3761 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3762 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3763 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3764 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3765 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3766 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3767 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3768 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3769 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3770 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3771 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3772 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3773 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3774 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3775 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3776 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3777 start_va = 0x1760000 end_va = 0x17dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001760000" filename = "" Region: id = 3778 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3779 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3780 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3781 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3782 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3783 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3784 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3785 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3786 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3787 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3788 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3789 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3790 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3791 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3792 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3793 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3794 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3795 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3796 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3797 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3798 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3799 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3800 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3801 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3802 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3803 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3804 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3805 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3806 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3807 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3808 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3809 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3810 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3811 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3812 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3813 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3814 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3815 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3816 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3817 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3818 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3819 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3820 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3821 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3822 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3823 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3824 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3825 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3826 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3827 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3828 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3829 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3830 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3831 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3832 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3833 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 3834 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 3835 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3836 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3837 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 3838 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 3839 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3840 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3841 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 3842 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 3843 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3844 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3845 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3846 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 3847 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 3848 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3849 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3850 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 3851 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 3852 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3853 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3854 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3855 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3856 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3857 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3858 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 3859 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 3860 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3861 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3862 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3863 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3864 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3865 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3866 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3867 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3868 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3869 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3870 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3871 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3872 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3873 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3874 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3875 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3876 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3877 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3878 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3879 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3880 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 3881 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 3882 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3883 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3884 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 3885 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 3886 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3887 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3888 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 3889 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 3890 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3891 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3892 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3893 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3894 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3895 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3896 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 3897 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 3898 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3899 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3900 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3901 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3902 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3903 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3904 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3905 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3906 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3907 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3908 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3909 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3910 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3911 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3912 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3913 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3914 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3915 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3916 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3917 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3918 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3919 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3920 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3921 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3922 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3923 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3924 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 3925 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 3926 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3927 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3928 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3929 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3930 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3931 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3932 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3933 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3934 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3935 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3936 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3937 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3938 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3939 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3940 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3941 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3942 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3943 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3944 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 3945 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 3946 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3947 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3948 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3949 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 3950 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3951 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3952 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3953 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3954 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3955 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3956 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3957 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3958 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3959 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3960 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3961 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3962 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 3963 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 3964 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3965 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3966 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 3967 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 3968 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3969 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3970 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3971 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3972 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3973 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3974 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3975 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3976 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3977 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3978 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 3979 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 3980 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3981 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3982 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3983 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3984 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 3985 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 3986 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3987 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 3988 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3989 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3990 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 3991 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 3992 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3993 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3994 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 3995 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 3996 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3997 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 3998 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 3999 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4000 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4001 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4002 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4003 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4004 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4005 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4006 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4007 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4008 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4009 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4010 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4011 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4012 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4013 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4014 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4015 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4016 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4017 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4018 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4019 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4020 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4021 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4022 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4023 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4024 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4025 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4026 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4027 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4028 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4029 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4030 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4031 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4032 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4033 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4034 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4035 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4036 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4037 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4038 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4039 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4040 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4041 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4042 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4043 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4044 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4045 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4046 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4047 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4048 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4049 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4050 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4051 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4052 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4053 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4054 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4055 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4056 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4057 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4058 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4059 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4060 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4061 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4062 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4063 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4064 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4065 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4066 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4067 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4068 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4069 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4070 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4071 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4072 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4073 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4074 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4075 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4076 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4077 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4078 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4079 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4080 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4081 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4082 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4083 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4084 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4085 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4086 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4087 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4088 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4089 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4090 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4091 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4092 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4093 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4094 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4095 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4096 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4097 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4098 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4099 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4100 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4101 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4102 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4103 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4104 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4105 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4106 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4107 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4108 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4109 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4110 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4111 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4112 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4113 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4114 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4115 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4116 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4117 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4118 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4119 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4120 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4121 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4122 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4123 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4124 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4125 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4126 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4127 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4128 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4129 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4130 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4131 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4132 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4133 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4134 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4135 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4136 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4137 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4138 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4139 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4140 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4141 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4142 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4143 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4144 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4145 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4146 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4147 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4148 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4149 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4150 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4151 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4152 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4153 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4154 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4155 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4156 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4157 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4158 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4159 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4160 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4161 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4162 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4163 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4164 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4165 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4166 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4167 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4168 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4169 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4170 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4171 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4172 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4173 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4174 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4175 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4176 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4177 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4178 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4179 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4180 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4181 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4182 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4183 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4184 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 4185 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 4186 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4187 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4188 start_va = 0xd80000 end_va = 0xdd3fff monitored = 0 entry_point = 0xd93450 region_type = mapped_file name = "lsm.exe" filename = "\\Windows\\System32\\lsm.exe" (normalized: "c:\\windows\\system32\\lsm.exe") Region: id = 4189 start_va = 0x330000 end_va = 0x331fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.exe.mui" filename = "\\Windows\\System32\\en-US\\lsm.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.exe.mui") Region: id = 4190 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4191 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4192 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4193 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4194 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4195 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4196 start_va = 0xd80000 end_va = 0xda0fff monitored = 0 entry_point = 0xd9a06c region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 4197 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 4198 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4199 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4200 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4201 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4202 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4203 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4204 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4205 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4206 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4207 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4208 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4209 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4210 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4211 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4212 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4213 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4214 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4215 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4216 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xdc68c8 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 4217 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 4218 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4219 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4220 start_va = 0xec0000 end_va = 0xf9bfff monitored = 0 entry_point = 0xf35ec8 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 4221 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 4222 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4223 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4224 start_va = 0xec0000 end_va = 0xfa1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 4225 start_va = 0xd80000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 4226 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4227 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4228 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4229 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4230 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4231 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4232 start_va = 0xd80000 end_va = 0xe28fff monitored = 0 entry_point = 0xd918d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4233 start_va = 0x330000 end_va = 0x334fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 4234 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4235 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4236 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4237 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4238 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4239 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4240 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4241 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4242 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4243 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4244 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4245 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4246 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4247 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4248 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4249 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4250 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4251 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4252 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4253 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4254 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4255 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4256 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4257 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4258 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4259 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4260 start_va = 0xd80000 end_va = 0xdcffff monitored = 0 entry_point = 0xd82b98 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 4261 start_va = 0xb20000 end_va = 0xb32fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 4262 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4263 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4264 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4265 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4266 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4267 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4268 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4269 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4270 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4271 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4272 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4273 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4274 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4275 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4276 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4277 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4278 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4279 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4280 start_va = 0xd80000 end_va = 0xe0afff monitored = 0 entry_point = 0xdf51ec region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 4281 start_va = 0x330000 end_va = 0x339fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 4282 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4283 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4284 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4285 start_va = 0x15c0000 end_va = 0x16f0fff monitored = 0 entry_point = 0x161dab9 region_type = mapped_file name = "mce.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\mce.dll" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\mce.dll") Region: id = 4286 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4287 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4288 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4289 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4290 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4291 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4292 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4293 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4294 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4295 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4296 start_va = 0xb20000 end_va = 0xb39fff monitored = 1 entry_point = 0xb21380 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 4297 start_va = 0x330000 end_va = 0x33bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 4298 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4299 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4300 start_va = 0xd80000 end_va = 0xda7fff monitored = 0 entry_point = 0xd81860 region_type = mapped_file name = "umpo.dll" filename = "\\Windows\\System32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll") Region: id = 4301 start_va = 0x330000 end_va = 0x330fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpo.dll.mui" filename = "\\Windows\\System32\\en-US\\umpo.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpo.dll.mui") Region: id = 4302 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4303 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4304 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4305 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4306 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4307 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4308 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4309 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4310 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4311 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4312 start_va = 0x330000 end_va = 0x33afff monitored = 0 entry_point = 0x3311a8 region_type = mapped_file name = "httpapi.dll" filename = "\\Windows\\System32\\httpapi.dll" (normalized: "c:\\windows\\system32\\httpapi.dll") Region: id = 4313 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "httpapi.dll.mui" filename = "\\Windows\\System32\\en-US\\httpapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\httpapi.dll.mui") Region: id = 4314 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4315 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4316 start_va = 0x330000 end_va = 0x33dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 4317 start_va = 0x350000 end_va = 0x35dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 4318 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4319 start_va = 0x17e0000 end_va = 0x25d4fff monitored = 0 entry_point = 0x18c3268 region_type = mapped_file name = "wmp.dll" filename = "\\Windows\\System32\\wmp.dll" (normalized: "c:\\windows\\system32\\wmp.dll") Region: id = 4320 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4321 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4322 start_va = 0xd80000 end_va = 0xe29fff monitored = 0 entry_point = 0xd94100 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 4323 start_va = 0x330000 end_va = 0x333fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 4324 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4325 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4326 start_va = 0xd80000 end_va = 0xdc7fff monitored = 0 entry_point = 0xdbfd0c region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 4327 start_va = 0x330000 end_va = 0x332fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 4328 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4329 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4330 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4331 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4332 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4333 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4334 start_va = 0xec0000 end_va = 0xfa8fff monitored = 0 entry_point = 0xf9906c region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 4335 start_va = 0x330000 end_va = 0x338fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 4336 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4337 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4338 start_va = 0x15c0000 end_va = 0x170cfff monitored = 0 entry_point = 0x16c2a88 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 4339 start_va = 0x330000 end_va = 0x335fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 4340 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4341 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4342 start_va = 0x330000 end_va = 0x33efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 4343 start_va = 0xd80000 end_va = 0xdd9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 4344 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4345 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Region: id = 4346 start_va = 0x330000 end_va = 0x33ffff monitored = 0 entry_point = 0x33a33c region_type = mapped_file name = "tbssvc.dll" filename = "\\Windows\\System32\\tbssvc.dll" (normalized: "c:\\windows\\system32\\tbssvc.dll") Region: id = 4347 start_va = 0x350000 end_va = 0x351fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tbssvc.dll.mui" filename = "\\Windows\\System32\\en-US\\tbssvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\tbssvc.dll.mui") Thread: id = 132 os_tid = 0xfb8 [0189.050] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0189.071] SetLastError (dwErrCode=0x0) [0189.071] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310) returned 1 [0189.071] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed950 [0189.071] SetLastError (dwErrCode=0x0) [0189.071] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed950, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed950, pcchLanguagesBuffer=0x12ee310) returned 1 [0189.072] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed900 [0189.072] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed950 | out: hHeap=0x1b0000) returned 1 [0189.072] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x14) returned 0x21f390 [0189.072] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x21f390, pulNumLanguages=0x12ee408 | out: pulNumLanguages=0x12ee408) returned 1 [0189.072] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x21f390 | out: hHeap=0x1b0000) returned 1 [0189.082] LoadStringW (in: hInstance=0x7fef22e0000, uID=0x3e, lpBuffer=0x12ed9e0, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa [0189.083] lstrlenW (lpString="Dell") returned 4 [0189.083] lstrlenW (lpString="0D61XP") returned 6 [0189.083] lstrlenW (lpString="A00") returned 3 [0189.083] lstrlenW (lpString="..CN747510BO0504.") returned 17 [0189.089] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x4) returned 0x1ed950 [0189.089] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1ed950, pulNumLanguages=0x12ee400 | out: pulNumLanguages=0x12ee400) returned 1 [0189.089] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed950 | out: hHeap=0x1b0000) returned 1 [0190.595] SetLastError (dwErrCode=0x0) [0190.595] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310) returned 1 [0190.595] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed900 [0190.595] SetLastError (dwErrCode=0x0) [0190.596] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed900, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed900, pcchLanguagesBuffer=0x12ee310) returned 1 [0190.596] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed950 [0190.596] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed900 | out: hHeap=0x1b0000) returned 1 [0190.596] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x14) returned 0x21f290 [0190.596] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x21f290, pulNumLanguages=0x12ee408 | out: pulNumLanguages=0x12ee408) returned 1 [0190.596] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x21f290 | out: hHeap=0x1b0000) returned 1 [0190.614] malloc (_Size=0x600) returned 0x3ab270 [0190.614] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x12edb2c | out: Buffer=0x0, ReturnedLength=0x12edb2c) returned 0 [0190.614] GetLastError () returned 0x7a [0190.614] malloc (_Size=0x250) returned 0x3a7cb0 [0190.614] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x3a7cb0, ReturnedLength=0x12edb2c | out: Buffer=0x3a7cb0, ReturnedLength=0x12edb2c) returned 1 [0190.614] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0190.614] GetMaximumProcessorGroupCount () returned 0x1 [0190.614] malloc (_Size=0x40) returned 0x39d8b0 [0190.614] malloc (_Size=0x40) returned 0x39d900 [0190.614] malloc (_Size=0x8) returned 0x3a7830 [0190.619] memcpy (in: _Dst=0x39d8b0, _Src=0x3a7cd0, _Size=0x10 | out: _Dst=0x39d8b0) returned 0x39d8b0 [0190.627] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0190.628] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x12edb24, InputBufferLength=0x2, OutputBuffer=0x3ab270, OutputBufferLength=0x60 | out: OutputBuffer=0x3ab270) returned 0x0 [0190.628] _vsnwprintf (in: _Buffer=0x12ed9c0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x12ed2b8 | out: _Buffer="CPU0") returned 4 [0190.628] GetCurrentThread () returned 0xfffffffffffffffe [0190.628] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x12ed190, PreviousGroupAffinity=0x12ed1a0 | out: PreviousGroupAffinity=0x12ed1a0) returned 1 [0190.628] GetSystemInfo (in: lpSystemInfo=0x12ed350 | out: lpSystemInfo=0x12ed350*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0190.629] mbstowcs (in: _Dest=0x12ed5d8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0190.629] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0190.636] mbstowcs (in: _Dest=0x12ed448, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0190.636] GetCurrentThread () returned 0xfffffffffffffffe [0190.636] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x12ed1a0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0190.640] LoadStringW (in: hInstance=0x7fef22e0000, uID=0x2c, lpBuffer=0x12ed010, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0199.563] malloc (_Size=0x319f8) returned 0x3ac1a0 [0200.137] _wtoi (_String="238") returned 238 [0200.137] _wtoi (_String="6") returned 6 [0200.138] _itow (in: _Dest=0x0, _Radix=19847408 | out: _Dest=0x0) returned="0" [0200.138] _itow (in: _Dest=0xee, _Radix=19845696 | out: _Dest=0xee) returned="238" [0200.138] malloc (_Size=0x4000) returned 0x3ddba0 [0200.138] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x3ddba0, lpcbData=0x12ed214*=0x4000 | out: lpType=0x0, lpData=0x3ddba0*=0x50, lpcbData=0x12ed214*=0x608) returned 0x0 [0200.252] free (_Block=0x3ddba0) [0200.252] Sleep (dwMilliseconds=0x3e8) [0201.255] _itow (in: _Dest=0xee, _Radix=19845696 | out: _Dest=0xee) returned="238" [0201.255] malloc (_Size=0x4000) returned 0x3ddba0 [0201.255] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x3ddba0, lpcbData=0x12ed214*=0x4000 | out: lpType=0x0, lpData=0x3ddba0*=0x50, lpcbData=0x12ed214*=0x608) returned 0x0 [0201.318] free (_Block=0x3ddba0) [0201.321] free (_Block=0x3ac1a0) [0201.324] _vsnwprintf (in: _Buffer=0x12ed8f0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x12ed2b8 | out: _Buffer="0F8BFBFF00050654") returned 16 [0201.325] lstrlenW (lpString=" 0") returned 2 [0201.325] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0201.326] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0201.326] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0201.326] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0201.326] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0201.326] _vsnwprintf (in: _Buffer=0x12edbd0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x12edaf8 | out: _Buffer="CPU0") returned 4 [0201.327] free (_Block=0x3a7830) [0201.328] free (_Block=0x39d900) [0201.328] free (_Block=0x39d8b0) [0201.329] free (_Block=0x3a7cb0) [0201.329] free (_Block=0x3ab270) [0201.390] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x4) returned 0x1ed900 [0201.390] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1ed900, pulNumLanguages=0x12ee400 | out: pulNumLanguages=0x12ee400) returned 1 [0201.390] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed900 | out: hHeap=0x1b0000) returned 1 [0201.574] SetLastError (dwErrCode=0x0) [0201.574] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310) returned 1 [0201.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed950 [0201.574] SetLastError (dwErrCode=0x0) [0201.574] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed950, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed950, pcchLanguagesBuffer=0x12ee310) returned 1 [0201.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed900 [0201.574] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed950 | out: hHeap=0x1b0000) returned 1 [0201.574] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x14) returned 0x21f430 [0201.574] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x21f430, pulNumLanguages=0x12ee408 | out: pulNumLanguages=0x12ee408) returned 1 [0201.574] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x21f430 | out: hHeap=0x1b0000) returned 1 [0201.579] LoadLibraryA (lpLibFileName="IPHLPAPI.DLL") returned 0x7fefa740000 [0201.585] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdaptersAddresses") returned 0x7fefa742ab4 [0201.586] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x12edd08*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x12edd08*=0xcc0) returned 0x6f [0201.607] malloc (_Size=0xcc0) returned 0x3ab270 [0201.607] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0x3ab270, SizePointer=0x12edd08*=0xcc0 | out: AdapterAddresses=0x3ab270*(Alignment=0x10000001c0, Length=0x1c0, IfIndex=0x10, Next=0x3ab7a8, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x3ab4f8, FirstAnycastAddress=0x0, FirstMulticastAddress=0x3ab5a8, FirstDnsServerAddress=0x3ab778, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x7, [2]=0x7d, [3]=0xd7, [4]=0x58, [5]=0x38, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x3ab430*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x12edd08*=0xcc0) returned 0x0 [0201.621] malloc (_Size=0x68) returned 0x3a0a60 [0201.621] memcpy (in: _Dst=0x3a0aac, _Src=0x3ab2c0, _Size=0x6 | out: _Dst=0x3a0aac) returned 0x3a0aac [0201.622] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetIpForwardTable2") returned 0x7fefa7461b4 [0201.622] GetIpForwardTable2 () returned 0x0 [0201.622] malloc (_Size=0x20) returned 0x3a8500 [0201.623] RtlIpv6AddressToStringW () returned 0x12edb82 [0201.623] malloc (_Size=0x20) returned 0x3a84d0 [0201.623] RtlIpv4AddressToStringW () returned 0x12edb6a [0201.623] GetProcAddress (hModule=0x7fefa740000, lpProcName="ConvertLengthToIpv4Mask") returned 0x7fefa745330 [0201.623] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0x12edb38 | out: Mask=0x12edb38) returned 0x0 [0201.623] RtlIpv4AddressToStringW () returned 0x12edb6a [0201.623] malloc (_Size=0x20) returned 0x3a8620 [0201.623] RtlIpv4AddressToStringW () returned 0x12edb66 [0201.623] GetProcAddress (hModule=0x7fefa740000, lpProcName="FreeMibTable") returned 0x7fefa745710 [0201.623] FreeMibTable () returned 0x567ee501 [0201.624] malloc (_Size=0x68) returned 0x3a0bb0 [0201.624] GetIpForwardTable2 () returned 0x0 [0201.624] malloc (_Size=0x20) returned 0x3a8680 [0201.624] RtlIpv6AddressToStringW () returned 0x12edb56 [0201.625] malloc (_Size=0x20) returned 0x3a86b0 [0201.625] RtlIpv4AddressToStringW () returned 0x12edb62 [0201.625] ConvertLengthToIpv4Mask (in: MaskLength=0x8, Mask=0x12edb38 | out: Mask=0x12edb38) returned 0x0 [0201.625] RtlIpv4AddressToStringW () returned 0x12edb62 [0201.625] FreeMibTable () returned 0x567ee501 [0201.625] malloc (_Size=0x68) returned 0x3a0c90 [0201.626] free (_Block=0x3ab270) [0201.626] _vsnwprintf (in: _Buffer=0x12eda70, _BufferCount=0x105, _Format="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}", _ArgList=0x12eca98 | out: _Buffer="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}") returned 77 [0201.626] _wtol (_String="0000") returned 0 [0201.628] malloc (_Size=0x48) returned 0x39d950 [0201.629] _wtol (_String="0001") returned 1 [0201.630] malloc (_Size=0x48) returned 0x39d9a0 [0201.631] _wtol (_String="0002") returned 2 [0201.633] malloc (_Size=0x48) returned 0x39d9f0 [0201.634] _wtol (_String="0003") returned 3 [0201.635] malloc (_Size=0x48) returned 0x3ae130 [0201.636] _wtol (_String="0004") returned 4 [0201.637] malloc (_Size=0x48) returned 0x3ae180 [0201.638] _wtol (_String="0005") returned 5 [0201.640] malloc (_Size=0x48) returned 0x3ae1d0 [0201.641] _wtol (_String="0006") returned 6 [0201.642] malloc (_Size=0x48) returned 0x3ae270 [0201.643] _wtol (_String="0007") returned 7 [0201.645] malloc (_Size=0x48) returned 0x3ae2c0 [0201.646] _wtol (_String="0008") returned 8 [0201.648] malloc (_Size=0x48) returned 0x3ae310 [0201.649] _wtol (_String="0009") returned 9 [0201.650] malloc (_Size=0x48) returned 0x3ae3b0 [0201.651] _wtol (_String="0010") returned 10 [0201.653] malloc (_Size=0x48) returned 0x3ae220 [0201.654] _wtol (_String="0011") returned 11 [0201.655] malloc (_Size=0x48) returned 0x3ae400 [0201.657] _wtol (_String="0012") returned 12 [0201.658] malloc (_Size=0x48) returned 0x3ae450 [0201.659] _wtol (_String="0013") returned 13 [0201.668] malloc (_Size=0x48) returned 0x3ae4a0 [0201.669] _wtol (_String="0014") returned 14 [0201.671] malloc (_Size=0x48) returned 0x3ae4f0 [0201.672] _wtol (_String="Properties") returned 0 [0201.683] QueryDosDeviceW (in: lpDeviceName="{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP10") returned 0x10 [0201.683] CreateFileW (lpFileName="\\\\.\\{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}" (normalized: "\\device\\ndmp10"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.683] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.684] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.684] CloseHandle (hObject=0x480) returned 1 [0201.692] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.692] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.692] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.693] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.694] QueryDosDeviceW (in: lpDeviceName="{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP3") returned 0xf [0201.694] CreateFileW (lpFileName="\\\\.\\{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}" (normalized: "\\device\\ndmp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.695] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.695] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.695] CloseHandle (hObject=0x480) returned 1 [0201.697] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.697] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.697] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{29898C9D-B0A4-4FEF-BDB6-57A562022CEE}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.697] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.699] QueryDosDeviceW (in: lpDeviceName="{E43D242B-9EAB-4626-A952-46649FBB939A}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP4") returned 0xf [0201.699] CreateFileW (lpFileName="\\\\.\\{E43D242B-9EAB-4626-A952-46649FBB939A}" (normalized: "\\device\\ndmp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.702] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.702] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.702] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{E43D242B-9EAB-4626-A952-46649FBB939A}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.703] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.704] QueryDosDeviceW (in: lpDeviceName="{DF4A9D2C-8742-4EB1-8703-D395C4183F33}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP9") returned 0xf [0201.704] CreateFileW (lpFileName="\\\\.\\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}" (normalized: "\\device\\ndmp9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.704] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.704] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.705] CloseHandle (hObject=0x480) returned 1 [0201.708] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.708] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.708] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{DF4A9D2C-8742-4EB1-8703-D395C4183F33}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.709] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.710] QueryDosDeviceW (in: lpDeviceName="{8E301A52-AFFA-4F49-B9CA-C79096A1A056}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP8") returned 0xf [0201.710] CreateFileW (lpFileName="\\\\.\\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}" (normalized: "\\device\\ndmp8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.710] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.710] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.711] CloseHandle (hObject=0x480) returned 1 [0201.713] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.713] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.713] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{8E301A52-AFFA-4F49-B9CA-C79096A1A056}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.714] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.715] QueryDosDeviceW (in: lpDeviceName="{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="ˣ") returned 0x0 [0201.715] GetLastError () returned 0x2 [0201.715] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", lpTargetPath="\\Device\\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}") returned 1 [0201.723] CreateFileW (lpFileName="\\\\.\\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}" (normalized: "{9a399d81-2ead-4f23-bcdd-637fc13dcd51}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.724] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", lpTargetPath="\\Device\\{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}") returned 1 [0201.727] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.727] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.727] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{9A399D81-2EAD-4F23-BCDD-637FC13DCD51}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.728] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.729] QueryDosDeviceW (in: lpDeviceName="{5BF54C7E-91DA-457D-80BF-333677D7E316}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="ˣ") returned 0x0 [0201.729] GetLastError () returned 0x2 [0201.729] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{5BF54C7E-91DA-457D-80BF-333677D7E316}", lpTargetPath="\\Device\\{5BF54C7E-91DA-457D-80BF-333677D7E316}") returned 1 [0201.735] CreateFileW (lpFileName="\\\\.\\{5BF54C7E-91DA-457D-80BF-333677D7E316}" (normalized: "{5bf54c7e-91da-457d-80bf-333677d7e316}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.735] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{5BF54C7E-91DA-457D-80BF-333677D7E316}", lpTargetPath="\\Device\\{5BF54C7E-91DA-457D-80BF-333677D7E316}") returned 1 [0201.738] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.738] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.739] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{5BF54C7E-91DA-457D-80BF-333677D7E316}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.739] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.740] QueryDosDeviceW (in: lpDeviceName="{2E05A730-9200-401C-93EB-834FDA0A8400}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="˴") returned 0x0 [0201.740] GetLastError () returned 0x2 [0201.740] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{2E05A730-9200-401C-93EB-834FDA0A8400}", lpTargetPath="\\Device\\{2E05A730-9200-401C-93EB-834FDA0A8400}") returned 1 [0201.747] CreateFileW (lpFileName="\\\\.\\{2E05A730-9200-401C-93EB-834FDA0A8400}" (normalized: "{2e05a730-9200-401c-93eb-834fda0a8400}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.748] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{2E05A730-9200-401C-93EB-834FDA0A8400}", lpTargetPath="\\Device\\{2E05A730-9200-401C-93EB-834FDA0A8400}") returned 1 [0201.751] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.752] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.752] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{2E05A730-9200-401C-93EB-834FDA0A8400}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.752] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.753] QueryDosDeviceW (in: lpDeviceName="{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="˰") returned 0x0 [0201.753] GetLastError () returned 0x2 [0201.754] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", lpTargetPath="\\Device\\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}") returned 1 [0201.760] CreateFileW (lpFileName="\\\\.\\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}" (normalized: "{2caa64ed-baa3-4473-b637-dec65a14c8aa}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.760] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", lpTargetPath="\\Device\\{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}") returned 1 [0201.762] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.762] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.762] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{2CAA64ED-BAA3-4473-B637-DEC65A14C8AA}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.763] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.764] QueryDosDeviceW (in: lpDeviceName="{D798E63F-0CBA-45D6-AA42-58A00E60B2E0}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP1") returned 0xf [0201.764] CreateFileW (lpFileName="\\\\.\\{D798E63F-0CBA-45D6-AA42-58A00E60B2E0}" (normalized: "\\device\\ndmp1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.764] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0*, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpInBuffer=0x12ec7a0*, lpOutBuffer=0x12ec7f0*, lpBytesReturned=0x12ec7b0*=0x4, lpOverlapped=0x0) returned 1 [0201.764] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpOutBuffer=0x12ec7f0, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0) returned 0 [0201.764] CloseHandle (hObject=0x480) returned 1 [0201.767] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.767] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.767] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{D798E63F-0CBA-45D6-AA42-58A00E60B2E0}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.768] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.769] QueryDosDeviceW (in: lpDeviceName="{78032B7E-4968-42D3-9F37-287EA86C0AAA}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP12") returned 0x10 [0201.769] CreateFileW (lpFileName="\\\\.\\{78032B7E-4968-42D3-9F37-287EA86C0AAA}" (normalized: "\\device\\ndmp12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.769] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0*, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpInBuffer=0x12ec7a0*, lpOutBuffer=0x12ec7f0*, lpBytesReturned=0x12ec7b0*=0x4, lpOverlapped=0x0) returned 1 [0201.770] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0*, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpInBuffer=0x12ec7a0*, lpOutBuffer=0x12ec7f0*, lpBytesReturned=0x12ec7b0*=0x6, lpOverlapped=0x0) returned 1 [0201.770] CloseHandle (hObject=0x480) returned 1 [0201.772] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.773] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.773] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{78032B7E-4968-42D3-9F37-287EA86C0AAA}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.774] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.774] QueryDosDeviceW (in: lpDeviceName="{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="ˮ") returned 0x0 [0201.775] GetLastError () returned 0x2 [0201.775] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", lpTargetPath="\\Device\\{5C264C78-4D74-46FF-BC21-C933DE51C5DF}") returned 1 [0201.783] CreateFileW (lpFileName="\\\\.\\{5C264C78-4D74-46FF-BC21-C933DE51C5DF}" (normalized: "{5c264c78-4d74-46ff-bc21-c933de51c5df}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.783] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", lpTargetPath="\\Device\\{5C264C78-4D74-46FF-BC21-C933DE51C5DF}") returned 1 [0201.787] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.787] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.787] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{5C264C78-4D74-46FF-BC21-C933DE51C5DF}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.788] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.788] QueryDosDeviceW (in: lpDeviceName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="˯") returned 0x0 [0201.789] GetLastError () returned 0x2 [0201.789] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", lpTargetPath="\\Device\\{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}") returned 1 [0201.795] CreateFileW (lpFileName="\\\\.\\{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}" (normalized: "{954905e5-5ed1-4baf-ac14-2c2b8b445e08}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.795] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", lpTargetPath="\\Device\\{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}") returned 1 [0201.799] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.799] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.800] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{954905E5-5ED1-4BAF-AC14-2C2B8B445E08}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.800] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.801] QueryDosDeviceW (in: lpDeviceName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="˯") returned 0x0 [0201.802] GetLastError () returned 0x2 [0201.802] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", lpTargetPath="\\Device\\{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}") returned 1 [0201.808] CreateFileW (lpFileName="\\\\.\\{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}" (normalized: "{2e4c7576-f100-4c39-a70c-5e6d4e6bf9b7}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0201.808] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", lpTargetPath="\\Device\\{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}") returned 1 [0201.812] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.812] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.812] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{2E4C7576-F100-4C39-A70C-5E6D4E6BF9B7}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.813] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.814] QueryDosDeviceW (in: lpDeviceName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", lpTargetPath=0x12ed7f0, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP11") returned 0x10 [0201.814] CreateFileW (lpFileName="\\\\.\\{68F1467C-143D-484A-87A1-65BCBB1B2D48}" (normalized: "\\device\\ndmp11"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x480 [0201.814] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0*, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpInBuffer=0x12ec7a0*, lpOutBuffer=0x12ec7f0*, lpBytesReturned=0x12ec7b0*=0x4, lpOverlapped=0x0) returned 1 [0201.815] DeviceIoControl (in: hDevice=0x480, dwIoControlCode=0x170002, lpInBuffer=0x12ec7a0*, nInBufferSize=0x4, lpOutBuffer=0x12ec7f0, nOutBufferSize=0x1000, lpBytesReturned=0x12ec7b0, lpOverlapped=0x0 | out: lpInBuffer=0x12ec7a0*, lpOutBuffer=0x12ec7f0*, lpBytesReturned=0x12ec7b0*=0x6, lpOverlapped=0x0) returned 1 [0201.815] CloseHandle (hObject=0x480) returned 1 [0201.818] malloc (_Size=0x18) returned 0x3b4570 [0201.818] malloc (_Size=0x18) returned 0x3b4590 [0201.818] SafeArrayPutElement (psa=0x22a6e0, rgIndices=0x12ed8d0, pv=0x22a758) returned 0x0 [0201.818] malloc (_Size=0x18) returned 0x3b45b0 [0201.818] SafeArrayPutElement (psa=0x22a960, rgIndices=0x12ed8d0, pv=0x2481c8) returned 0x0 [0201.818] free (_Block=0x3b45b0) [0201.818] free (_Block=0x3b4590) [0201.818] malloc (_Size=0x18) returned 0x3b4590 [0201.818] SafeArrayPutElement (psa=0x22a6e0, rgIndices=0x12ed8d0, pv=0x2481c8) returned 0x0 [0201.818] malloc (_Size=0x18) returned 0x3b45b0 [0201.819] SafeArrayPutElement (psa=0x22a960, rgIndices=0x12ed8d0, pv=0x251a28) returned 0x0 [0201.819] free (_Block=0x3b45b0) [0201.819] free (_Block=0x3b4590) [0201.819] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.819] SafeArrayGetDim (psa=0x22a6e0) returned 0x1 [0201.819] SafeArrayGetLBound (in: psa=0x22a6e0, nDim=0x1, plLbound=0x12ed5b4 | out: plLbound=0x12ed5b4) returned 0x0 [0201.819] SafeArrayGetUBound (in: psa=0x22a6e0, nDim=0x1, plUbound=0x12ed5c0 | out: plUbound=0x12ed5c0) returned 0x0 [0201.819] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x234c40 [0201.819] SafeArrayGetDim (psa=0x22a6e0) returned 0x1 [0201.819] SafeArrayGetUBound (in: psa=0x22a6e0, nDim=0x1, plUbound=0x12ed578 | out: plUbound=0x12ed578) returned 0x0 [0201.819] SafeArrayGetElemsize (psa=0x22a6e0) returned 0x8 [0201.819] SafeArrayGetElement (in: psa=0x22a6e0, rgIndices=0x12ed508, pv=0x12ed510 | out: pv=0x12ed510) returned 0x0 [0201.819] memcpy (in: _Dst=0x12ed508, _Src=0x21f430, _Size=0x8 | out: _Dst=0x12ed508) returned 0x12ed508 [0201.820] memcpy (in: _Dst=0x12ed508, _Src=0x21f438, _Size=0x8 | out: _Dst=0x12ed508) returned 0x12ed508 [0201.820] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x234c40 | out: hHeap=0x1b0000) returned 1 [0201.821] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.821] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.821] SafeArrayGetDim (psa=0x22a960) returned 0x1 [0201.821] SafeArrayGetLBound (in: psa=0x22a960, nDim=0x1, plLbound=0x12ed5b4 | out: plLbound=0x12ed5b4) returned 0x0 [0201.821] SafeArrayGetUBound (in: psa=0x22a960, nDim=0x1, plUbound=0x12ed5c0 | out: plUbound=0x12ed5c0) returned 0x0 [0201.821] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x234c40 [0201.821] SafeArrayGetDim (psa=0x22a960) returned 0x1 [0201.821] SafeArrayGetUBound (in: psa=0x22a960, nDim=0x1, plUbound=0x12ed578 | out: plUbound=0x12ed578) returned 0x0 [0201.821] SafeArrayGetElemsize (psa=0x22a960) returned 0x8 [0201.821] SafeArrayGetElement (in: psa=0x22a960, rgIndices=0x12ed508, pv=0x12ed510 | out: pv=0x12ed510) returned 0x0 [0201.821] memcpy (in: _Dst=0x12ed508, _Src=0x21f2d0, _Size=0x8 | out: _Dst=0x12ed508) returned 0x12ed508 [0201.821] memcpy (in: _Dst=0x12ed508, _Src=0x21f2d8, _Size=0x8 | out: _Dst=0x12ed508) returned 0x12ed508 [0201.822] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x234c40 | out: hHeap=0x1b0000) returned 1 [0201.822] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.822] free (_Block=0x3b4570) [0201.823] malloc (_Size=0x18) returned 0x3b4570 [0201.823] SafeArrayPutElement (psa=0x22a6e0, rgIndices=0x12ed8d8, pv=0x251a28) returned 0x0 [0201.823] SafeArrayPutElement (psa=0x22a960, rgIndices=0x12ed8d8, pv=0x3a863c) returned 0x0 [0201.823] free (_Block=0x3b4570) [0201.823] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.823] SafeArrayGetDim (psa=0x22a6e0) returned 0x1 [0201.823] SafeArrayGetLBound (in: psa=0x22a6e0, nDim=0x1, plLbound=0x12ed5b4 | out: plLbound=0x12ed5b4) returned 0x0 [0201.823] SafeArrayGetUBound (in: psa=0x22a6e0, nDim=0x1, plUbound=0x12ed5c0 | out: plUbound=0x12ed5c0) returned 0x0 [0201.823] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x234c40 [0201.823] SafeArrayGetDim (psa=0x22a6e0) returned 0x1 [0201.823] SafeArrayGetUBound (in: psa=0x22a6e0, nDim=0x1, plUbound=0x12ed578 | out: plUbound=0x12ed578) returned 0x0 [0201.823] SafeArrayGetElemsize (psa=0x22a6e0) returned 0x8 [0201.823] SafeArrayGetElement (in: psa=0x22a6e0, rgIndices=0x12ed508, pv=0x12ed510 | out: pv=0x12ed510) returned 0x0 [0201.824] memcpy (in: _Dst=0x12ed508, _Src=0x1ed950, _Size=0x8 | out: _Dst=0x12ed508) returned 0x12ed508 [0201.824] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x234c40 | out: hHeap=0x1b0000) returned 1 [0201.824] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.824] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.824] SafeArrayGetDim (psa=0x22a960) returned 0x1 [0201.824] SafeArrayGetLBound (in: psa=0x22a960, nDim=0x1, plLbound=0x12ed5b4 | out: plLbound=0x12ed5b4) returned 0x0 [0201.824] SafeArrayGetUBound (in: psa=0x22a960, nDim=0x1, plUbound=0x12ed5c0 | out: plUbound=0x12ed5c0) returned 0x0 [0201.825] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x234c40 [0201.825] SafeArrayGetDim (psa=0x22a960) returned 0x1 [0201.825] SafeArrayGetUBound (in: psa=0x22a960, nDim=0x1, plUbound=0x12ed578 | out: plUbound=0x12ed578) returned 0x0 [0201.825] SafeArrayGetElemsize (psa=0x22a960) returned 0x4 [0201.825] SafeArrayGetElement (in: psa=0x22a960, rgIndices=0x12ed510, pv=0x12ed540 | out: pv=0x12ed540) returned 0x0 [0201.825] SafeArrayGetElement (in: psa=0x22a960, rgIndices=0x12ed510, pv=0x12ed540 | out: pv=0x12ed540) returned 0x0 [0201.825] memcpy (in: _Dst=0x12ed508, _Src=0x1ed970, _Size=0x4 | out: _Dst=0x12ed508) returned 0x12ed508 [0201.826] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x234c40 | out: hHeap=0x1b0000) returned 1 [0201.826] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.827] _wtol (_String="1659540194") returned 1659540194 [0201.827] _wtol (_String="1659536594") returned 1659536594 [0201.880] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.881] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.881] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.881] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.881] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.882] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.883] GetProcessHeap () returned 0x1b0000 [0201.883] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x1c0) returned 0x2426c0 [0201.883] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x2426c0, SizePointer=0x12ed410*=0x1c0 | out: AdapterAddresses=0x2426c0*(Alignment=0x0, Length=0x0, IfIndex=0x0, Next=0x0, AdapterName=0x0, FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix=0x0, Description=0x0, FriendlyName=0x0, PhysicalAddress=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x0, Flags=0x0, DdnsEnabled=0x0, RegisterAdapterSuffix=0x0, Dhcpv4Enabled=0x0, ReceiveOnly=0x0, NoMulticast=0x0, Ipv6OtherStatefulConfig=0x0, NetbiosOverTcpipEnabled=0x0, Ipv4Enabled=0x0, Ipv6Enabled=0x0, Ipv6ManagedAddressConfigurationSupported=0x0, Mtu=0x0, IfType=0x0, OperStatus=0x0, Ipv6IfIndex=0x0, ZoneIndices=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0), FirstPrefix=0x0, TransmitLinkSpeed=0x0, ReceiveLinkSpeed=0x0, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0x0, Ipv6Metric=0x0, Luid=0x0, Dhcpv4Server.lpSockaddr=0x0, Dhcpv4Server.iSockaddrLength=0, CompartmentId=0x0, NetworkGuid=0x0, ConnectionType=0x0, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0x0, Dhcpv6Iaid=0x0, FirstDnsSuffix=0x0), SizePointer=0x12ed410*=0x760) returned 0x6f [0201.891] GetProcessHeap () returned 0x1b0000 [0201.891] RtlFreeHeap (HeapHandle=0x1b0000, Flags=0x0, BaseAddress=0x2426c0) returned 1 [0201.891] GetProcessHeap () returned 0x1b0000 [0201.891] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x8, Size=0x760) returned 0x2aa600 [0201.891] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x2aa600, SizePointer=0x12ed410*=0x760 | out: AdapterAddresses=0x2aa600*(Alignment=0x10000001c0, Length=0x1c0, IfIndex=0x10, Next=0x2aa888, AdapterName="{68F1467C-143D-484A-87A1-65BCBB1B2D48}", FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #5", FriendlyName="Local Area Connection 5", PhysicalAddress=([0]=0x0, [1]=0x7, [2]=0x7d, [3]=0xd7, [4]=0x58, [5]=0x38, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x3e5, DdnsEnabled=0x3e5, RegisterAdapterSuffix=0x3e5, Dhcpv4Enabled=0x3e5, ReceiveOnly=0x3e5, NoMulticast=0x3e5, Ipv6OtherStatefulConfig=0x3e5, NetbiosOverTcpipEnabled=0x3e5, Ipv4Enabled=0x3e5, Ipv6Enabled=0x3e5, Ipv6ManagedAddressConfigurationSupported=0x3e5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x10, ZoneIndices=([0]=0x10, [1]=0x10, [2]=0x10, [3]=0x10, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x600000a000000, Dhcpv4Server.lpSockaddr=0x2aa7c0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11de7039846ee341, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x27, [5]=0xbf, [6]=0xe, [7]=0x9e, [8]=0x0, [9]=0x26, [10]=0x67, [11]=0xd5, [12]=0xc6, [13]=0x31, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x13c89f1d, FirstDnsSuffix=0x0), SizePointer=0x12ed410*=0x760) returned 0x0 [0201.899] GetProcessHeap () returned 0x1b0000 [0201.899] RtlFreeHeap (HeapHandle=0x1b0000, Flags=0x0, BaseAddress=0x2aa600) returned 1 [0201.901] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc380000 [0201.907] GetProcAddress (hModule=0x7fefc380000, lpProcName="DnsQueryConfigAllocEx") returned 0x7fefc385e88 [0201.907] DnsQueryConfigAllocEx () returned 0x1761940 [0201.914] GetProcAddress (hModule=0x7fefc380000, lpProcName="DnsFreeConfigStructure") returned 0x7fefc396838 [0201.914] DnsFreeConfigStructure () returned 0x76943801 [0201.915] GetProcAddress (hModule=0x7fefc380000, lpProcName="DnsQueryConfigDword") returned 0x7fefc390ad0 [0201.915] DnsQueryConfigDword () returned 0x1 [0201.915] DnsQueryConfigDword () returned 0x0 [0201.916] malloc (_Size=0x18) returned 0x3b4570 [0201.916] SafeArrayPutElement (psa=0x231770, rgIndices=0x12ed5a4, pv=0x251a28) returned 0x0 [0201.916] free (_Block=0x3b4570) [0201.920] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.920] SafeArrayGetDim (psa=0x231770) returned 0x1 [0201.920] SafeArrayGetLBound (in: psa=0x231770, nDim=0x1, plLbound=0x12ed674 | out: plLbound=0x12ed674) returned 0x0 [0201.920] SafeArrayGetUBound (in: psa=0x231770, nDim=0x1, plUbound=0x12ed680 | out: plUbound=0x12ed680) returned 0x0 [0201.920] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x234d60 [0201.921] SafeArrayGetDim (psa=0x231770) returned 0x1 [0201.921] SafeArrayGetUBound (in: psa=0x231770, nDim=0x1, plUbound=0x12ed638 | out: plUbound=0x12ed638) returned 0x0 [0201.921] SafeArrayGetElemsize (psa=0x231770) returned 0x8 [0201.921] SafeArrayGetElement (in: psa=0x231770, rgIndices=0x12ed5c8, pv=0x12ed5d0 | out: pv=0x12ed5d0) returned 0x0 [0201.921] memcpy (in: _Dst=0x12ed5c8, _Src=0x1ed970, _Size=0x8 | out: _Dst=0x12ed5c8) returned 0x12ed5c8 [0201.922] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x234d60 | out: hHeap=0x1b0000) returned 1 [0201.922] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.922] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x78) returned 0x1e6e00 [0201.922] SafeArrayGetDim (psa=0x21aac0) returned 0x1 [0201.922] SafeArrayGetLBound (in: psa=0x21aac0, nDim=0x1, plLbound=0x12ed674 | out: plLbound=0x12ed674) returned 0x0 [0201.922] SafeArrayGetUBound (in: psa=0x21aac0, nDim=0x1, plUbound=0x12ed680 | out: plUbound=0x12ed680) returned 0x0 [0201.922] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x28) returned 0x234d60 [0201.922] SafeArrayGetDim (psa=0x21aac0) returned 0x1 [0201.922] SafeArrayGetUBound (in: psa=0x21aac0, nDim=0x1, plUbound=0x12ed638 | out: plUbound=0x12ed638) returned 0x0 [0201.922] SafeArrayGetElemsize (psa=0x21aac0) returned 0x8 [0201.923] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x234d60 | out: hHeap=0x1b0000) returned 1 [0201.923] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1e6e00 | out: hHeap=0x1b0000) returned 1 [0201.926] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefa740000 [0201.926] GetProcAddress (hModule=0x7fefa740000, lpProcName="GetAdapterIndex") returned 0x7fefa7451fc [0201.926] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{68F1467C-143D-484A-87A1-65BCBB1B2D48}", IfIndex=0x12edc98 | out: IfIndex=0x12edc98) returned 0x0 [0201.927] FreeLibrary (hLibModule=0x7fefa740000) returned 1 [0201.927] free (_Block=0x39d950) [0201.928] free (_Block=0x39d9a0) [0201.928] free (_Block=0x39d9f0) [0201.929] free (_Block=0x3ae130) [0201.929] free (_Block=0x3ae180) [0201.930] free (_Block=0x3ae1d0) [0201.930] free (_Block=0x3ae270) [0201.931] free (_Block=0x3ae2c0) [0201.931] free (_Block=0x3ae310) [0201.932] free (_Block=0x3ae3b0) [0201.932] free (_Block=0x3ae220) [0201.933] free (_Block=0x3ae400) [0201.934] free (_Block=0x3ae450) [0201.934] free (_Block=0x3ae4a0) [0201.935] free (_Block=0x3ae4f0) [0201.935] free (_Block=0x3a8500) [0201.936] free (_Block=0x3a84d0) [0201.936] free (_Block=0x3a8620) [0201.937] free (_Block=0x3a0a60) [0201.937] free (_Block=0x3a8680) [0201.937] free (_Block=0x3a86b0) [0201.938] free (_Block=0x3a0bb0) [0201.938] free (_Block=0x3a0c90) [0201.951] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x4) returned 0x1ed970 [0201.951] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1ed970, pulNumLanguages=0x12ee400 | out: pulNumLanguages=0x12ee400) returned 1 [0201.951] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed970 | out: hHeap=0x1b0000) returned 1 [0207.061] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0207.164] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0207.178] SetLastError (dwErrCode=0x0) [0207.178] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12ee310) returned 1 [0207.179] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed900 [0207.179] SetLastError (dwErrCode=0x0) [0207.179] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed900, pcchLanguagesBuffer=0x12ee310 | out: pulNumLanguages=0x12ee408, pwszLanguagesBuffer=0x1ed900, pcchLanguagesBuffer=0x12ee310) returned 1 [0207.179] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x8) returned 0x1ed970 [0207.179] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed900 | out: hHeap=0x1b0000) returned 1 [0207.179] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x14) returned 0x21f430 [0207.179] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x21f430, pulNumLanguages=0x12ee408 | out: pulNumLanguages=0x12ee408) returned 1 [0207.179] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x21f430 | out: hHeap=0x1b0000) returned 1 [0207.181] malloc (_Size=0x600) returned 0x3bad20 [0207.181] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x12edb2c | out: Buffer=0x0, ReturnedLength=0x12edb2c) returned 0 [0207.181] GetLastError () returned 0x7a [0207.181] malloc (_Size=0x250) returned 0x3a7cb0 [0207.181] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x3a7cb0, ReturnedLength=0x12edb2c | out: Buffer=0x3a7cb0, ReturnedLength=0x12edb2c) returned 1 [0207.181] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0207.182] GetMaximumProcessorGroupCount () returned 0x1 [0207.182] malloc (_Size=0x40) returned 0x39d900 [0207.182] malloc (_Size=0x40) returned 0x39d8b0 [0207.182] malloc (_Size=0x8) returned 0x3a7830 [0207.182] memcpy (in: _Dst=0x39d900, _Src=0x3a7cd0, _Size=0x10 | out: _Dst=0x39d900) returned 0x39d900 [0207.183] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0207.183] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x12edb24, InputBufferLength=0x2, OutputBuffer=0x3bad20, OutputBufferLength=0x60 | out: OutputBuffer=0x3bad20) returned 0x0 [0207.183] _vsnwprintf (in: _Buffer=0x12ed9c0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x12ed2b8 | out: _Buffer="CPU0") returned 4 [0207.183] GetCurrentThread () returned 0xfffffffffffffffe [0207.183] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x12ed190, PreviousGroupAffinity=0x12ed1a0 | out: PreviousGroupAffinity=0x12ed1a0) returned 1 [0207.183] GetSystemInfo (in: lpSystemInfo=0x12ed350 | out: lpSystemInfo=0x12ed350*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0207.184] mbstowcs (in: _Dest=0x12ed5d8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0207.184] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0207.185] mbstowcs (in: _Dest=0x12ed448, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0207.185] GetCurrentThread () returned 0xfffffffffffffffe [0207.185] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x12ed1a0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0207.188] LoadStringW (in: hInstance=0x7fef22e0000, uID=0x2c, lpBuffer=0x12ed010, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0209.159] malloc (_Size=0x319f8) returned 0x3bbc50 [0209.842] _wtoi (_String="238") returned 238 [0209.842] _wtoi (_String="6") returned 6 [0209.842] _itow (in: _Dest=0x0, _Radix=19847408 | out: _Dest=0x0) returned="0" [0209.842] _itow (in: _Dest=0xee, _Radix=19845696 | out: _Dest=0xee) returned="238" [0209.842] malloc (_Size=0x4000) returned 0x3ed650 [0209.842] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x3ed650, lpcbData=0x12ed214*=0x4000 | out: lpType=0x0, lpData=0x3ed650*=0x50, lpcbData=0x12ed214*=0x608) returned 0x0 [0209.844] free (_Block=0x3ed650) [0209.844] Sleep (dwMilliseconds=0x3e8) [0210.849] _itow (in: _Dest=0xee, _Radix=19845696 | out: _Dest=0xee) returned="238" [0210.849] malloc (_Size=0x4000) returned 0x3ed650 [0210.849] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0x3ed650, lpcbData=0x12ed214*=0x4000 | out: lpType=0x0, lpData=0x3ed650*=0x50, lpcbData=0x12ed214*=0x608) returned 0x0 [0210.851] free (_Block=0x3ed650) [0210.853] free (_Block=0x3bbc50) [0210.857] _vsnwprintf (in: _Buffer=0x12ed8f0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x12ed2b8 | out: _Buffer="0F8BFBFF00050654") returned 16 [0210.857] lstrlenW (lpString=" 0") returned 2 [0210.858] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0210.858] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0210.858] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0210.858] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0210.858] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0210.858] _vsnwprintf (in: _Buffer=0x12edbd0, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x12edaf8 | out: _Buffer="CPU0") returned 4 [0210.860] free (_Block=0x3a7830) [0210.860] free (_Block=0x39d8b0) [0210.860] free (_Block=0x39d900) [0210.861] free (_Block=0x3a7cb0) [0210.861] free (_Block=0x3bad20) [0210.873] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x4) returned 0x1ed900 [0210.873] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1ed900, pulNumLanguages=0x12ee400 | out: pulNumLanguages=0x12ee400) returned 1 [0210.873] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1ed900 | out: hHeap=0x1b0000) returned 1 Thread: id = 133 os_tid = 0xca0 Thread: id = 134 os_tid = 0xc9c Thread: id = 135 os_tid = 0xc94 Thread: id = 136 os_tid = 0xc90 Thread: id = 137 os_tid = 0xc88 Thread: id = 138 os_tid = 0xc80 Thread: id = 139 os_tid = 0xc7c Thread: id = 195 os_tid = 0x8f4 Thread: id = 198 os_tid = 0xaac Process: id = "7" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x622cd000" os_pid = "0x7c8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d967" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 3531 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 3532 start_va = 0x20000 end_va = 0x20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 3533 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 3534 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 3535 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 3536 start_va = 0xc0000 end_va = 0xc0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000c0000" filename = "" Region: id = 3537 start_va = 0xd0000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000d0000" filename = "" Region: id = 3538 start_va = 0x150000 end_va = 0x154fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 3539 start_va = 0x160000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000160000" filename = "" Region: id = 3540 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 3541 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 3542 start_va = 0x200000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 3543 start_va = 0x210000 end_va = 0x210fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000210000" filename = "" Region: id = 3544 start_va = 0x240000 end_va = 0x33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 3545 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 3546 start_va = 0x440000 end_va = 0x5c7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 3547 start_va = 0x5d0000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 3548 start_va = 0x760000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000760000" filename = "" Region: id = 3549 start_va = 0x820000 end_va = 0xaeefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 3550 start_va = 0xaf0000 end_va = 0xb6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000af0000" filename = "" Region: id = 3551 start_va = 0xb90000 end_va = 0xc0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 3552 start_va = 0xc20000 end_va = 0xc9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 3553 start_va = 0xcd0000 end_va = 0xd4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cd0000" filename = "" Region: id = 3554 start_va = 0xeb0000 end_va = 0xf2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000eb0000" filename = "" Region: id = 3555 start_va = 0xf60000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 3556 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 3557 start_va = 0x1060000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 3558 start_va = 0x1220000 end_va = 0x129ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001220000" filename = "" Region: id = 3559 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 3560 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 3561 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 3562 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 3563 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 3564 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 3565 start_va = 0x13ff50000 end_va = 0x13ffbbfff monitored = 0 entry_point = 0x13ff8b450 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 3566 start_va = 0x7fef2290000 end_va = 0x7fef22ddfff monitored = 0 entry_point = 0x7fef2291198 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 3567 start_va = 0x7fef6040000 end_va = 0x7fef60c5fff monitored = 1 entry_point = 0x7fef604ffd0 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 3568 start_va = 0x7fef60e0000 end_va = 0x7fef6104fff monitored = 1 entry_point = 0x7fef60f8d6c region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 3569 start_va = 0x7fef69e0000 end_va = 0x7fef6a1bfff monitored = 1 entry_point = 0x7fef6a05aa8 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 3570 start_va = 0x7fef8d20000 end_va = 0x7fef8d31fff monitored = 0 entry_point = 0x7fef8d289d0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 3571 start_va = 0x7fef8ee0000 end_va = 0x7fef8f00fff monitored = 0 entry_point = 0x7fef8ef03b0 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 3572 start_va = 0x7fef9000000 end_va = 0x7fef9012fff monitored = 0 entry_point = 0x7fef9001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 3573 start_va = 0x7fef92e0000 end_va = 0x7fef92edfff monitored = 0 entry_point = 0x7fef92e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 3574 start_va = 0x7fef92f0000 end_va = 0x7fef9316fff monitored = 0 entry_point = 0x7fef92f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 3575 start_va = 0x7fef9320000 end_va = 0x7fef93f2fff monitored = 0 entry_point = 0x7fef9398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 3576 start_va = 0x7fef9580000 end_va = 0x7fef95f6fff monitored = 1 entry_point = 0x7fef95be7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 3577 start_va = 0x7fefacf0000 end_va = 0x7fefad1cfff monitored = 0 entry_point = 0x7fefacf1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 3578 start_va = 0x7fefc260000 end_va = 0x7fefc2a6fff monitored = 0 entry_point = 0x7fefc261064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 3579 start_va = 0x7fefc560000 end_va = 0x7fefc577fff monitored = 0 entry_point = 0x7fefc563b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 3580 start_va = 0x7fefc6d0000 end_va = 0x7fefc6f1fff monitored = 0 entry_point = 0x7fefc6d5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 3581 start_va = 0x7fefc790000 end_va = 0x7fefc7fcfff monitored = 0 entry_point = 0x7fefc791010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 3582 start_va = 0x7fefcb60000 end_va = 0x7fefcb6efff monitored = 0 entry_point = 0x7fefcb61010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 3583 start_va = 0x7fefcc50000 end_va = 0x7fefcc63fff monitored = 0 entry_point = 0x7fefcc510e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 3584 start_va = 0x7fefcd20000 end_va = 0x7fefcd8bfff monitored = 0 entry_point = 0x7fefcd22780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 3585 start_va = 0x7fefd420000 end_va = 0x7fefd486fff monitored = 0 entry_point = 0x7fefd42b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 3586 start_va = 0x7fefd490000 end_va = 0x7fefd4dcfff monitored = 0 entry_point = 0x7fefd491070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 3587 start_va = 0x7fefd4e0000 end_va = 0x7fefd6e2fff monitored = 0 entry_point = 0x7fefd503330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 3588 start_va = 0x7fefe680000 end_va = 0x7fefe7acfff monitored = 0 entry_point = 0x7fefe6ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 3589 start_va = 0x7fefe7b0000 end_va = 0x7fefe88afff monitored = 0 entry_point = 0x7fefe7d0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 3590 start_va = 0x7fefe910000 end_va = 0x7fefe9d8fff monitored = 0 entry_point = 0x7fefe98a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 3591 start_va = 0x7fefea60000 end_va = 0x7fefeab1fff monitored = 0 entry_point = 0x7fefea610d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 3592 start_va = 0x7fefeb60000 end_va = 0x7fefeb6dfff monitored = 0 entry_point = 0x7fefeb61080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 3593 start_va = 0x7fefeb70000 end_va = 0x7fefec46fff monitored = 0 entry_point = 0x7fefeb73274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 3594 start_va = 0x7fefec50000 end_va = 0x7fefec6efff monitored = 0 entry_point = 0x7fefec560e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 3595 start_va = 0x7fefec70000 end_va = 0x7fefed0efff monitored = 0 entry_point = 0x7fefec725a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 3596 start_va = 0x7fefed10000 end_va = 0x7fefee18fff monitored = 0 entry_point = 0x7fefed11064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 3597 start_va = 0x7fefef50000 end_va = 0x7fefefe8fff monitored = 0 entry_point = 0x7fefef51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 3598 start_va = 0x7fefeff0000 end_va = 0x7fefeff7fff monitored = 0 entry_point = 0x7fefeff1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 3599 start_va = 0x7feff000000 end_va = 0x7feff02dfff monitored = 0 entry_point = 0x7feff001010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 3600 start_va = 0x7feff040000 end_va = 0x7feff040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 3601 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 3602 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 3603 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 3604 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 3605 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 3606 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 3607 start_va = 0x7fffffd9000 end_va = 0x7fffffdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 3608 start_va = 0x7fffffdb000 end_va = 0x7fffffdcfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdb000" filename = "" Region: id = 3609 start_va = 0x7fffffdd000 end_va = 0x7fffffdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdd000" filename = "" Region: id = 3610 start_va = 0x7fffffdf000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdf000" filename = "" Thread: id = 140 os_tid = 0xf90 Thread: id = 141 os_tid = 0x388 Thread: id = 142 os_tid = 0x6c8 Thread: id = 143 os_tid = 0x548 Thread: id = 144 os_tid = 0x38c Thread: id = 145 os_tid = 0x69c Thread: id = 146 os_tid = 0x7c0 Thread: id = 147 os_tid = 0x310 Thread: id = 194 os_tid = 0x8e8 Thread: id = 199 os_tid = 0xab4 Process: id = "8" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x96e9000" os_pid = "0x334" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1cc" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000c5c1" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 4424 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4425 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 4426 start_va = 0x30000 end_va = 0x33fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 4427 start_va = 0x40000 end_va = 0x40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 4428 start_va = 0x50000 end_va = 0xb6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4429 start_va = 0xc0000 end_va = 0x17ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000c0000" filename = "" Region: id = 4430 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 4431 start_va = 0x190000 end_va = 0x20ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 4432 start_va = 0x210000 end_va = 0x30ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000210000" filename = "" Region: id = 4433 start_va = 0x310000 end_va = 0x310fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000310000" filename = "" Region: id = 4434 start_va = 0x320000 end_va = 0x32cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "setupapi.dll.mui" filename = "\\Windows\\System32\\en-US\\setupapi.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\setupapi.dll.mui") Region: id = 4435 start_va = 0x330000 end_va = 0x330fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000330000" filename = "" Region: id = 4436 start_va = 0x340000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000340000" filename = "" Region: id = 4437 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 4438 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 4439 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 4440 start_va = 0x470000 end_va = 0x471fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000470000" filename = "" Region: id = 4441 start_va = 0x480000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 4442 start_va = 0x500000 end_va = 0x501fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 4443 start_va = 0x510000 end_va = 0x511fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 4444 start_va = 0x520000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 4445 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 4446 start_va = 0x5b0000 end_va = 0x737fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005b0000" filename = "" Region: id = 4447 start_va = 0x740000 end_va = 0x8c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000740000" filename = "" Region: id = 4448 start_va = 0x8d0000 end_va = 0x8d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 4449 start_va = 0x8e0000 end_va = 0x8e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 4450 start_va = 0x8f0000 end_va = 0x96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 4451 start_va = 0x970000 end_va = 0x970fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000970000" filename = "" Region: id = 4452 start_va = 0xa00000 end_va = 0xa1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rasdlg.dll.mui" filename = "\\Windows\\System32\\en-US\\rasdlg.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rasdlg.dll.mui") Region: id = 4453 start_va = 0xa20000 end_va = 0xa9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 4454 start_va = 0xaa0000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000aa0000" filename = "" Region: id = 4455 start_va = 0xba0000 end_va = 0xe6efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4456 start_va = 0xe80000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e80000" filename = "" Region: id = 4457 start_va = 0xf30000 end_va = 0xf3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 4458 start_va = 0x1080000 end_va = 0x10fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001080000" filename = "" Region: id = 4459 start_va = 0x1130000 end_va = 0x11affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001130000" filename = "" Region: id = 4460 start_va = 0x1210000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001210000" filename = "" Region: id = 4461 start_va = 0x12c0000 end_va = 0x133ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012c0000" filename = "" Region: id = 4462 start_va = 0x13d0000 end_va = 0x13dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013d0000" filename = "" Region: id = 4463 start_va = 0x14c0000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000014c0000" filename = "" Region: id = 4464 start_va = 0x15b0000 end_va = 0x162ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000015b0000" filename = "" Region: id = 4465 start_va = 0x1650000 end_va = 0x16cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001650000" filename = "" Region: id = 4466 start_va = 0x1710000 end_va = 0x171ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001710000" filename = "" Region: id = 4467 start_va = 0x1730000 end_va = 0x17affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001730000" filename = "" Region: id = 4468 start_va = 0x1920000 end_va = 0x1a1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001920000" filename = "" Region: id = 4469 start_va = 0x1a80000 end_va = 0x1afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a80000" filename = "" Region: id = 4470 start_va = 0x1ba0000 end_va = 0x1baffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001ba0000" filename = "" Region: id = 4471 start_va = 0x1bc0000 end_va = 0x1c3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001bc0000" filename = "" Region: id = 4472 start_va = 0x1c40000 end_va = 0x1d3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c40000" filename = "" Region: id = 4473 start_va = 0x1d50000 end_va = 0x1dcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d50000" filename = "" Region: id = 4474 start_va = 0x1e20000 end_va = 0x1f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e20000" filename = "" Region: id = 4475 start_va = 0x1fd0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fd0000" filename = "" Region: id = 4476 start_va = 0x1fe0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 4477 start_va = 0x2100000 end_va = 0x210ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 4478 start_va = 0x2190000 end_va = 0x220ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 4479 start_va = 0x2230000 end_va = 0x223ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002230000" filename = "" Region: id = 4480 start_va = 0x2240000 end_va = 0x233ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002240000" filename = "" Region: id = 4481 start_va = 0x2340000 end_va = 0x243ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002340000" filename = "" Region: id = 4482 start_va = 0x2530000 end_va = 0x253ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002530000" filename = "" Region: id = 4483 start_va = 0x73440000 end_va = 0x73442fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sfc.dll" filename = "\\Windows\\System32\\sfc.dll" (normalized: "c:\\windows\\system32\\sfc.dll") Region: id = 4484 start_va = 0x76b00000 end_va = 0x76c1efff monitored = 0 entry_point = 0x76b15340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4485 start_va = 0x76c20000 end_va = 0x76d19fff monitored = 0 entry_point = 0x76c3a2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4486 start_va = 0x76d20000 end_va = 0x76ec8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4487 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4488 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4489 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4490 start_va = 0xffa90000 end_va = 0xffa9afff monitored = 0 entry_point = 0xffa9246c region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 4491 start_va = 0x7fef4710000 end_va = 0x7fef472bfff monitored = 0 entry_point = 0x7fef47111a0 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\System32\\rasman.dll" (normalized: "c:\\windows\\system32\\rasman.dll") Region: id = 4492 start_va = 0x7fef4730000 end_va = 0x7fef4791fff monitored = 0 entry_point = 0x7fef4731198 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\System32\\rasapi32.dll" (normalized: "c:\\windows\\system32\\rasapi32.dll") Region: id = 4493 start_va = 0x7fef47a0000 end_va = 0x7fef47d9fff monitored = 0 entry_point = 0x7fef47a1010 region_type = mapped_file name = "mprapi.dll" filename = "\\Windows\\System32\\mprapi.dll" (normalized: "c:\\windows\\system32\\mprapi.dll") Region: id = 4494 start_va = 0x7fef47e0000 end_va = 0x7fef48b7fff monitored = 0 entry_point = 0x7fef4848bd0 region_type = mapped_file name = "rasdlg.dll" filename = "\\Windows\\System32\\rasdlg.dll" (normalized: "c:\\windows\\system32\\rasdlg.dll") Region: id = 4495 start_va = 0x7fef48c0000 end_va = 0x7fef491bfff monitored = 0 entry_point = 0x7fef48c8c20 region_type = mapped_file name = "netman.dll" filename = "\\Windows\\System32\\netman.dll" (normalized: "c:\\windows\\system32\\netman.dll") Region: id = 4496 start_va = 0x7fef4b60000 end_va = 0x7fef4deafff monitored = 0 entry_point = 0x7fef4b66f5c region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 4497 start_va = 0x7fef8760000 end_va = 0x7fef876bfff monitored = 0 entry_point = 0x7fef876419c region_type = mapped_file name = "apphlpdm.dll" filename = "\\Windows\\System32\\Apphlpdm.dll" (normalized: "c:\\windows\\system32\\apphlpdm.dll") Region: id = 4498 start_va = 0x7fef8770000 end_va = 0x7fef8786fff monitored = 0 entry_point = 0x7fef877d308 region_type = mapped_file name = "portabledeviceconnectapi.dll" filename = "\\Windows\\System32\\PortableDeviceConnectApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll") Region: id = 4499 start_va = 0x7fef87e0000 end_va = 0x7fef885bfff monitored = 0 entry_point = 0x7fef87e11d4 region_type = mapped_file name = "wer.dll" filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll") Region: id = 4500 start_va = 0x7fef8950000 end_va = 0x7fef8a0cfff monitored = 0 entry_point = 0x7fef8951ea4 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll") Region: id = 4501 start_va = 0x7fef8f90000 end_va = 0x7fef8ffafff monitored = 0 entry_point = 0x7fef8fd4344 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 4502 start_va = 0x7fef9000000 end_va = 0x7fef9012fff monitored = 0 entry_point = 0x7fef9001d80 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 4503 start_va = 0x7fef91e0000 end_va = 0x7fef9263fff monitored = 0 entry_point = 0x7fef9231118 region_type = mapped_file name = "netcfgx.dll" filename = "\\Windows\\System32\\netcfgx.dll" (normalized: "c:\\windows\\system32\\netcfgx.dll") Region: id = 4504 start_va = 0x7fef92e0000 end_va = 0x7fef92edfff monitored = 0 entry_point = 0x7fef92e5500 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 4505 start_va = 0x7fef92f0000 end_va = 0x7fef9316fff monitored = 0 entry_point = 0x7fef92f11a0 region_type = mapped_file name = "ntdsapi.dll" filename = "\\Windows\\System32\\ntdsapi.dll" (normalized: "c:\\windows\\system32\\ntdsapi.dll") Region: id = 4506 start_va = 0x7fef9320000 end_va = 0x7fef93f2fff monitored = 0 entry_point = 0x7fef9398b00 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 4507 start_va = 0x7fef9580000 end_va = 0x7fef95f6fff monitored = 0 entry_point = 0x7fef95be7f0 region_type = mapped_file name = "wbemcomn2.dll" filename = "\\Windows\\System32\\wbemcomn2.dll" (normalized: "c:\\windows\\system32\\wbemcomn2.dll") Region: id = 4508 start_va = 0x7fef9640000 end_va = 0x7fef9661fff monitored = 0 entry_point = 0x7fef9641020 region_type = mapped_file name = "trkwks.dll" filename = "\\Windows\\System32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll") Region: id = 4509 start_va = 0x7fef9820000 end_va = 0x7fef982ffff monitored = 0 entry_point = 0x7fef9821010 region_type = mapped_file name = "sfc_os.dll" filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll") Region: id = 4510 start_va = 0x7fef9830000 end_va = 0x7fef9841fff monitored = 0 entry_point = 0x7fef9831050 region_type = mapped_file name = "aepic.dll" filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll") Region: id = 4511 start_va = 0x7fef9850000 end_va = 0x7fef98a6fff monitored = 0 entry_point = 0x7fef9851118 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 4512 start_va = 0x7fef98b0000 end_va = 0x7fef98e2fff monitored = 0 entry_point = 0x7fef98b101c region_type = mapped_file name = "pcasvc.dll" filename = "\\Windows\\System32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll") Region: id = 4513 start_va = 0x7fef98f0000 end_va = 0x7fef9908fff monitored = 0 entry_point = 0x7fef98f2b50 region_type = mapped_file name = "wdi.dll" filename = "\\Windows\\System32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll") Region: id = 4514 start_va = 0x7fefa720000 end_va = 0x7fefa72ffff monitored = 0 entry_point = 0x7fefa7227f0 region_type = mapped_file name = "uxsms.dll" filename = "\\Windows\\System32\\uxsms.dll" (normalized: "c:\\windows\\system32\\uxsms.dll") Region: id = 4515 start_va = 0x7fefa730000 end_va = 0x7fefa73afff monitored = 0 entry_point = 0x7fefa731198 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 4516 start_va = 0x7fefa740000 end_va = 0x7fefa766fff monitored = 0 entry_point = 0x7fefa7498bc region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 4517 start_va = 0x7fefa810000 end_va = 0x7fefa81afff monitored = 0 entry_point = 0x7fefa814f8c region_type = mapped_file name = "slc.dll" filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll") Region: id = 4518 start_va = 0x7fefa820000 end_va = 0x7fefa82bfff monitored = 0 entry_point = 0x7fefa8215d8 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 4519 start_va = 0x7fefa840000 end_va = 0x7fefa858fff monitored = 0 entry_point = 0x7fefa8411a8 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 4520 start_va = 0x7fefa8a0000 end_va = 0x7fefa8dcfff monitored = 0 entry_point = 0x7fefa8a1b7c region_type = mapped_file name = "mstask.dll" filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll") Region: id = 4521 start_va = 0x7fefa8e0000 end_va = 0x7fefa8f4fff monitored = 0 entry_point = 0x7fefa8e60d8 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 4522 start_va = 0x7fefa9d0000 end_va = 0x7fefaaf6fff monitored = 0 entry_point = 0x7fefa9d10ec region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 4523 start_va = 0x7fefab00000 end_va = 0x7fefab2ffff monitored = 0 entry_point = 0x7fefab1fe98 region_type = mapped_file name = "peerdist.dll" filename = "\\Windows\\System32\\PeerDist.dll" (normalized: "c:\\windows\\system32\\peerdist.dll") Region: id = 4524 start_va = 0x7fefab30000 end_va = 0x7fefabdbfff monitored = 0 entry_point = 0x7fefab418d0 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 4525 start_va = 0x7fefac00000 end_va = 0x7fefac08fff monitored = 0 entry_point = 0x7fefac01010 region_type = mapped_file name = "avrt.dll" filename = "\\Windows\\System32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll") Region: id = 4526 start_va = 0x7fefac10000 end_va = 0x7fefac3bfff monitored = 0 entry_point = 0x7fefac115c4 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 4527 start_va = 0x7fefac40000 end_va = 0x7fefacebfff monitored = 0 entry_point = 0x7fefac56acc region_type = mapped_file name = "audiosrv.dll" filename = "\\Windows\\System32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll") Region: id = 4528 start_va = 0x7fefacf0000 end_va = 0x7fefad1cfff monitored = 0 entry_point = 0x7fefacf1010 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 4529 start_va = 0x7fefad20000 end_va = 0x7fefad30fff monitored = 0 entry_point = 0x7fefad214c0 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 4530 start_va = 0x7fefad60000 end_va = 0x7fefad9efff monitored = 0 entry_point = 0x7fefad612c0 region_type = mapped_file name = "cscobj.dll" filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll") Region: id = 4531 start_va = 0x7fefaff0000 end_va = 0x7fefb000fff monitored = 0 entry_point = 0x7fefaff1070 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 4532 start_va = 0x7fefb150000 end_va = 0x7fefb184fff monitored = 0 entry_point = 0x7fefb151064 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 4533 start_va = 0x7fefb1b0000 end_va = 0x7fefb1fafff monitored = 0 entry_point = 0x7fefb1befcc region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll") Region: id = 4534 start_va = 0x7fefb620000 end_va = 0x7fefb74bfff monitored = 0 entry_point = 0x7fefb6294bc region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 4535 start_va = 0x7fefb7a0000 end_va = 0x7fefb993fff monitored = 0 entry_point = 0x7fefb92c924 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll") Region: id = 4536 start_va = 0x7fefbe30000 end_va = 0x7fefbe3bfff monitored = 0 entry_point = 0x7fefbe31064 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 4537 start_va = 0x7fefbff0000 end_va = 0x7fefc00afff monitored = 0 entry_point = 0x7fefbff2068 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 4538 start_va = 0x7fefc010000 end_va = 0x7fefc02dfff monitored = 0 entry_point = 0x7fefc0113b8 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 4539 start_va = 0x7fefc030000 end_va = 0x7fefc041fff monitored = 0 entry_point = 0x7fefc031060 region_type = mapped_file name = "devrtl.dll" filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll") Region: id = 4540 start_va = 0x7fefc160000 end_va = 0x7fefc169fff monitored = 0 entry_point = 0x7fefc163cb8 region_type = mapped_file name = "credssp.dll" filename = "\\Windows\\System32\\credssp.dll" (normalized: "c:\\windows\\system32\\credssp.dll") Region: id = 4541 start_va = 0x7fefc170000 end_va = 0x7fefc17cfff monitored = 0 entry_point = 0x7fefc171348 region_type = mapped_file name = "pcwum.dll" filename = "\\Windows\\System32\\pcwum.dll" (normalized: "c:\\windows\\system32\\pcwum.dll") Region: id = 4542 start_va = 0x7fefc260000 end_va = 0x7fefc2a6fff monitored = 0 entry_point = 0x7fefc261064 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 4543 start_va = 0x7fefc560000 end_va = 0x7fefc577fff monitored = 0 entry_point = 0x7fefc563b48 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 4544 start_va = 0x7fefc6d0000 end_va = 0x7fefc6f1fff monitored = 0 entry_point = 0x7fefc6d5d30 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 4545 start_va = 0x7fefc750000 end_va = 0x7fefc77efff monitored = 0 entry_point = 0x7fefc751064 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 4546 start_va = 0x7fefc790000 end_va = 0x7fefc7fcfff monitored = 0 entry_point = 0x7fefc791010 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 4547 start_va = 0x7fefcb00000 end_va = 0x7fefcb0afff monitored = 0 entry_point = 0x7fefcb01030 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 4548 start_va = 0x7fefcb30000 end_va = 0x7fefcb54fff monitored = 0 entry_point = 0x7fefcb39658 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 4549 start_va = 0x7fefcb60000 end_va = 0x7fefcb6efff monitored = 0 entry_point = 0x7fefcb61010 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 4550 start_va = 0x7fefcc10000 end_va = 0x7fefcc4cfff monitored = 0 entry_point = 0x7fefcc118f4 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 4551 start_va = 0x7fefcc50000 end_va = 0x7fefcc63fff monitored = 0 entry_point = 0x7fefcc510e0 region_type = mapped_file name = "rpcrtremote.dll" filename = "\\Windows\\System32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll") Region: id = 4552 start_va = 0x7fefcc70000 end_va = 0x7fefcc7efff monitored = 0 entry_point = 0x7fefcc719b0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 4553 start_va = 0x7fefcd10000 end_va = 0x7fefcd1efff monitored = 0 entry_point = 0x7fefcd11020 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 4554 start_va = 0x7fefcd20000 end_va = 0x7fefcd8bfff monitored = 0 entry_point = 0x7fefcd22780 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 4555 start_va = 0x7fefcd90000 end_va = 0x7fefcefcfff monitored = 0 entry_point = 0x7fefcd910b4 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 4556 start_va = 0x7fefcf00000 end_va = 0x7fefcf35fff monitored = 0 entry_point = 0x7fefcf01474 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 4557 start_va = 0x7fefcf40000 end_va = 0x7fefcf59fff monitored = 0 entry_point = 0x7fefcf41558 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 4558 start_va = 0x7fefd000000 end_va = 0x7fefd03afff monitored = 0 entry_point = 0x7fefd001324 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 4559 start_va = 0x7fefd420000 end_va = 0x7fefd486fff monitored = 0 entry_point = 0x7fefd42b03c region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 4560 start_va = 0x7fefd490000 end_va = 0x7fefd4dcfff monitored = 0 entry_point = 0x7fefd491070 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 4561 start_va = 0x7fefd4e0000 end_va = 0x7fefd6e2fff monitored = 0 entry_point = 0x7fefd503330 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 4562 start_va = 0x7fefd6f0000 end_va = 0x7fefe477fff monitored = 0 entry_point = 0x7fefd76cebc region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 4563 start_va = 0x7fefe480000 end_va = 0x7fefe656fff monitored = 0 entry_point = 0x7fefe481010 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 4564 start_va = 0x7fefe680000 end_va = 0x7fefe7acfff monitored = 0 entry_point = 0x7fefe6ced50 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 4565 start_va = 0x7fefe7b0000 end_va = 0x7fefe88afff monitored = 0 entry_point = 0x7fefe7d0760 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 4566 start_va = 0x7fefe890000 end_va = 0x7fefe900fff monitored = 0 entry_point = 0x7fefe8a1e20 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 4567 start_va = 0x7fefe910000 end_va = 0x7fefe9d8fff monitored = 0 entry_point = 0x7fefe98a874 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\System32\\usp10.dll" (normalized: "c:\\windows\\system32\\usp10.dll") Region: id = 4568 start_va = 0x7fefea60000 end_va = 0x7fefeab1fff monitored = 0 entry_point = 0x7fefea610d4 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 4569 start_va = 0x7fefeb60000 end_va = 0x7fefeb6dfff monitored = 0 entry_point = 0x7fefeb61080 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\System32\\lpk.dll" (normalized: "c:\\windows\\system32\\lpk.dll") Region: id = 4570 start_va = 0x7fefeb70000 end_va = 0x7fefec46fff monitored = 0 entry_point = 0x7fefeb73274 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 4571 start_va = 0x7fefec50000 end_va = 0x7fefec6efff monitored = 0 entry_point = 0x7fefec560e8 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 4572 start_va = 0x7fefec70000 end_va = 0x7fefed0efff monitored = 0 entry_point = 0x7fefec725a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 4573 start_va = 0x7fefed10000 end_va = 0x7fefee18fff monitored = 0 entry_point = 0x7fefed11064 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll") Region: id = 4574 start_va = 0x7fefef50000 end_va = 0x7fefefe8fff monitored = 0 entry_point = 0x7fefef51c10 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 4575 start_va = 0x7fefeff0000 end_va = 0x7fefeff7fff monitored = 0 entry_point = 0x7fefeff1504 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 4576 start_va = 0x7feff000000 end_va = 0x7feff02dfff monitored = 0 entry_point = 0x7feff001010 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 4577 start_va = 0x7feff040000 end_va = 0x7feff040fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4578 start_va = 0x7fffff92000 end_va = 0x7fffff93fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff92000" filename = "" Region: id = 4579 start_va = 0x7fffff94000 end_va = 0x7fffff95fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff94000" filename = "" Region: id = 4580 start_va = 0x7fffff98000 end_va = 0x7fffff99fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff98000" filename = "" Region: id = 4581 start_va = 0x7fffff9a000 end_va = 0x7fffff9bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9a000" filename = "" Region: id = 4582 start_va = 0x7fffff9c000 end_va = 0x7fffff9dfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffff9c000" filename = "" Region: id = 4583 start_va = 0x7fffffa0000 end_va = 0x7fffffa1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa0000" filename = "" Region: id = 4584 start_va = 0x7fffffa4000 end_va = 0x7fffffa5fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa4000" filename = "" Region: id = 4585 start_va = 0x7fffffa6000 end_va = 0x7fffffa7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa6000" filename = "" Region: id = 4586 start_va = 0x7fffffa8000 end_va = 0x7fffffa9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa8000" filename = "" Region: id = 4587 start_va = 0x7fffffaa000 end_va = 0x7fffffabfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffaa000" filename = "" Region: id = 4588 start_va = 0x7fffffac000 end_va = 0x7fffffadfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffac000" filename = "" Region: id = 4589 start_va = 0x7fffffae000 end_va = 0x7fffffaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffae000" filename = "" Region: id = 4590 start_va = 0x7fffffb0000 end_va = 0x7fffffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000007fffffb0000" filename = "" Region: id = 4591 start_va = 0x7fffffd3000 end_va = 0x7fffffd4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd3000" filename = "" Region: id = 4592 start_va = 0x7fffffd5000 end_va = 0x7fffffd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd5000" filename = "" Region: id = 4593 start_va = 0x7fffffd7000 end_va = 0x7fffffd8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd7000" filename = "" Region: id = 4594 start_va = 0x7fffffd9000 end_va = 0x7fffffd9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffd9000" filename = "" Region: id = 4595 start_va = 0x7fffffda000 end_va = 0x7fffffdbfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffda000" filename = "" Region: id = 4596 start_va = 0x7fffffdc000 end_va = 0x7fffffddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffdc000" filename = "" Region: id = 4597 start_va = 0x7fffffde000 end_va = 0x7fffffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffde000" filename = "" Region: id = 4611 start_va = 0x1430000 end_va = 0x14affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 4612 start_va = 0x7fffffa2000 end_va = 0x7fffffa3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000007fffffa2000" filename = "" Thread: id = 171 os_tid = 0xfcc Thread: id = 172 os_tid = 0x768 Thread: id = 173 os_tid = 0x70c Thread: id = 174 os_tid = 0x680 Thread: id = 175 os_tid = 0x5c8 Thread: id = 176 os_tid = 0x1c4 Thread: id = 177 os_tid = 0xf8 Thread: id = 178 os_tid = 0x3e8 Thread: id = 179 os_tid = 0x3dc Thread: id = 180 os_tid = 0x3d8 Thread: id = 181 os_tid = 0x3c8 Thread: id = 182 os_tid = 0x3c4 Thread: id = 183 os_tid = 0x390 Thread: id = 184 os_tid = 0x380 Thread: id = 185 os_tid = 0x378 Thread: id = 186 os_tid = 0x360 Thread: id = 187 os_tid = 0x348 Thread: id = 188 os_tid = 0x338 Thread: id = 193 os_tid = 0xc40 Thread: id = 196 os_tid = 0xa4c Process: id = "9" image_name = "acrobat.exe" filename = "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe" page_root = "0x15843000" os_pid = "0x63c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "autostart" parent_id = "0" os_parent_pid = "0x584" cmd_line = "\"C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe\" " cur_dir = "C:\\Windows\\system32\\" os_username = "Q9IATRKPRH\\kEecfMwgj" bitness = "32" os_groups = "Q9IATRKPRH\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f980" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 4721 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 4722 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4723 start_va = 0x40000 end_va = 0x40fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "apisetschema.dll" filename = "\\Windows\\System32\\apisetschema.dll" (normalized: "c:\\windows\\system32\\apisetschema.dll") Region: id = 4724 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 4725 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 4726 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 4727 start_va = 0x1f0000 end_va = 0x22ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 4728 start_va = 0x13d0000 end_va = 0x13dbfff monitored = 1 entry_point = 0x13d7286 region_type = mapped_file name = "acrobat.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe") Region: id = 4729 start_va = 0x76ed0000 end_va = 0x77078fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 4730 start_va = 0x770b0000 end_va = 0x7722ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 4731 start_va = 0x7efb0000 end_va = 0x7efd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efb0000" filename = "" Region: id = 4732 start_va = 0x7efdb000 end_va = 0x7efddfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdb000" filename = "" Region: id = 4733 start_va = 0x7efde000 end_va = 0x7efdefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efde000" filename = "" Region: id = 4734 start_va = 0x7efdf000 end_va = 0x7efdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efdf000" filename = "" Region: id = 4735 start_va = 0x7efe0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efe0000" filename = "" Region: id = 4736 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 4737 start_va = 0x7fff0000 end_va = 0x7fffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 4874 start_va = 0x230000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 4875 start_va = 0x73840000 end_va = 0x7387efff monitored = 0 entry_point = 0x7386e088 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 4876 start_va = 0x737e0000 end_va = 0x7383bfff monitored = 0 entry_point = 0x7381f9f4 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 4877 start_va = 0x737d0000 end_va = 0x737d7fff monitored = 0 entry_point = 0x737d20f8 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 4878 start_va = 0x76db0000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76dc5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4879 start_va = 0x766e0000 end_va = 0x767effff monitored = 0 entry_point = 0x766f3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4880 start_va = 0x76db0000 end_va = 0x76ecefff monitored = 0 entry_point = 0x76dc5340 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 4881 start_va = 0x76db0000 end_va = 0x76ecefff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076db0000" filename = "" Region: id = 4882 start_va = 0x76cb0000 end_va = 0x76da9fff monitored = 0 entry_point = 0x76cca2c8 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 4883 start_va = 0x76cb0000 end_va = 0x76da9fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000076cb0000" filename = "" Region: id = 4884 start_va = 0x350000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 4885 start_va = 0x736b0000 end_va = 0x736f9fff monitored = 1 entry_point = 0x736b2e54 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 4886 start_va = 0x766e0000 end_va = 0x767effff monitored = 0 entry_point = 0x766f3283 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 4887 start_va = 0x75690000 end_va = 0x756d6fff monitored = 0 entry_point = 0x756974c1 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 4888 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 4889 start_va = 0x7efe0000 end_va = 0x7f0dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007efe0000" filename = "" Region: id = 4890 start_va = 0x7f0e0000 end_va = 0x7ffdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007f0e0000" filename = "" Region: id = 4891 start_va = 0x20000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000020000" filename = "" Region: id = 4892 start_va = 0x170000 end_va = 0x1d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 4893 start_va = 0x4f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 4894 start_va = 0x230000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000230000" filename = "" Region: id = 4895 start_va = 0x2d0000 end_va = 0x34ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002d0000" filename = "" Region: id = 4896 start_va = 0x76810000 end_va = 0x768affff monitored = 0 entry_point = 0x768249e5 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 4897 start_va = 0x751a0000 end_va = 0x7524bfff monitored = 0 entry_point = 0x751aa472 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 4898 start_va = 0x74eb0000 end_va = 0x74ec8fff monitored = 0 entry_point = 0x74eb4975 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 4899 start_va = 0x76930000 end_va = 0x76a1ffff monitored = 0 entry_point = 0x76940569 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 4900 start_va = 0x74c00000 end_va = 0x74c5ffff monitored = 0 entry_point = 0x74c1a3b3 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 4901 start_va = 0x74bf0000 end_va = 0x74bfbfff monitored = 0 entry_point = 0x74bf10e1 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 4902 start_va = 0x350000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 4903 start_va = 0x3f0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003f0000" filename = "" Region: id = 4904 start_va = 0x73560000 end_va = 0x735ecfff monitored = 1 entry_point = 0x73572860 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 4905 start_va = 0x736a0000 end_va = 0x736a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-synch-l1-2-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-synch-l1-2-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-synch-l1-2-0.dll") Region: id = 4906 start_va = 0x75140000 end_va = 0x75196fff monitored = 0 entry_point = 0x75159ba6 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 4907 start_va = 0x759d0000 end_va = 0x75a5ffff monitored = 0 entry_point = 0x759e6343 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 4908 start_va = 0x76a50000 end_va = 0x76b4ffff monitored = 0 entry_point = 0x76a6b6ed region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 4909 start_va = 0x77080000 end_va = 0x77089fff monitored = 0 entry_point = 0x770836a0 region_type = mapped_file name = "lpk.dll" filename = "\\Windows\\SysWOW64\\lpk.dll" (normalized: "c:\\windows\\syswow64\\lpk.dll") Region: id = 4910 start_va = 0x754a0000 end_va = 0x7553cfff monitored = 0 entry_point = 0x754d3fd7 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 4911 start_va = 0x280000 end_va = 0x29dfff monitored = 0 entry_point = 0x29158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4912 start_va = 0x600000 end_va = 0x787fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000600000" filename = "" Region: id = 4913 start_va = 0x280000 end_va = 0x29dfff monitored = 0 entry_point = 0x29158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4914 start_va = 0x75740000 end_va = 0x7579ffff monitored = 0 entry_point = 0x7575158f region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 4915 start_va = 0x74de0000 end_va = 0x74eabfff monitored = 0 entry_point = 0x74de168b region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 4916 start_va = 0x790000 end_va = 0x910fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 4917 start_va = 0x13e0000 end_va = 0x27dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000013e0000" filename = "" Region: id = 4918 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 4919 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 4920 start_va = 0x230000 end_va = 0x23afff monitored = 1 entry_point = 0x237286 region_type = mapped_file name = "acrobat.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe") Region: id = 4921 start_va = 0x240000 end_va = 0x27ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000240000" filename = "" Region: id = 4922 start_va = 0x230000 end_va = 0x23afff monitored = 1 entry_point = 0x237286 region_type = mapped_file name = "acrobat.exe" filename = "\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe") Region: id = 4923 start_va = 0x73550000 end_va = 0x73558fff monitored = 0 entry_point = 0x73551220 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 4924 start_va = 0x72da0000 end_va = 0x7354efff monitored = 1 entry_point = 0x72dbd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4925 start_va = 0x725f0000 end_va = 0x72d9efff monitored = 1 entry_point = 0x7260d0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4926 start_va = 0x72da0000 end_va = 0x7354efff monitored = 1 entry_point = 0x72dbd0d0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 4927 start_va = 0x737b0000 end_va = 0x737c3fff monitored = 0 entry_point = 0x737bac00 region_type = mapped_file name = "vcruntime140_clr0400.dll" filename = "\\Windows\\SysWOW64\\vcruntime140_clr0400.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140_clr0400.dll") Region: id = 4928 start_va = 0x73700000 end_va = 0x737aafff monitored = 0 entry_point = 0x73795f20 region_type = mapped_file name = "ucrtbase_clr0400.dll" filename = "\\Windows\\SysWOW64\\ucrtbase_clr0400.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase_clr0400.dll") Region: id = 4929 start_va = 0x230000 end_va = 0x230fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000230000" filename = "" Region: id = 4930 start_va = 0x280000 end_va = 0x28ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000280000" filename = "" Region: id = 4931 start_va = 0x290000 end_va = 0x29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000290000" filename = "" Region: id = 4932 start_va = 0x2a0000 end_va = 0x2affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002a0000" filename = "" Region: id = 4933 start_va = 0x2b0000 end_va = 0x2bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002b0000" filename = "" Region: id = 4934 start_va = 0x2c0000 end_va = 0x2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000002c0000" filename = "" Region: id = 4935 start_va = 0x350000 end_va = 0x35ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000350000" filename = "" Region: id = 4936 start_va = 0x3c0000 end_va = 0x3cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003c0000" filename = "" Region: id = 4937 start_va = 0x360000 end_va = 0x360fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000360000" filename = "" Region: id = 4938 start_va = 0x370000 end_va = 0x370fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000370000" filename = "" Region: id = 4939 start_va = 0x920000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 4940 start_va = 0x4f0000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 4941 start_va = 0x5f0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 4942 start_va = 0xa50000 end_va = 0xa8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a50000" filename = "" Region: id = 4943 start_va = 0xae0000 end_va = 0xb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ae0000" filename = "" Region: id = 4944 start_va = 0xc20000 end_va = 0xd1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000c20000" filename = "" Region: id = 4945 start_va = 0x7efd8000 end_va = 0x7efdafff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd8000" filename = "" Region: id = 4946 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 4947 start_va = 0x27e0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000027e0000" filename = "" Region: id = 4948 start_va = 0x920000 end_va = 0x9bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 4949 start_va = 0xd20000 end_va = 0xd5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d20000" filename = "" Region: id = 4950 start_va = 0xe90000 end_va = 0xf8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e90000" filename = "" Region: id = 4951 start_va = 0x7efd5000 end_va = 0x7efd7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efd5000" filename = "" Region: id = 4952 start_va = 0xa10000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 4953 start_va = 0xfe0000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 4954 start_va = 0x7efad000 end_va = 0x7efaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007efad000" filename = "" Region: id = 4955 start_va = 0x10e0000 end_va = 0x13aefff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 4956 start_va = 0x71990000 end_va = 0x72d9afff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\36eaccfde177c2e7b93b8dbdde4e012a\\mscorlib.ni.dll") Region: id = 4957 start_va = 0x380000 end_va = 0x38ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000380000" filename = "" Region: id = 4958 start_va = 0x76b50000 end_va = 0x76cabfff monitored = 0 entry_point = 0x76b9ba3d region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 4959 start_va = 0x74bc0000 end_va = 0x74bc2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "api-ms-win-core-xstate-l2-1-0.dll" filename = "\\Windows\\SysWOW64\\api-ms-win-core-xstate-l2-1-0.dll" (normalized: "c:\\windows\\syswow64\\api-ms-win-core-xstate-l2-1-0.dll") Region: id = 4960 start_va = 0x74b30000 end_va = 0x74bb8fff monitored = 1 entry_point = 0x74b31130 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 4961 start_va = 0x74ed0000 end_va = 0x74f5efff monitored = 0 entry_point = 0x74ed3fb1 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 4962 start_va = 0x390000 end_va = 0x39ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000390000" filename = "" Region: id = 4963 start_va = 0x740d0000 end_va = 0x74b24fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\2c3c912ea8f058f9d04c4650128feb3f\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\2c3c912ea8f058f9d04c4650128feb3f\\system.ni.dll") Region: id = 4964 start_va = 0x740a0000 end_va = 0x740c7fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.install.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Confe64a9051#\\1561b93d6d25c4a9c3e2659ab29a5e73\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.confe64a9051#\\1561b93d6d25c4a9c3e2659ab29a5e73\\system.configuration.install.ni.dll") Region: id = 4965 start_va = 0x3a0000 end_va = 0x3affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003a0000" filename = "" Region: id = 4966 start_va = 0x47e0000 end_va = 0x494ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 4967 start_va = 0x3a0000 end_va = 0x3b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003a0000" filename = "" Region: id = 4968 start_va = 0x74080000 end_va = 0x74092fff monitored = 1 entry_point = 0x7408d900 region_type = mapped_file name = "nlssorting.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll") Region: id = 4969 start_va = 0x4950000 end_va = 0x4c21fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nlp" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp") Region: id = 4970 start_va = 0x3d0000 end_va = 0x3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000003d0000" filename = "" Region: id = 4971 start_va = 0x71170000 end_va = 0x71987fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\31fae3290fad30c31c98651462d22724\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\31fae3290fad30c31c98651462d22724\\system.core.ni.dll") Region: id = 4972 start_va = 0x73f70000 end_va = 0x74074fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\96f7edb07b12303f0ec2595c7f3778c7\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\96f7edb07b12303f0ec2595c7f3778c7\\system.configuration.ni.dll") Region: id = 4973 start_va = 0x709f0000 end_va = 0x71163fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\15af16d373cf0528cb74fc73d365fdbf\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\15af16d373cf0528cb74fc73d365fdbf\\system.xml.ni.dll") Region: id = 4974 start_va = 0x75a60000 end_va = 0x766a9fff monitored = 0 entry_point = 0x75ae1601 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 4975 start_va = 0x3d0000 end_va = 0x3d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000003d0000" filename = "" Region: id = 4976 start_va = 0x73f60000 end_va = 0x73f6afff monitored = 0 entry_point = 0x73f61992 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 4977 start_va = 0x73f40000 end_va = 0x73f56fff monitored = 0 entry_point = 0x73f435fa region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 4978 start_va = 0x73f20000 end_va = 0x73f36fff monitored = 0 entry_point = 0x73f23573 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 4979 start_va = 0x4f0000 end_va = 0x52bfff monitored = 0 entry_point = 0x4f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4980 start_va = 0x550000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 4981 start_va = 0x4f0000 end_va = 0x52bfff monitored = 0 entry_point = 0x4f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4982 start_va = 0x4f0000 end_va = 0x52bfff monitored = 0 entry_point = 0x4f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4983 start_va = 0x4f0000 end_va = 0x52bfff monitored = 0 entry_point = 0x4f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4984 start_va = 0x4f0000 end_va = 0x52bfff monitored = 0 entry_point = 0x4f128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 4985 start_va = 0x73ee0000 end_va = 0x73f1afff monitored = 0 entry_point = 0x73ee128d region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Thread: id = 200 os_tid = 0x640 [0272.284] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0273.093] EtwEventRegister () returned 0x0 [0273.133] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x14e618 | out: phkResult=0x14e618*=0x0) returned 0x2 [0273.133] RegCloseKey (hKey=0x80000002) returned 0x0 [0273.137] GetConsoleOutputCP () returned 0x1b5 [0273.471] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0273.471] WriteFile (in: hFile=0x7, lpBuffer=0x14ed80*, nNumberOfBytesToWrite=0x0, lpNumberOfBytesWritten=0x14ed84, lpOverlapped=0x0 | out: lpBuffer=0x14ed80*, lpNumberOfBytesWritten=0x14ed84*=0x0, lpOverlapped=0x0) returned 1 [0273.474] GetFileType (hFile=0x7) returned 0x2 [0273.476] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x84, lpNumberOfBytesWritten=0x14ed60, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ed60*=0x84, lpOverlapped=0x0) returned 1 [0274.026] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", nBufferLength=0x105, lpBuffer=0x14e648, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", lpFilePart=0x0) returned 0x3d [0274.292] GetCurrentProcess () returned 0xffffffff [0274.292] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e980 | out: TokenHandle=0x14e980*=0x1ec) returned 1 [0274.298] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x14e438, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0274.305] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e978 | out: lpFileInformation=0x14e978*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0274.306] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14e404, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0274.309] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e980 | out: lpFileInformation=0x14e980*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0274.311] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x14e3a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0274.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e8b8) returned 1 [0274.313] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f0 [0274.313] GetFileType (hFile=0x1f0) returned 0x1 [0274.313] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e8b4) returned 1 [0274.313] GetFileType (hFile=0x1f0) returned 0x1 [0274.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x14dbf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0274.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x14dc54, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0274.375] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14de94) returned 1 [0274.376] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x14e158 | out: lpFileInformation=0x14e158*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc63fb400, ftCreationTime.dwHighDateTime=0x1d4e4ee, ftLastAccessTime.dwLowDateTime=0xb9f350b0, ftLastAccessTime.dwHighDateTime=0x1d706ae, ftLastWriteTime.dwLowDateTime=0xc63fb400, ftLastWriteTime.dwHighDateTime=0x1d4e4ee, nFileSizeHigh=0x0, nFileSizeLow=0x8c8e)) returned 1 [0274.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14de90) returned 1 [0274.523] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x14e024 | out: pfEnabled=0x14e024) returned 0x0 [0274.706] GetFileSize (in: hFile=0x1f0, lpFileSizeHigh=0x14e974 | out: lpFileSizeHigh=0x14e974*=0x0) returned 0x8c8e [0274.707] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e930, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e930*=0x1000, lpOverlapped=0x0) returned 1 [0274.723] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e7e0, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e7e0*=0x1000, lpOverlapped=0x0) returned 1 [0274.726] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e694, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e694*=0x1000, lpOverlapped=0x0) returned 1 [0274.727] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e694, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e694*=0x1000, lpOverlapped=0x0) returned 1 [0274.727] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e694, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e694*=0x1000, lpOverlapped=0x0) returned 1 [0274.728] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e5cc, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e5cc*=0x1000, lpOverlapped=0x0) returned 1 [0274.734] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e738, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e738*=0x1000, lpOverlapped=0x0) returned 1 [0274.737] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e62c, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e62c*=0x1000, lpOverlapped=0x0) returned 1 [0274.737] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e62c, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e62c*=0xc8e, lpOverlapped=0x0) returned 1 [0274.737] ReadFile (in: hFile=0x1f0, lpBuffer=0x2813500, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14e6f0, lpOverlapped=0x0 | out: lpBuffer=0x2813500*, lpNumberOfBytesRead=0x14e6f0*=0x0, lpOverlapped=0x0) returned 1 [0274.737] CloseHandle (hObject=0x1f0) returned 1 [0274.738] CloseHandle (hObject=0x1ec) returned 1 [0274.739] GetCurrentProcess () returned 0xffffffff [0274.739] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eacc | out: TokenHandle=0x14eacc*=0x1ec) returned 1 [0274.740] CloseHandle (hObject=0x1ec) returned 1 [0274.740] GetCurrentProcess () returned 0xffffffff [0274.740] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eacc | out: TokenHandle=0x14eacc*=0x1ec) returned 1 [0274.741] CloseHandle (hObject=0x1ec) returned 1 [0274.758] GetCurrentProcess () returned 0xffffffff [0274.759] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e980 | out: TokenHandle=0x14e980*=0x1ec) returned 1 [0274.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x14e978 | out: lpFileInformation=0x14e978*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0274.759] GetFullPathNameW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", nBufferLength=0x105, lpBuffer=0x14e404, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config", lpFilePart=0x0) returned 0x3d [0274.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\kEecfMwgj\\AppData\\Roaming\\Acrobat\\Acrobat.exe.config" (normalized: "c:\\users\\keecfmwgj\\appdata\\roaming\\acrobat\\acrobat.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x14e980 | out: lpFileInformation=0x14e980*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0274.760] CloseHandle (hObject=0x1ec) returned 1 [0274.761] GetCurrentProcess () returned 0xffffffff [0274.761] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eacc | out: TokenHandle=0x14eacc*=0x1ec) returned 1 [0274.761] CloseHandle (hObject=0x1ec) returned 1 [0274.762] GetCurrentProcess () returned 0xffffffff [0274.763] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14eacc | out: TokenHandle=0x14eacc*=0x1ec) returned 1 [0274.763] CloseHandle (hObject=0x1ec) returned 1 [0274.907] GetCurrentProcess () returned 0xffffffff [0274.907] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e8e4 | out: TokenHandle=0x14e8e4*=0x1ec) returned 1 [0274.944] CloseHandle (hObject=0x1ec) returned 1 [0274.945] GetCurrentProcess () returned 0xffffffff [0274.945] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x14e8fc | out: TokenHandle=0x14e8fc*=0x1ec) returned 1 [0274.946] CloseHandle (hObject=0x1ec) returned 1 [0275.033] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.036] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.039] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.042] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.051] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.053] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.057] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x100, lpOverlapped=0x0) returned 1 [0275.060] WriteFile (in: hFile=0x7, lpBuffer=0x27e8be4*, nNumberOfBytesToWrite=0x5d, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27e8be4*, lpNumberOfBytesWritten=0x14ec98*=0x5d, lpOverlapped=0x0) returned 1 [0275.065] CoGetContextToken (in: pToken=0x14f6c0 | out: pToken=0x14f6c0) returned 0x0 [0275.065] CObjectContext::QueryInterface () returned 0x0 [0275.065] CObjectContext::GetCurrentThreadType () returned 0x0 [0275.065] Release () returned 0x0 [0275.068] CoGetContextToken (in: pToken=0x14f3cc | out: pToken=0x14f3cc) returned 0x0 [0275.068] CObjectContext::QueryInterface () returned 0x0 [0275.068] CObjectContext::GetCurrentThreadType () returned 0x0 [0275.068] Release () returned 0x0 [0275.071] CoGetContextToken (in: pToken=0x14f3cc | out: pToken=0x14f3cc) returned 0x0 [0275.071] CObjectContext::QueryInterface () returned 0x0 [0275.071] CObjectContext::GetCurrentThreadType () returned 0x0 [0275.071] Release () returned 0x0 [0275.078] CoGetContextToken (in: pToken=0x14f3cc | out: pToken=0x14f3cc) returned 0x0 [0275.078] CObjectContext::QueryInterface () returned 0x0 [0275.078] CObjectContext::GetCurrentThreadType () returned 0x0 [0275.078] Release () returned 0x0 [0275.079] CoGetContextToken (in: pToken=0x14f3ec | out: pToken=0x14f3ec) returned 0x0 [0275.079] CObjectContext::QueryInterface () returned 0x0 [0275.079] CObjectContext::GetCurrentThreadType () returned 0x0 [0275.079] Release () returned 0x0 [0275.080] CoUninitialize () Thread: id = 201 os_tid = 0x690 Thread: id = 202 os_tid = 0x694 [0272.288] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0275.070] EtwEventUnregister () returned 0x0 [0275.076] CloseHandle (hObject=0x48) returned 1 [0275.076] UnmapViewOfFile (lpBaseAddress=0x3a0000) returned 1 Thread: id = 203 os_tid = 0x6a4