# Flog Txt Version 1
# Analyzer Version: 4.5.0
# Analyzer Build Date: Apr 22 2022 21:04:16
# Log Creation Date: 04.05.2022 08:03:00.250
Process:
id = "1"
image_name = "9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
page_root = "0x71ce2000"
os_pid = "0x704"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "analysis_target"
parent_id = "0"
os_parent_pid = "0x748"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe\" "
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 121
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 122
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 123
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 124
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 125
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 126
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 127
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 128
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 129
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 130
start_va = 0x400000
end_va = 0x4b3fff
monitored = 1
entry_point = 0x49ac7a
region_type = mapped_file
name = "9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe")
Region:
id = 131
start_va = 0x77460000
end_va = 0x775dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 132
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 133
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 134
start_va = 0x7fff0000
end_va = 0x7ff884cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 135
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 136
start_va = 0x7ff884e81000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff884e81000"
filename = ""
Region:
id = 275
start_va = 0x690000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 276
start_va = 0x5f960000
end_va = 0x5f9affff
monitored = 0
entry_point = 0x5f978180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 277
start_va = 0x5f9b0000
end_va = 0x5fa29fff
monitored = 0
entry_point = 0x5f9c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 278
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 279
start_va = 0x5fa30000
end_va = 0x5fa37fff
monitored = 0
entry_point = 0x5fa317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 280
start_va = 0x6a0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 281
start_va = 0x6c800000
end_va = 0x6c858fff
monitored = 1
entry_point = 0x6c810780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 282
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 283
start_va = 0x77270000
end_va = 0x773edfff
monitored = 0
entry_point = 0x77321b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 284
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 285
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 286
start_va = 0x4c0000
end_va = 0x57dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 287
start_va = 0x580000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 288
start_va = 0x740e0000
end_va = 0x74171fff
monitored = 0
entry_point = 0x74120380
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\SysWOW64\\apphelp.dll" (normalized: "c:\\windows\\syswow64\\apphelp.dll")
Region:
id = 289
start_va = 0x7fb00000
end_va = 0x7fea0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\sysmain.sdb")
Region:
id = 290
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 291
start_va = 0x76b70000
end_va = 0x76beafff
monitored = 0
entry_point = 0x76b8e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 292
start_va = 0x76570000
end_va = 0x7662dfff
monitored = 0
entry_point = 0x765a5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 296
start_va = 0x580000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 297
start_va = 0x640000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 298
start_va = 0x6a0000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 299
start_va = 0x7c0000
end_va = 0x8bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 300
start_va = 0x758e0000
end_va = 0x75923fff
monitored = 0
entry_point = 0x758f9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 301
start_va = 0x76630000
end_va = 0x766dcfff
monitored = 0
entry_point = 0x76644f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 302
start_va = 0x74190000
end_va = 0x741adfff
monitored = 0
entry_point = 0x7419b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 303
start_va = 0x74180000
end_va = 0x74189fff
monitored = 0
entry_point = 0x74182a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 304
start_va = 0x75880000
end_va = 0x758d7fff
monitored = 0
entry_point = 0x758c25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 305
start_va = 0x5c0000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 306
start_va = 0x6c750000
end_va = 0x6c7c8fff
monitored = 1
entry_point = 0x6c75f82a
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 307
start_va = 0x76ed0000
end_va = 0x76f14fff
monitored = 0
entry_point = 0x76eede90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 308
start_va = 0x769b0000
end_va = 0x76b6cfff
monitored = 0
entry_point = 0x76a92a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 309
start_va = 0x76d80000
end_va = 0x76ecefff
monitored = 0
entry_point = 0x76e36820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 310
start_va = 0x755e0000
end_va = 0x75726fff
monitored = 0
entry_point = 0x755f1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 311
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 312
start_va = 0x8c0000
end_va = 0xa47fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008c0000"
filename = ""
Region:
id = 313
start_va = 0x764f0000
end_va = 0x7651afff
monitored = 0
entry_point = 0x764f5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 314
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 315
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 316
start_va = 0xa50000
end_va = 0xbd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a50000"
filename = ""
Region:
id = 317
start_va = 0xbe0000
end_va = 0x1fdffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000be0000"
filename = ""
Region:
id = 318
start_va = 0x1fe0000
end_va = 0x208efff
monitored = 1
entry_point = 0x207ac7a
region_type = mapped_file
name = "9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe")
Region:
id = 319
start_va = 0x755d0000
end_va = 0x755dbfff
monitored = 0
entry_point = 0x755d3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 320
start_va = 0x6c7f0000
end_va = 0x6c7f7fff
monitored = 0
entry_point = 0x6c7f17b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 321
start_va = 0x6b390000
end_va = 0x6ba40fff
monitored = 1
entry_point = 0x6b3a5d20
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 322
start_va = 0x6b290000
end_va = 0x6b384fff
monitored = 0
entry_point = 0x6b2e4160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 323
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 324
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 325
start_va = 0x5c0000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 326
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 327
start_va = 0x5d0000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 328
start_va = 0x5e0000
end_va = 0x5effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 329
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 330
start_va = 0x600000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 331
start_va = 0x610000
end_va = 0x610fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 332
start_va = 0x630000
end_va = 0x630fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 333
start_va = 0x1fe0000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fe0000"
filename = ""
Region:
id = 334
start_va = 0x650000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 335
start_va = 0x1fe0000
end_va = 0x201ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fe0000"
filename = ""
Region:
id = 336
start_va = 0x2110000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002110000"
filename = ""
Region:
id = 337
start_va = 0x2120000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002120000"
filename = ""
Region:
id = 338
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 339
start_va = 0x660000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000660000"
filename = ""
Region:
id = 340
start_va = 0x2220000
end_va = 0x421ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002220000"
filename = ""
Region:
id = 341
start_va = 0x2020000
end_va = 0x20bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002020000"
filename = ""
Region:
id = 342
start_va = 0x20c0000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020c0000"
filename = ""
Region:
id = 343
start_va = 0x4220000
end_va = 0x431ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004220000"
filename = ""
Region:
id = 344
start_va = 0x4320000
end_va = 0x4656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 345
start_va = 0x6a060000
end_va = 0x6b287fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")
Region:
id = 346
start_va = 0x767c0000
end_va = 0x768aafff
monitored = 0
entry_point = 0x767fd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 347
start_va = 0x4660000
end_va = 0x46f0fff
monitored = 0
entry_point = 0x4698cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 348
start_va = 0x70240000
end_va = 0x702b4fff
monitored = 0
entry_point = 0x70279a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 349
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 350
start_va = 0x670000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000670000"
filename = ""
Region:
id = 351
start_va = 0x69fe0000
end_va = 0x6a05dfff
monitored = 1
entry_point = 0x69fe1140
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 352
start_va = 0x76bf0000
end_va = 0x76c81fff
monitored = 0
entry_point = 0x76c28cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 353
start_va = 0x680000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 354
start_va = 0x69630000
end_va = 0x69fdbfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")
Region:
id = 355
start_va = 0x694a0000
end_va = 0x6962cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")
Region:
id = 356
start_va = 0x68840000
end_va = 0x69498fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")
Region:
id = 357
start_va = 0x7a0000
end_va = 0x7a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 358
start_va = 0x7a0000
end_va = 0x7a1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007a0000"
filename = ""
Region:
id = 359
start_va = 0x7b0000
end_va = 0x7bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 360
start_va = 0x4660000
end_va = 0x46eefff
monitored = 0
entry_point = 0x466dd60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 361
start_va = 0x687a0000
end_va = 0x68831fff
monitored = 0
entry_point = 0x687add60
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\\comctl32.dll")
Region:
id = 362
start_va = 0x4660000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004660000"
filename = ""
Region:
id = 363
start_va = 0x2100000
end_va = 0x2100fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002100000"
filename = ""
Region:
id = 364
start_va = 0x4700000
end_va = 0x47bbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004700000"
filename = ""
Region:
id = 365
start_va = 0x2100000
end_va = 0x2103fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002100000"
filename = ""
Region:
id = 366
start_va = 0x4660000
end_va = 0x4663fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004660000"
filename = ""
Region:
id = 367
start_va = 0x46f0000
end_va = 0x46fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046f0000"
filename = ""
Region:
id = 368
start_va = 0x47c0000
end_va = 0x49cafff
monitored = 0
entry_point = 0x486b0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 369
start_va = 0x6ed70000
end_va = 0x6ef7efff
monitored = 0
entry_point = 0x6ee1b0a0
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\\comctl32.dll")
Region:
id = 370
start_va = 0x4670000
end_va = 0x4670fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 371
start_va = 0x4680000
end_va = 0x4681fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004680000"
filename = ""
Region:
id = 372
start_va = 0x47c0000
end_va = 0x497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 373
start_va = 0x6fb20000
end_va = 0x6fb3cfff
monitored = 0
entry_point = 0x6fb23b10
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\SysWOW64\\dwmapi.dll" (normalized: "c:\\windows\\syswow64\\dwmapi.dll")
Region:
id = 374
start_va = 0x4670000
end_va = 0x467ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004670000"
filename = ""
Region:
id = 375
start_va = 0x4690000
end_va = 0x469ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004690000"
filename = ""
Region:
id = 376
start_va = 0x46a0000
end_va = 0x46affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046a0000"
filename = ""
Region:
id = 377
start_va = 0x46b0000
end_va = 0x46bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046b0000"
filename = ""
Region:
id = 378
start_va = 0x46c0000
end_va = 0x46cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046c0000"
filename = ""
Region:
id = 379
start_va = 0x46d0000
end_va = 0x46dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 380
start_va = 0x46e0000
end_va = 0x46effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046e0000"
filename = ""
Region:
id = 381
start_va = 0x47c0000
end_va = 0x47cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 382
start_va = 0x4970000
end_va = 0x497ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004970000"
filename = ""
Region:
id = 383
start_va = 0x47d0000
end_va = 0x47dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047d0000"
filename = ""
Region:
id = 384
start_va = 0x6c550000
end_va = 0x6c6bafff
monitored = 0
entry_point = 0x6c5be360
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_538a540779726150\\gdiplus.dll")
Region:
id = 385
start_va = 0x4690000
end_va = 0x46effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004690000"
filename = ""
Region:
id = 386
start_va = 0x4690000
end_va = 0x46cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004690000"
filename = ""
Region:
id = 387
start_va = 0x46e0000
end_va = 0x46effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046e0000"
filename = ""
Region:
id = 388
start_va = 0x47c0000
end_va = 0x48bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000047c0000"
filename = ""
Region:
id = 389
start_va = 0x6d110000
end_va = 0x6d300fff
monitored = 0
entry_point = 0x6d1f3cd0
region_type = mapped_file
name = "dwrite.dll"
filename = "\\Windows\\SysWOW64\\DWrite.dll" (normalized: "c:\\windows\\syswow64\\dwrite.dll")
Region:
id = 390
start_va = 0x76f80000
end_va = 0x7709efff
monitored = 0
entry_point = 0x76fc5980
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\SysWOW64\\msctf.dll" (normalized: "c:\\windows\\syswow64\\msctf.dll")
Region:
id = 391
start_va = 0x48c0000
end_va = 0x4908fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 392
start_va = 0x4670000
end_va = 0x4673fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004670000"
filename = ""
Region:
id = 393
start_va = 0x4980000
end_va = 0x597ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 394
start_va = 0x46d0000
end_va = 0x46d3fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000046d0000"
filename = ""
Region:
id = 395
start_va = 0x5980000
end_va = 0x5a7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005980000"
filename = ""
Region:
id = 396
start_va = 0x5a80000
end_va = 0x5b7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005a80000"
filename = ""
Region:
id = 397
start_va = 0x4910000
end_va = 0x493efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mistral.ttf"
filename = "\\Windows\\Fonts\\MISTRAL.TTF" (normalized: "c:\\windows\\fonts\\mistral.ttf")
Region:
id = 398
start_va = 0x5b80000
end_va = 0x5f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005b80000"
filename = ""
Region:
id = 399
start_va = 0x5f80000
end_va = 0x6471fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005f80000"
filename = ""
Region:
id = 400
start_va = 0x6480000
end_va = 0x653cfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "micross.ttf"
filename = "\\Windows\\Fonts\\micross.ttf" (normalized: "c:\\windows\\fonts\\micross.ttf")
Region:
id = 401
start_va = 0x6540000
end_va = 0x757ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 402
start_va = 0x4940000
end_va = 0x4940fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004940000"
filename = ""
Region:
id = 403
start_va = 0x7580000
end_va = 0x75e1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 404
start_va = 0x4950000
end_va = 0x4961fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004950000"
filename = ""
Region:
id = 405
start_va = 0x5e430000
end_va = 0x5e4cbfff
monitored = 1
entry_point = 0x5e4be9b2
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 406
start_va = 0x75f0000
end_va = 0x768bfff
monitored = 1
entry_point = 0x767e9b2
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 407
start_va = 0x7690000
end_va = 0x769ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007690000"
filename = ""
Region:
id = 408
start_va = 0x76a0000
end_va = 0x76affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076a0000"
filename = ""
Region:
id = 409
start_va = 0x76b0000
end_va = 0x76bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 410
start_va = 0x76c0000
end_va = 0x76cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076c0000"
filename = ""
Region:
id = 411
start_va = 0x76d0000
end_va = 0x76dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076d0000"
filename = ""
Region:
id = 412
start_va = 0x76b0000
end_va = 0x76effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076b0000"
filename = ""
Region:
id = 413
start_va = 0x76f0000
end_va = 0x77effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000076f0000"
filename = ""
Region:
id = 414
start_va = 0x77f0000
end_va = 0x782ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000077f0000"
filename = ""
Region:
id = 415
start_va = 0x7830000
end_va = 0x792ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007830000"
filename = ""
Region:
id = 416
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 417
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 418
start_va = 0x5a0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 419
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 420
start_va = 0x6a0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 421
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 422
start_va = 0x6c0000
end_va = 0x6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 423
start_va = 0x6d0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 424
start_va = 0x6e0000
end_va = 0x6effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 425
start_va = 0x6f0000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006f0000"
filename = ""
Region:
id = 426
start_va = 0x700000
end_va = 0x70ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 427
start_va = 0x710000
end_va = 0x71ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000710000"
filename = ""
Region:
id = 428
start_va = 0x720000
end_va = 0x72ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 429
start_va = 0x730000
end_va = 0x73ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000730000"
filename = ""
Region:
id = 430
start_va = 0x740000
end_va = 0x74ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000740000"
filename = ""
Region:
id = 431
start_va = 0x750000
end_va = 0x75ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000750000"
filename = ""
Region:
id = 432
start_va = 0x760000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 433
start_va = 0x770000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000770000"
filename = ""
Region:
id = 434
start_va = 0x6be30000
end_va = 0x6c541fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")
Region:
id = 435
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 436
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 437
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 438
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 439
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 440
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 441
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 442
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 443
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 444
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 445
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 446
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 447
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 448
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 449
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 450
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 451
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 452
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 453
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 454
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 455
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 456
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 457
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 458
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 459
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 460
start_va = 0x70040000
end_va = 0x70052fff
monitored = 0
entry_point = 0x70049950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 461
start_va = 0x6a0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 462
start_va = 0x7930000
end_va = 0x7a2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007930000"
filename = ""
Region:
id = 463
start_va = 0x70010000
end_va = 0x7003efff
monitored = 0
entry_point = 0x700295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 464
start_va = 0x73e30000
end_va = 0x73e4afff
monitored = 0
entry_point = 0x73e39050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 465
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 466
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 467
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 468
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 469
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 470
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 471
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 472
start_va = 0x5a0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 473
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 474
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 475
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 476
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 477
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 478
start_va = 0x5a0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 479
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 480
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 481
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 482
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 483
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 484
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 485
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 486
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 487
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 488
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 489
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 490
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 491
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 492
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 493
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 494
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 495
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 496
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 497
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 498
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 499
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 500
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 501
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 502
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 503
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 504
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 505
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 506
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 507
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 508
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 509
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 510
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 511
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 512
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 513
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 514
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 515
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 516
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 517
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 518
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 519
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 520
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 521
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 522
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 523
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 524
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 525
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 526
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 527
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 528
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 529
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 530
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 531
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 532
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 533
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 534
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 535
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 536
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 537
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 538
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 539
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 540
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 541
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 542
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 543
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 544
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 545
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 546
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 547
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 548
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 549
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 550
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 551
start_va = 0x6e0000
end_va = 0x75ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 552
start_va = 0x7a30000
end_va = 0x7b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a30000"
filename = ""
Region:
id = 553
start_va = 0x6bcb0000
end_va = 0x6be22fff
monitored = 0
entry_point = 0x6bd5d220
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\SysWOW64\\WindowsCodecs.dll" (normalized: "c:\\windows\\syswow64\\windowscodecs.dll")
Region:
id = 554
start_va = 0x7b30000
end_va = 0x7ba8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007b30000"
filename = ""
Region:
id = 555
start_va = 0x760000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000760000"
filename = ""
Region:
id = 556
start_va = 0x760000
end_va = 0x76ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000760000"
filename = ""
Region:
id = 557
start_va = 0x770000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000770000"
filename = ""
Region:
id = 558
start_va = 0x780000
end_va = 0x78ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 559
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 560
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 561
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 562
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 563
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 564
start_va = 0x7bb0000
end_va = 0x7c27fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007bb0000"
filename = ""
Region:
id = 565
start_va = 0x5b0000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 566
start_va = 0x790000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000790000"
filename = ""
Region:
id = 567
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 568
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 569
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 570
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 571
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 572
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 573
start_va = 0x7c50000
end_va = 0x7c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c50000"
filename = ""
Region:
id = 574
start_va = 0x7c60000
end_va = 0x7c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c60000"
filename = ""
Region:
id = 575
start_va = 0x7c70000
end_va = 0x7c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c70000"
filename = ""
Region:
id = 576
start_va = 0x7c80000
end_va = 0x7c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c80000"
filename = ""
Region:
id = 577
start_va = 0x7c90000
end_va = 0x7c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c90000"
filename = ""
Region:
id = 578
start_va = 0x7ca0000
end_va = 0x7caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ca0000"
filename = ""
Region:
id = 579
start_va = 0x7cb0000
end_va = 0x7cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cb0000"
filename = ""
Region:
id = 580
start_va = 0x7cc0000
end_va = 0x7ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cc0000"
filename = ""
Region:
id = 581
start_va = 0x7cd0000
end_va = 0x7cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cd0000"
filename = ""
Region:
id = 582
start_va = 0x7ce0000
end_va = 0x7ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ce0000"
filename = ""
Region:
id = 583
start_va = 0x7cf0000
end_va = 0x7cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cf0000"
filename = ""
Region:
id = 584
start_va = 0x7d00000
end_va = 0x7d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d00000"
filename = ""
Region:
id = 585
start_va = 0x7d10000
end_va = 0x7d1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d10000"
filename = ""
Region:
id = 586
start_va = 0x7d20000
end_va = 0x7d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d20000"
filename = ""
Region:
id = 587
start_va = 0x7d30000
end_va = 0x7d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d30000"
filename = ""
Region:
id = 588
start_va = 0x7d40000
end_va = 0x7d4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d40000"
filename = ""
Region:
id = 589
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 590
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 591
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 592
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 593
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 594
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 595
start_va = 0x7c30000
end_va = 0x7c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c30000"
filename = ""
Region:
id = 596
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 597
start_va = 0x741b0000
end_va = 0x755aefff
monitored = 0
entry_point = 0x7436b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 598
start_va = 0x75940000
end_va = 0x75976fff
monitored = 0
entry_point = 0x75943b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 599
start_va = 0x75f10000
end_va = 0x76408fff
monitored = 0
entry_point = 0x76117610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 600
start_va = 0x76cf0000
end_va = 0x76d7cfff
monitored = 0
entry_point = 0x76d39b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 601
start_va = 0x766e0000
end_va = 0x76723fff
monitored = 0
entry_point = 0x766e7410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 602
start_va = 0x77450000
end_va = 0x7745efff
monitored = 0
entry_point = 0x77452e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 603
start_va = 0x7c30000
end_va = 0x7c30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007c30000"
filename = ""
Region:
id = 604
start_va = 0x701d0000
end_va = 0x701f7fff
monitored = 0
entry_point = 0x701d7820
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\SysWOW64\\ntmarta.dll" (normalized: "c:\\windows\\syswow64\\ntmarta.dll")
Region:
id = 605
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 606
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 607
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 608
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 609
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 610
start_va = 0x6bc30000
end_va = 0x6bca0fff
monitored = 0
entry_point = 0x6bc869e0
region_type = mapped_file
name = "efswrt.dll"
filename = "\\Windows\\SysWOW64\\efswrt.dll" (normalized: "c:\\windows\\syswow64\\efswrt.dll")
Region:
id = 611
start_va = 0x73d60000
end_va = 0x73e27fff
monitored = 0
entry_point = 0x73dcae90
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\SysWOW64\\WinTypes.dll" (normalized: "c:\\windows\\syswow64\\wintypes.dll")
Region:
id = 612
start_va = 0x6bbe0000
end_va = 0x6bc28fff
monitored = 0
entry_point = 0x6bbe6450
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\SysWOW64\\edputil.dll" (normalized: "c:\\windows\\syswow64\\edputil.dll")
Region:
id = 613
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 614
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 615
start_va = 0x7c40000
end_va = 0x7c4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c40000"
filename = ""
Region:
id = 616
start_va = 0x6bac0000
end_va = 0x6bbdbfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll")
Region:
id = 617
start_va = 0x7c50000
end_va = 0x7c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c50000"
filename = ""
Region:
id = 618
start_va = 0x7d50000
end_va = 0x7e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d50000"
filename = ""
Region:
id = 619
start_va = 0x72120000
end_va = 0x7226afff
monitored = 0
entry_point = 0x72181660
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\SysWOW64\\propsys.dll" (normalized: "c:\\windows\\syswow64\\propsys.dll")
Region:
id = 620
start_va = 0x7c90000
end_va = 0x7ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c90000"
filename = ""
Region:
id = 621
start_va = 0x7cd0000
end_va = 0x7cd0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007cd0000"
filename = ""
Region:
id = 622
start_va = 0x7e50000
end_va = 0x7f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e50000"
filename = ""
Region:
id = 623
start_va = 0x76730000
end_va = 0x767b3fff
monitored = 0
entry_point = 0x76756220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 624
start_va = 0x73a70000
end_va = 0x73c8bfff
monitored = 0
entry_point = 0x73c3bc40
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\SysWOW64\\actxprxy.dll" (normalized: "c:\\windows\\syswow64\\actxprxy.dll")
Region:
id = 625
start_va = 0x7ce0000
end_va = 0x7ce0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007ce0000"
filename = ""
Region:
id = 626
start_va = 0x7cf0000
end_va = 0x7d2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007cf0000"
filename = ""
Region:
id = 627
start_va = 0x7f50000
end_va = 0x804ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f50000"
filename = ""
Region:
id = 628
start_va = 0x7d30000
end_va = 0x7d33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 629
start_va = 0x8050000
end_va = 0x8066fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db")
Region:
id = 630
start_va = 0x8070000
end_va = 0x8070fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008070000"
filename = ""
Region:
id = 631
start_va = 0x7d30000
end_va = 0x7d33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 632
start_va = 0x8080000
end_va = 0x80c4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 633
start_va = 0x80d0000
end_va = 0x810ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000080d0000"
filename = ""
Region:
id = 634
start_va = 0x8110000
end_va = 0x820ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008110000"
filename = ""
Region:
id = 635
start_va = 0x8210000
end_va = 0x8213fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 636
start_va = 0x8220000
end_va = 0x82adfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 637
start_va = 0x82b0000
end_va = 0x82b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000082b0000"
filename = ""
Region:
id = 638
start_va = 0x82c0000
end_va = 0x82c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000082c0000"
filename = ""
Region:
id = 639
start_va = 0x82d0000
end_va = 0x86cafff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000082d0000"
filename = ""
Region:
id = 640
start_va = 0x705b0000
end_va = 0x7072dfff
monitored = 0
entry_point = 0x7062c630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\SysWOW64\\urlmon.dll" (normalized: "c:\\windows\\syswow64\\urlmon.dll")
Region:
id = 641
start_va = 0x71cf0000
end_va = 0x71fbafff
monitored = 0
entry_point = 0x71f2c4c0
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\SysWOW64\\iertutil.dll" (normalized: "c:\\windows\\syswow64\\iertutil.dll")
Region:
id = 642
start_va = 0x86d0000
end_va = 0x86d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000086d0000"
filename = ""
Region:
id = 729
start_va = 0x7c50000
end_va = 0x7c5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c50000"
filename = ""
Region:
id = 1297
start_va = 0x7c60000
end_va = 0x7c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c60000"
filename = ""
Region:
id = 1298
start_va = 0x7c70000
end_va = 0x7c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c70000"
filename = ""
Region:
id = 1299
start_va = 0x7c80000
end_va = 0x7c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c80000"
filename = ""
Region:
id = 1300
start_va = 0x7d50000
end_va = 0x7d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d50000"
filename = ""
Region:
id = 1301
start_va = 0x7d60000
end_va = 0x7d6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d60000"
filename = ""
Region:
id = 1302
start_va = 0x7d70000
end_va = 0x7d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d70000"
filename = ""
Region:
id = 1303
start_va = 0x7d80000
end_va = 0x7d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d80000"
filename = ""
Region:
id = 1304
start_va = 0x7d90000
end_va = 0x7d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d90000"
filename = ""
Region:
id = 1305
start_va = 0x7da0000
end_va = 0x7daffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007da0000"
filename = ""
Region:
id = 1306
start_va = 0x7db0000
end_va = 0x7dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007db0000"
filename = ""
Region:
id = 1307
start_va = 0x7dc0000
end_va = 0x7dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007dc0000"
filename = ""
Region:
id = 1308
start_va = 0x7dd0000
end_va = 0x7ddffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007dd0000"
filename = ""
Region:
id = 1309
start_va = 0x7de0000
end_va = 0x7deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007de0000"
filename = ""
Region:
id = 1312
start_va = 0x7df0000
end_va = 0x7dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007df0000"
filename = ""
Region:
id = 1313
start_va = 0x7e00000
end_va = 0x7e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e00000"
filename = ""
Region:
id = 1314
start_va = 0x7e10000
end_va = 0x7e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e10000"
filename = ""
Region:
id = 1315
start_va = 0x7e20000
end_va = 0x7e2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e20000"
filename = ""
Region:
id = 1316
start_va = 0x7e30000
end_va = 0x7e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007e30000"
filename = ""
Region:
id = 1320
start_va = 0x7d50000
end_va = 0x7d86fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007d50000"
filename = ""
Region:
id = 1321
start_va = 0x7c60000
end_va = 0x7c6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c60000"
filename = ""
Region:
id = 1322
start_va = 0x7c70000
end_va = 0x7c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c70000"
filename = ""
Region:
id = 1323
start_va = 0x7c80000
end_va = 0x7c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007c80000"
filename = ""
Region:
id = 1354
start_va = 0x7d90000
end_va = 0x7dcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d90000"
filename = ""
Region:
id = 1355
start_va = 0x86e0000
end_va = 0x87dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000086e0000"
filename = ""
Thread:
id = 1
os_tid = 0x9e8
[0109.634] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0110.864] RoInitialize () returned 0x1
[0110.864] RoUninitialize () returned 0x0
[0113.767] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", nBufferLength=0x105, lpBuffer=0x19ef18, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.Net\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", lpFilePart=0x0) returned 0x77
[0113.785] IsAppThemed () returned 0x1
[0113.789] CoTaskMemAlloc (cb=0xf0) returned 0x815cd8
[0113.789] CreateActCtxA (pActCtx=0x19f414) returned 0x8166bc
[0113.952] CoTaskMemFree (pv=0x815cd8)
[0114.067] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLNAME") returned 0xc1dc
[0114.068] RegisterClipboardFormatW (lpszFormat="WM_GETCONTROLTYPE") returned 0xc1d8
[0114.682] GetSystemMetrics (nIndex=75) returned 1
[0114.721] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0115.324] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x687a0000
[0115.473] AdjustWindowRectEx (in: lpRect=0x19f418, dwStyle=0x56cf0000, bMenu=0, dwExStyle=0x50001 | out: lpRect=0x19f418) returned 1
[0115.483] GetCurrentProcess () returned 0xffffffff
[0115.483] GetCurrentThread () returned 0xfffffffe
[0115.483] GetCurrentProcess () returned 0xffffffff
[0115.483] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0xfffffffe, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19f330, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19f330*=0x264) returned 1
[0115.561] GetCurrentThreadId () returned 0x9e8
[0115.573] GetCurrentActCtx (in: lphActCtx=0x19f290 | out: lphActCtx=0x19f290*=0x0) returned 1
[0115.573] ActivateActCtx (in: hActCtx=0x8166bc, lpCookie=0x19f2a0 | out: hActCtx=0x8166bc, lpCookie=0x19f2a0) returned 1
[0115.573] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x0
[0118.077] LoadLibraryW (lpLibFileName="comctl32.dll") returned 0x6ed70000
[0118.103] GetModuleHandleW (lpModuleName="user32.dll") returned 0x755e0000
[0118.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x19f158, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW£h;§\x96( «9khö\x19", lpUsedDefaultChar=0x0) returned 14
[0118.104] GetProcAddress (hModule=0x755e0000, lpProcName="DefWindowProcW") returned 0x741107e0
[0118.104] GetStockObject (i=5) returned 0x1900015
[0118.136] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0118.147] CoTaskMemAlloc (cb=0x5c) returned 0x821b30
[0118.147] RegisterClassW (lpWndClass=0x19f148) returned 0xc150
[0118.148] CoTaskMemFree (pv=0x821b30)
[0118.148] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0118.149] CreateWindowExW (dwExStyle=0x0, lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", lpWindowName=0x0, dwStyle=0x2010000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0xfffffffd, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0xa01f8
[0118.149] SetWindowLongW (hWnd=0xa01f8, nIndex=-4, dwNewLong=1947273184) returned 77006270
[0118.154] GetWindowLongW (hWnd=0xa01f8, nIndex=-4) returned 1947273184
[0118.186] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\.NETFramework", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e9a4 | out: phkResult=0x19e9a4*=0x288) returned 0x0
[0118.187] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgJITDebugLaunchSetting", lpReserved=0x0, lpType=0x19e9c4, lpData=0x0, lpcbData=0x19e9c0*=0x0 | out: lpType=0x19e9c4*=0x0, lpData=0x0, lpcbData=0x19e9c0*=0x0) returned 0x2
[0118.187] RegQueryValueExW (in: hKey=0x288, lpValueName="DbgManagedDebugger", lpReserved=0x0, lpType=0x19e9c4, lpData=0x0, lpcbData=0x19e9c0*=0x0 | out: lpType=0x19e9c4*=0x0, lpData=0x0, lpcbData=0x19e9c0*=0x0) returned 0x2
[0118.187] RegCloseKey (hKey=0x288) returned 0x0
[0118.190] SetWindowLongW (hWnd=0xa01f8, nIndex=-4, dwNewLong=77006310) returned 1947273184
[0118.190] GetWindowLongW (hWnd=0xa01f8, nIndex=-4) returned 77006310
[0118.190] GetWindowLongW (hWnd=0xa01f8, nIndex=-16) returned 113311744
[0118.191] RegisterClipboardFormatW (lpszFormat="WinFormsMouseEnter") returned 0xc1b8
[0118.193] CallWindowProcW (lpPrevWndFunc=0x741107e0, hWnd=0xa01f8, Msg=0x24, wParam=0x0, lParam=0x19ecbc) returned 0x0
[0118.193] RegisterClipboardFormatW (lpszFormat="WinFormsUnSubclass") returned 0xc1b9
[0118.193] CallWindowProcW (lpPrevWndFunc=0x741107e0, hWnd=0xa01f8, Msg=0x81, wParam=0x0, lParam=0x19ecb0) returned 0x1
[0118.196] CallWindowProcW (lpPrevWndFunc=0x741107e0, hWnd=0xa01f8, Msg=0x83, wParam=0x0, lParam=0x19ec9c) returned 0x0
[0118.753] CallWindowProcW (lpPrevWndFunc=0x741107e0, hWnd=0xa01f8, Msg=0x1, wParam=0x0, lParam=0x19ecb0) returned 0x0
[0118.756] GetClientRect (in: hWnd=0xa01f8, lpRect=0x19e9dc | out: lpRect=0x19e9dc) returned 1
[0118.757] GetWindowRect (in: hWnd=0xa01f8, lpRect=0x19e9dc | out: lpRect=0x19e9dc) returned 1
[0118.759] GetParent (hWnd=0xa01f8) returned 0x0
[0118.759] DeactivateActCtx (dwFlags=0x0, ulCookie=0x19050001) returned 1
[0119.051] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.052] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.052] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.054] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.061] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.061] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.061] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.062] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.062] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.062] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.064] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.066] AdjustWindowRectEx (in: lpRect=0x19edcc, dwStyle=0x56010000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19edcc) returned 1
[0119.066] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.066] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.066] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.066] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.067] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.067] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.067] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.067] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.067] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.067] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.067] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.067] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.068] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.068] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.068] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.068] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.068] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.068] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.069] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.069] AdjustWindowRectEx (in: lpRect=0x19ede0, dwStyle=0x5601008d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede0) returned 1
[0119.070] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.071] AdjustWindowRectEx (in: lpRect=0x19ede4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede4) returned 1
[0119.071] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.071] AdjustWindowRectEx (in: lpRect=0x19ede4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede4) returned 1
[0119.071] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.071] AdjustWindowRectEx (in: lpRect=0x19ede4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede4) returned 1
[0119.071] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.072] AdjustWindowRectEx (in: lpRect=0x19ede4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede4) returned 1
[0119.072] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0119.072] AdjustWindowRectEx (in: lpRect=0x19ede4, dwStyle=0x56010000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ede4) returned 1
[0120.123] GdiplusStartup (in: token=0x5e5ef0, input=0x19e2c8, output=0x19e318 | out: token=0x5e5ef0, output=0x19e318) returned 0x0
[0120.163] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0121.964] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=1, unit=0x3, font=0x222a874) returned 0x0
[0122.044] GdipGetFontSize (font=0x46e04c0, size=0x222a878) returned 0x0
[0122.050] GetSystemDefaultLCID () returned 0x409
[0122.050] GetStockObject (i=17) returned 0x10a0047
[0122.054] GetObjectW (in: h=0x10a0047, c=92, pv=0x19ec64 | out: pv=0x19ec64) returned 92
[0122.056] GetDC (hWnd=0x0) returned 0xa0100d0
[0122.062] CoTaskMemAlloc (cb=0x5c) returned 0x821650
[0122.063] GdipCreateFontFromLogfontW (hdc=0xa0100d0, logfont=0x821650, font=0x19ed2c) returned 0x0
[0122.105] CoTaskMemFree (pv=0x821650)
[0122.107] CoTaskMemAlloc (cb=0x5c) returned 0x8219f8
[0122.107] CoTaskMemFree (pv=0x8219f8)
[0122.107] CoTaskMemAlloc (cb=0x5c) returned 0x821b30
[0122.107] CoTaskMemFree (pv=0x821b30)
[0122.108] GdipGetFontUnit (font=0x5a8a920, unit=0x19ecf8) returned 0x0
[0122.108] GdipGetFontSize (font=0x5a8a920, size=0x19ecfc) returned 0x0
[0122.108] GdipGetFontStyle (font=0x5a8a920, style=0x19ecf4) returned 0x0
[0122.108] GdipGetFamily (font=0x5a8a920, family=0x19ecf0) returned 0x0
[0122.108] GdipGetFontSize (font=0x5a8a920, size=0x222aed8) returned 0x0
[0122.109] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0122.109] GetDC (hWnd=0x0) returned 0xa0100d0
[0122.110] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19ed18) returned 0x0
[0122.116] GdipGetDpiY (graphics=0x5a8f5e8, dpi=0x222afe0) returned 0x0
[0122.116] GdipGetFontHeight (font=0x5a8a920, graphics=0x5a8f5e8, height=0x19ed10) returned 0x0
[0122.117] GdipGetEmHeight (family=0x5a854a8, style=0, EmHeight=0x19ed18) returned 0x0
[0122.117] GdipGetLineSpacing (family=0x5a854a8, style=0, LineSpacing=0x19ed18) returned 0x0
[0122.117] GdipDeleteGraphics (graphics=0x5a8f5e8) returned 0x0
[0122.119] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0122.119] GdipCreateFont (fontFamily=0x5a854a8, emSize=0x41040000, style=0, unit=0x3, font=0x222afa0) returned 0x0
[0122.119] GdipGetFontSize (font=0x5a8ab38, size=0x222afa4) returned 0x0
[0122.119] GdipDeleteFont (font=0x5a8a920) returned 0x0
[0122.123] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.123] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.134] GetProcessWindowStation () returned 0xf0
[0122.148] GetUserObjectInformationA (in: hObj=0xf0, nIndex=1, pvInfo=0x222b73c, nLength=0xc, lpnLengthNeeded=0x19ec1c | out: pvInfo=0x222b73c, lpnLengthNeeded=0x19ec1c) returned 1
[0122.151] SetConsoleCtrlHandler (HandlerRoutine=0x497060e, Add=1) returned 1
[0122.152] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0122.153] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0122.155] GetClassInfoW (in: hInstance=0x400000, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWndClass=0x222b7a0 | out: lpWndClass=0x222b7a0) returned 0
[0122.158] CoTaskMemAlloc (cb=0x58) returned 0x8188f8
[0122.158] RegisterClassW (lpWndClass=0x19eb6c) returned 0xc1de
[0122.158] CoTaskMemFree (pv=0x8188f8)
[0122.159] CreateWindowExW (dwExStyle=0x0, lpClassName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", lpWindowName=".NET-BroadcastEventWindow.4.0.0.0.141b42a.0", dwStyle=0x80000000, X=0, Y=0, nWidth=0, nHeight=0, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x701ec
[0122.160] NtdllDefWindowProc_W (hWnd=0x701ec, Msg=0x81, wParam=0x0, lParam=0x19e6a8) returned 0x1
[0122.165] NtdllDefWindowProc_W (hWnd=0x701ec, Msg=0x83, wParam=0x0, lParam=0x19e694) returned 0x0
[0122.165] NtdllDefWindowProc_W (hWnd=0x701ec, Msg=0x1, wParam=0x0, lParam=0x19e6a8) returned 0x0
[0122.166] NtdllDefWindowProc_W (hWnd=0x701ec, Msg=0x5, wParam=0x0, lParam=0x0) returned 0x0
[0122.166] NtdllDefWindowProc_W (hWnd=0x701ec, Msg=0x3, wParam=0x0, lParam=0x0) returned 0x0
[0122.169] GetSysColor (nIndex=10) returned 0xb4b4b4
[0122.169] GetSysColor (nIndex=2) returned 0xd1b499
[0122.169] GetSysColor (nIndex=9) returned 0x0
[0122.170] GetSysColor (nIndex=12) returned 0xababab
[0122.170] GetSysColor (nIndex=15) returned 0xf0f0f0
[0122.170] GetSysColor (nIndex=20) returned 0xffffff
[0122.170] GetSysColor (nIndex=16) returned 0xa0a0a0
[0122.170] GetSysColor (nIndex=15) returned 0xf0f0f0
[0122.170] GetSysColor (nIndex=16) returned 0xa0a0a0
[0122.170] GetSysColor (nIndex=21) returned 0x696969
[0122.170] GetSysColor (nIndex=22) returned 0xe3e3e3
[0122.170] GetSysColor (nIndex=20) returned 0xffffff
[0122.170] GetSysColor (nIndex=18) returned 0x0
[0122.170] GetSysColor (nIndex=1) returned 0x0
[0122.170] GetSysColor (nIndex=27) returned 0xead1b9
[0122.170] GetSysColor (nIndex=28) returned 0xf2e4d7
[0122.170] GetSysColor (nIndex=17) returned 0x6d6d6d
[0122.170] GetSysColor (nIndex=13) returned 0xff9933
[0122.170] GetSysColor (nIndex=14) returned 0xffffff
[0122.170] GetSysColor (nIndex=26) returned 0xcc6600
[0122.171] GetSysColor (nIndex=11) returned 0xfcf7f4
[0122.171] GetSysColor (nIndex=3) returned 0xdbcdbf
[0122.171] GetSysColor (nIndex=19) returned 0x0
[0122.171] GetSysColor (nIndex=24) returned 0xe1ffff
[0122.171] GetSysColor (nIndex=23) returned 0x0
[0122.171] GetSysColor (nIndex=4) returned 0xf0f0f0
[0122.171] GetSysColor (nIndex=30) returned 0xf0f0f0
[0122.171] GetSysColor (nIndex=29) returned 0xff9933
[0122.171] GetSysColor (nIndex=7) returned 0x0
[0122.171] GetSysColor (nIndex=0) returned 0xc8c8c8
[0122.171] GetSysColor (nIndex=5) returned 0xffffff
[0122.171] GetSysColor (nIndex=6) returned 0x646464
[0122.171] GetSysColor (nIndex=8) returned 0x0
[0122.173] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.174] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.175] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.176] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=3, unit=0x3, font=0x222bc80) returned 0x0
[0122.176] GdipGetFontSize (font=0x5a8a920, size=0x222bc84) returned 0x0
[0122.177] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.177] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.177] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.177] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.178] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.178] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41c00000, style=3, unit=0x3, font=0x222be30) returned 0x0
[0122.178] GdipGetFontSize (font=0x5a8b000, size=0x222be34) returned 0x0
[0122.182] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.182] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.183] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.183] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.183] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.183] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=3, unit=0x3, font=0x222c010) returned 0x0
[0122.183] GdipGetFontSize (font=0x5a8b028, size=0x222c014) returned 0x0
[0122.184] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.184] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.184] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.184] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.184] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.184] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=3, unit=0x3, font=0x222c1c0) returned 0x0
[0122.185] GdipGetFontSize (font=0x5a8b050, size=0x222c1c4) returned 0x0
[0122.185] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.185] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.185] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.185] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.186] GetCurrentThreadId () returned 0x9e8
[0122.187] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.187] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19ed6c) returned 1
[0122.201] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.202] AdjustWindowRectEx (in: lpRect=0x19ec20, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec20) returned 1
[0122.207] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebec, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.209] CreateCompatibleDC (hdc=0x0) returned 0xc010682
[0122.211] GetCurrentObject (hdc=0xc010682, type=0x1) returned 0x1b00017
[0122.211] GetCurrentObject (hdc=0xc010682, type=0x2) returned 0x1900010
[0122.211] GetCurrentObject (hdc=0xc010682, type=0x7) returned 0x185000f
[0122.211] GetCurrentObject (hdc=0xc010682, type=0x6) returned 0x18a0048
[0122.214] SaveDC (hdc=0xc010682) returned 1
[0122.214] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.217] CoTaskMemAlloc (cb=0x5c) returned 0x821720
[0122.217] CreateFontIndirectW (lplf=0x821720) returned 0x200a01bf
[0122.217] CoTaskMemFree (pv=0x821720)
[0122.218] GetObjectW (in: h=0x200a01bf, c=92, pv=0x19ebc4 | out: pv=0x19ebc4) returned 92
[0122.223] GetCurrentObject (hdc=0xc010682, type=0x6) returned 0x18a0048
[0122.223] GetObjectW (in: h=0x18a0048, c=92, pv=0x19ebac | out: pv=0x19ebac) returned 92
[0122.223] SelectObject (hdc=0xc010682, h=0x200a01bf) returned 0x18a0048
[0122.224] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222ca08 | out: psizl=0x222ca08) returned 1
[0122.233] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.233] AdjustWindowRectEx (in: lpRect=0x19ecf4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecf4) returned 1
[0122.233] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.234] AdjustWindowRectEx (in: lpRect=0x19ec18, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec18) returned 1
[0122.234] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebe4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.234] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.234] CoTaskMemAlloc (cb=0x5c) returned 0x821788
[0122.234] CreateFontIndirectW (lplf=0x821788) returned 0x1b0a0550
[0122.234] CoTaskMemFree (pv=0x821788)
[0122.234] GetObjectW (in: h=0x1b0a0550, c=92, pv=0x19ebbc | out: pv=0x19ebbc) returned 92
[0122.236] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222cc98 | out: psizl=0x222cc98) returned 1
[0122.241] DeleteObject (ho=0x1b0a0550) returned 1
[0122.241] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.241] AdjustWindowRectEx (in: lpRect=0x19ecec, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecec) returned 1
[0122.242] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.242] GdipCreateFont (fontFamily=0x5a854a8, emSize=0x41300000, style=1, unit=0x3, font=0x222cd10) returned 0x0
[0122.242] GdipGetFontSize (font=0x5a8b078, size=0x222cd14) returned 0x0
[0122.242] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.242] AdjustWindowRectEx (in: lpRect=0x19ebd8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebd8) returned 1
[0122.242] GdipGetFamilyName (in: family=0x5a854a8, name=0x19eba4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.242] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.242] CoTaskMemAlloc (cb=0x5c) returned 0x8219f8
[0122.242] CreateFontIndirectW (lplf=0x8219f8) returned 0x1c0a0550
[0122.243] CoTaskMemFree (pv=0x8219f8)
[0122.243] GetObjectW (in: h=0x1c0a0550, c=92, pv=0x19eb7c | out: pv=0x19eb7c) returned 92
[0122.243] SelectObject (hdc=0xc010682, h=0x1c0a0550) returned 0x200a01bf
[0122.243] DeleteObject (ho=0x200a01bf) returned 1
[0122.243] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222d024 | out: psizl=0x222d024) returned 1
[0122.245] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.245] AdjustWindowRectEx (in: lpRect=0x19ecac, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecac) returned 1
[0122.245] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.245] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.246] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.249] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.249] CoTaskMemAlloc (cb=0x5c) returned 0x8219f8
[0122.249] CreateFontIndirectW (lplf=0x8219f8) returned 0x210a01bf
[0122.249] CoTaskMemFree (pv=0x8219f8)
[0122.249] GetObjectW (in: h=0x210a01bf, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.249] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222d234 | out: psizl=0x222d234) returned 1
[0122.249] DeleteObject (ho=0x210a01bf) returned 1
[0122.250] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.250] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.250] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.250] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.250] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.250] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.250] CoTaskMemAlloc (cb=0x5c) returned 0x821b30
[0122.250] CreateFontIndirectW (lplf=0x821b30) returned 0x220a01bf
[0122.250] CoTaskMemFree (pv=0x821b30)
[0122.250] GetObjectW (in: h=0x220a01bf, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.251] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222d480 | out: psizl=0x222d480) returned 1
[0122.251] DeleteObject (ho=0x220a01bf) returned 1
[0122.251] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.251] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0122.254] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ead8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.254] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.255] CoTaskMemAlloc (cb=0x5c) returned 0x8215e8
[0122.255] CreateFontIndirectW (lplf=0x8215e8) returned 0x230a01bf
[0122.255] CoTaskMemFree (pv=0x8215e8)
[0122.255] GetObjectW (in: h=0x230a01bf, c=92, pv=0x19eab0 | out: pv=0x19eab0) returned 92
[0122.255] GetMapMode (hdc=0xc010682) returned 1
[0122.255] GetTextMetricsW (in: hdc=0xc010682, lptm=0x19eabc | out: lptm=0x19eabc) returned 1
[0122.257] DrawTextExW (in: hdc=0xc010682, lpchText="PAUSE", cchText=5, lprc=0x19ebd0, format=0x2400, lpdtp=0x222d784 | out: lpchText="PAUSE", lprc=0x19ebd0) returned 18
[0122.312] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.313] AdjustWindowRectEx (in: lpRect=0x19ecbc, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecbc) returned 1
[0122.314] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.314] AdjustWindowRectEx (in: lpRect=0x19ec20, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec20) returned 1
[0122.314] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebec, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.314] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.314] CoTaskMemAlloc (cb=0x5c) returned 0x821580
[0122.314] CreateFontIndirectW (lplf=0x821580) returned 0x7e0a097e
[0122.315] CoTaskMemFree (pv=0x821580)
[0122.315] GetObjectW (in: h=0x7e0a097e, c=92, pv=0x19ebc4 | out: pv=0x19ebc4) returned 92
[0122.315] SelectObject (hdc=0xc010682, h=0x7e0a097e) returned 0x1c0a0550
[0122.315] DeleteObject (ho=0x1c0a0550) returned 1
[0122.315] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222da5c | out: psizl=0x222da5c) returned 1
[0122.316] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.316] AdjustWindowRectEx (in: lpRect=0x19ecf4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecf4) returned 1
[0122.316] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.316] AdjustWindowRectEx (in: lpRect=0x19ec18, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec18) returned 1
[0122.316] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebe4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.316] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.316] CoTaskMemAlloc (cb=0x5c) returned 0x821928
[0122.316] CreateFontIndirectW (lplf=0x821928) returned 0x1d0a0550
[0122.317] CoTaskMemFree (pv=0x821928)
[0122.317] GetObjectW (in: h=0x1d0a0550, c=92, pv=0x19ebbc | out: pv=0x19ebbc) returned 92
[0122.317] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222dc88 | out: psizl=0x222dc88) returned 1
[0122.317] DeleteObject (ho=0x1d0a0550) returned 1
[0122.317] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.317] AdjustWindowRectEx (in: lpRect=0x19ecec, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecec) returned 1
[0122.317] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.318] GdipCreateFont (fontFamily=0x5a854a8, emSize=0x41300000, style=1, unit=0x3, font=0x222dd00) returned 0x0
[0122.318] GdipGetFontSize (font=0x5a8b0a0, size=0x222dd04) returned 0x0
[0122.318] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.318] AdjustWindowRectEx (in: lpRect=0x19ebd8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebd8) returned 1
[0122.318] GdipGetFamilyName (in: family=0x5a854a8, name=0x19eba4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.318] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.318] CoTaskMemAlloc (cb=0x5c) returned 0x8215e8
[0122.318] CreateFontIndirectW (lplf=0x8215e8) returned 0x1e0a0550
[0122.319] CoTaskMemFree (pv=0x8215e8)
[0122.319] GetObjectW (in: h=0x1e0a0550, c=92, pv=0x19eb7c | out: pv=0x19eb7c) returned 92
[0122.319] SelectObject (hdc=0xc010682, h=0x1e0a0550) returned 0x7e0a097e
[0122.319] DeleteObject (ho=0x7e0a097e) returned 1
[0122.319] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222e014 | out: psizl=0x222e014) returned 1
[0122.320] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.320] AdjustWindowRectEx (in: lpRect=0x19ecac, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecac) returned 1
[0122.320] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.321] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.321] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.321] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.321] CoTaskMemAlloc (cb=0x5c) returned 0x821b98
[0122.321] CreateFontIndirectW (lplf=0x821b98) returned 0x7f0a097e
[0122.321] CoTaskMemFree (pv=0x821b98)
[0122.321] GetObjectW (in: h=0x7f0a097e, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.322] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222e224 | out: psizl=0x222e224) returned 1
[0122.322] DeleteObject (ho=0x7f0a097e) returned 1
[0122.322] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.322] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.322] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.322] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.322] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.322] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.323] CoTaskMemAlloc (cb=0x5c) returned 0x8218c0
[0122.323] CreateFontIndirectW (lplf=0x8218c0) returned 0x800a097e
[0122.323] CoTaskMemFree (pv=0x8218c0)
[0122.323] GetObjectW (in: h=0x800a097e, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.323] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222e470 | out: psizl=0x222e470) returned 1
[0122.323] DeleteObject (ho=0x800a097e) returned 1
[0122.323] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.324] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0122.324] DrawTextExW (in: hdc=0xc010682, lpchText="NEW GAME", cchText=8, lprc=0x19ebd0, format=0x2400, lpdtp=0x222e4e4 | out: lpchText="NEW GAME", lprc=0x19ebd0) returned 18
[0122.324] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.324] AdjustWindowRectEx (in: lpRect=0x19ecbc, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecbc) returned 1
[0122.324] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.324] AdjustWindowRectEx (in: lpRect=0x19ec20, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec20) returned 1
[0122.324] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebec, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.325] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.325] CoTaskMemAlloc (cb=0x5c) returned 0x821580
[0122.325] CreateFontIndirectW (lplf=0x821580) returned 0x810a097e
[0122.325] CoTaskMemFree (pv=0x821580)
[0122.325] GetObjectW (in: h=0x810a097e, c=92, pv=0x19ebc4 | out: pv=0x19ebc4) returned 92
[0122.325] SelectObject (hdc=0xc010682, h=0x810a097e) returned 0x1e0a0550
[0122.325] DeleteObject (ho=0x1e0a0550) returned 1
[0122.325] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222e778 | out: psizl=0x222e778) returned 1
[0122.326] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.326] AdjustWindowRectEx (in: lpRect=0x19ecf4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecf4) returned 1
[0122.326] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.326] AdjustWindowRectEx (in: lpRect=0x19ec18, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec18) returned 1
[0122.326] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebe4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.326] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.326] CoTaskMemAlloc (cb=0x5c) returned 0x821a60
[0122.326] CreateFontIndirectW (lplf=0x821a60) returned 0x1f0a0550
[0122.327] CoTaskMemFree (pv=0x821a60)
[0122.327] GetObjectW (in: h=0x1f0a0550, c=92, pv=0x19ebbc | out: pv=0x19ebbc) returned 92
[0122.327] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222e9a4 | out: psizl=0x222e9a4) returned 1
[0122.327] DeleteObject (ho=0x1f0a0550) returned 1
[0122.327] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.327] AdjustWindowRectEx (in: lpRect=0x19ecec, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecec) returned 1
[0122.327] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.327] GdipCreateFont (fontFamily=0x5a854a8, emSize=0x41300000, style=1, unit=0x3, font=0x222ea1c) returned 0x0
[0122.327] GdipGetFontSize (font=0x5a8b0c8, size=0x222ea20) returned 0x0
[0122.328] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.328] AdjustWindowRectEx (in: lpRect=0x19ebd8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebd8) returned 1
[0122.328] GdipGetFamilyName (in: family=0x5a854a8, name=0x19eba4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.328] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.328] CoTaskMemAlloc (cb=0x5c) returned 0x821788
[0122.328] CreateFontIndirectW (lplf=0x821788) returned 0x200a0550
[0122.328] CoTaskMemFree (pv=0x821788)
[0122.329] GetObjectW (in: h=0x200a0550, c=92, pv=0x19eb7c | out: pv=0x19eb7c) returned 92
[0122.329] SelectObject (hdc=0xc010682, h=0x200a0550) returned 0x810a097e
[0122.329] DeleteObject (ho=0x810a097e) returned 1
[0122.329] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222ed30 | out: psizl=0x222ed30) returned 1
[0122.329] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.329] AdjustWindowRectEx (in: lpRect=0x19ecac, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecac) returned 1
[0122.330] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.330] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.330] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.330] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.330] CoTaskMemAlloc (cb=0x5c) returned 0x821990
[0122.330] CreateFontIndirectW (lplf=0x821990) returned 0x820a097e
[0122.330] CoTaskMemFree (pv=0x821990)
[0122.330] GetObjectW (in: h=0x820a097e, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.330] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222ef40 | out: psizl=0x222ef40) returned 1
[0122.330] DeleteObject (ho=0x820a097e) returned 1
[0122.331] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.332] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.333] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.333] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.333] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.333] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.333] CoTaskMemAlloc (cb=0x5c) returned 0x821518
[0122.333] CreateFontIndirectW (lplf=0x821518) returned 0x830a097e
[0122.333] CoTaskMemFree (pv=0x821518)
[0122.333] GetObjectW (in: h=0x830a097e, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.333] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222f18c | out: psizl=0x222f18c) returned 1
[0122.333] DeleteObject (ho=0x830a097e) returned 1
[0122.334] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.334] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0122.334] DrawTextExW (in: hdc=0xc010682, lpchText="HIGHEST SCORE", cchText=13, lprc=0x19ebd0, format=0x2400, lpdtp=0x222f200 | out: lpchText="HIGHEST SCORE", lprc=0x19ebd0) returned 18
[0122.334] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.334] AdjustWindowRectEx (in: lpRect=0x19ecbc, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecbc) returned 1
[0122.334] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.334] AdjustWindowRectEx (in: lpRect=0x19ec20, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec20) returned 1
[0122.334] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebec, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.335] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.335] CoTaskMemAlloc (cb=0x5c) returned 0x8218c0
[0122.335] CreateFontIndirectW (lplf=0x8218c0) returned 0x840a097e
[0122.335] CoTaskMemFree (pv=0x8218c0)
[0122.335] GetObjectW (in: h=0x840a097e, c=92, pv=0x19ebc4 | out: pv=0x19ebc4) returned 92
[0122.335] SelectObject (hdc=0xc010682, h=0x840a097e) returned 0x200a0550
[0122.335] DeleteObject (ho=0x200a0550) returned 1
[0122.335] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222f494 | out: psizl=0x222f494) returned 1
[0122.336] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.336] AdjustWindowRectEx (in: lpRect=0x19ecf4, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecf4) returned 1
[0122.336] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.340] AdjustWindowRectEx (in: lpRect=0x19ec18, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec18) returned 1
[0122.340] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebe4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.340] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.340] CoTaskMemAlloc (cb=0x5c) returned 0x8218c0
[0122.340] CreateFontIndirectW (lplf=0x8218c0) returned 0x210a0550
[0122.341] CoTaskMemFree (pv=0x8218c0)
[0122.341] GetObjectW (in: h=0x210a0550, c=92, pv=0x19ebbc | out: pv=0x19ebbc) returned 92
[0122.341] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222f6c0 | out: psizl=0x222f6c0) returned 1
[0122.341] DeleteObject (ho=0x210a0550) returned 1
[0122.341] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.341] AdjustWindowRectEx (in: lpRect=0x19ecec, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecec) returned 1
[0122.341] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.342] GdipCreateFont (fontFamily=0x5a854a8, emSize=0x41300000, style=1, unit=0x3, font=0x222f738) returned 0x0
[0122.342] GdipGetFontSize (font=0x5a8b0f0, size=0x222f73c) returned 0x0
[0122.342] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.342] AdjustWindowRectEx (in: lpRect=0x19ebd8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebd8) returned 1
[0122.342] GdipGetFamilyName (in: family=0x5a854a8, name=0x19eba4, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.342] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.342] CoTaskMemAlloc (cb=0x5c) returned 0x8218c0
[0122.342] CreateFontIndirectW (lplf=0x8218c0) returned 0x220a0550
[0122.342] CoTaskMemFree (pv=0x8218c0)
[0122.342] GetObjectW (in: h=0x220a0550, c=92, pv=0x19eb7c | out: pv=0x19eb7c) returned 92
[0122.343] SelectObject (hdc=0xc010682, h=0x220a0550) returned 0x840a097e
[0122.343] DeleteObject (ho=0x840a097e) returned 1
[0122.343] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222fa4c | out: psizl=0x222fa4c) returned 1
[0122.343] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.343] AdjustWindowRectEx (in: lpRect=0x19ecac, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecac) returned 1
[0122.344] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.344] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.344] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.344] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.344] CoTaskMemAlloc (cb=0x5c) returned 0x821b30
[0122.344] CreateFontIndirectW (lplf=0x821b30) returned 0x850a097e
[0122.344] CoTaskMemFree (pv=0x821b30)
[0122.344] GetObjectW (in: h=0x850a097e, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.344] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222fc5c | out: psizl=0x222fc5c) returned 1
[0122.344] DeleteObject (ho=0x850a097e) returned 1
[0122.345] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.345] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.345] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.345] AdjustWindowRectEx (in: lpRect=0x19ec0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec0c) returned 1
[0122.345] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ebd8, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.345] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.345] CoTaskMemAlloc (cb=0x5c) returned 0x8214b0
[0122.345] CreateFontIndirectW (lplf=0x8214b0) returned 0x860a097e
[0122.345] CoTaskMemFree (pv=0x8214b0)
[0122.345] GetObjectW (in: h=0x860a097e, c=92, pv=0x19ebb0 | out: pv=0x19ebb0) returned 92
[0122.345] GetTextExtentPoint32W (in: hdc=0xc010682, lpString="0", c=1, psizl=0x222fea8 | out: psizl=0x222fea8) returned 1
[0122.345] DeleteObject (ho=0x860a097e) returned 1
[0122.346] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.346] AdjustWindowRectEx (in: lpRect=0x19ebe8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ebe8) returned 1
[0122.346] DrawTextExW (in: hdc=0xc010682, lpchText="HELP", cchText=4, lprc=0x19ebd0, format=0x2400, lpdtp=0x222ff1c | out: lpchText="HELP", lprc=0x19ebd0) returned 18
[0122.347] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.347] AdjustWindowRectEx (in: lpRect=0x19ecbc, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ecbc) returned 1
[0122.347] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.347] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=3, unit=0x3, font=0x222ffbc) returned 0x0
[0122.347] GdipGetFontSize (font=0x5a8b118, size=0x222ffc0) returned 0x0
[0122.348] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.348] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.348] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.348] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.348] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.348] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=3, unit=0x3, font=0x223016c) returned 0x0
[0122.348] GdipGetFontSize (font=0x5a8b140, size=0x2230170) returned 0x0
[0122.349] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.349] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.349] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.349] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.349] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.349] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41b00000, style=3, unit=0x3, font=0x223031c) returned 0x0
[0122.349] GdipGetFontSize (font=0x5a8b168, size=0x2230320) returned 0x0
[0122.349] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.350] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.350] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.350] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.350] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.350] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41a00000, style=3, unit=0x3, font=0x22304cc) returned 0x0
[0122.350] GdipGetFontSize (font=0x5a8b190, size=0x22304d0) returned 0x0
[0122.351] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.351] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.351] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.351] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.352] GdipCreateFontFamilyFromName (name="Mistral", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.352] GdipCreateFont (fontFamily=0x46e7e90, emSize=0x41a00000, style=3, unit=0x3, font=0x22306cc) returned 0x0
[0122.352] GdipGetFontSize (font=0x5a8b1b8, size=0x22306d0) returned 0x0
[0122.353] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.353] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.354] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.354] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.355] GdipCreateFontFamilyFromName (name="Microsoft Sans Serif", fontCollection=0x0, fontFamily=0x19edbc) returned 0x0
[0122.355] GdipCreateFont (fontFamily=0x5a854a8, emSize=0x41800000, style=1, unit=0x3, font=0x2230990) returned 0x0
[0122.355] GdipGetFontSize (font=0x5a8b1e0, size=0x2230994) returned 0x0
[0122.356] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.356] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.356] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.356] AdjustWindowRectEx (in: lpRect=0x19ed40, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed40) returned 1
[0122.357] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.357] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.357] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.357] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.359] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.360] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.360] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.360] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.361] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.361] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.361] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.362] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.362] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.362] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.362] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.362] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.362] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.363] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.363] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.363] AdjustWindowRectEx (in: lpRect=0x19ed6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ed6c) returned 1
[0122.365] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.366] AdjustWindowRectEx (in: lpRect=0x19eda0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19eda0) returned 1
[0122.366] GetSystemMetrics (nIndex=59) returned 1456
[0122.366] GetSystemMetrics (nIndex=60) returned 916
[0122.366] GetSystemMetrics (nIndex=34) returned 136
[0122.366] GetSystemMetrics (nIndex=35) returned 39
[0122.366] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.366] AdjustWindowRectEx (in: lpRect=0x19eca0, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19eca0) returned 1
[0122.367] GetCurrentThreadId () returned 0x9e8
[0122.367] GetCurrentThreadId () returned 0x9e8
[0122.367] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.367] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.367] GdipGetFamilyName (in: family=0x5a854a8, name=0x19ea8c, language=0x409 | out: name="Microsoft Sans Serif") returned 0x0
[0122.367] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.367] CoTaskMemAlloc (cb=0x5c) returned 0x821720
[0122.367] CreateFontIndirectW (lplf=0x821720) returned 0x870a097e
[0122.368] CoTaskMemFree (pv=0x821720)
[0122.368] GetObjectW (in: h=0x870a097e, c=92, pv=0x19ea64 | out: pv=0x19ea64) returned 92
[0122.368] SelectObject (hdc=0xc010682, h=0x870a097e) returned 0x220a0550
[0122.368] DeleteObject (ho=0x220a0550) returned 1
[0122.368] GetMapMode (hdc=0xc010682) returned 1
[0122.368] GetTextMetricsW (in: hdc=0xc010682, lptm=0x19ea70 | out: lptm=0x19ea70) returned 1
[0122.370] DrawTextExW (in: hdc=0xc010682, lpchText="Switch Mode", cchText=11, lprc=0x19eb84, format=0x2400, lpdtp=0x2231310 | out: lpchText="Switch Mode", lprc=0x19eb84) returned 26
[0122.389] GetCurrentThreadId () returned 0x9e8
[0122.389] GetCurrentThreadId () returned 0x9e8
[0122.389] GetCurrentThreadId () returned 0x9e8
[0122.389] GetCurrentThreadId () returned 0x9e8
[0122.389] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.390] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.390] GdipGetFamilyName (in: family=0x46e7e90, name=0x19ea8c, language=0x409 | out: name="Mistral") returned 0x0
[0122.390] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.391] CoTaskMemAlloc (cb=0x5c) returned 0x821b98
[0122.391] CreateFontIndirectW (lplf=0x821b98) returned 0x230a0550
[0122.391] CoTaskMemFree (pv=0x821b98)
[0122.391] GetObjectW (in: h=0x230a0550, c=92, pv=0x19ea64 | out: pv=0x19ea64) returned 92
[0122.391] SelectObject (hdc=0xc010682, h=0x230a0550) returned 0x870a097e
[0122.391] GetMapMode (hdc=0xc010682) returned 1
[0122.391] GetTextMetricsW (in: hdc=0xc010682, lptm=0x19ea70 | out: lptm=0x19ea70) returned 1
[0122.393] DrawTextExW (in: hdc=0xc010682, lpchText="Easy", cchText=4, lprc=0x19eb84, format=0x2400, lpdtp=0x22315a8 | out: lpchText="Easy", lprc=0x19eb84) returned 33
[0122.398] GetCurrentThreadId () returned 0x9e8
[0122.398] GetCurrentThreadId () returned 0x9e8
[0122.398] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.398] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x4600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.398] DrawTextExW (in: hdc=0xc010682, lpchText="NightMare", cchText=9, lprc=0x19eb84, format=0x2400, lpdtp=0x2231684 | out: lpchText="NightMare", lprc=0x19eb84) returned 33
[0122.399] GetCurrentThreadId () returned 0x9e8
[0122.399] GetCurrentThreadId () returned 0x9e8
[0122.399] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.400] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.400] GdipGetFamilyName (in: family=0x46e7e90, name=0x19ea8c, language=0x409 | out: name="Mistral") returned 0x0
[0122.400] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.400] CoTaskMemAlloc (cb=0x5c) returned 0x8214b0
[0122.400] CreateFontIndirectW (lplf=0x8214b0) returned 0xa50a0936
[0122.400] CoTaskMemFree (pv=0x8214b0)
[0122.400] GetObjectW (in: h=0xa50a0936, c=92, pv=0x19ea64 | out: pv=0x19ea64) returned 92
[0122.400] SelectObject (hdc=0xc010682, h=0xa50a0936) returned 0x230a0550
[0122.400] GetMapMode (hdc=0xc010682) returned 1
[0122.400] GetTextMetricsW (in: hdc=0xc010682, lptm=0x19ea70 | out: lptm=0x19ea70) returned 1
[0122.401] DrawTextExW (in: hdc=0xc010682, lpchText="MODE:", cchText=5, lprc=0x19eb84, format=0x2400, lpdtp=0x22318fc | out: lpchText="MODE:", lprc=0x19eb84) returned 35
[0122.413] GetCurrentThreadId () returned 0x9e8
[0122.413] GetCurrentThreadId () returned 0x9e8
[0122.413] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.414] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.414] DrawTextExW (in: hdc=0xc010682, lpchText="SPEED:", cchText=6, lprc=0x19eb84, format=0x2400, lpdtp=0x22319d8 | out: lpchText="SPEED:", lprc=0x19eb84) returned 35
[0122.415] GetCurrentThreadId () returned 0x9e8
[0122.415] GetCurrentThreadId () returned 0x9e8
[0122.415] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.416] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.416] DrawTextExW (in: hdc=0xc010682, lpchText="15", cchText=2, lprc=0x19eb84, format=0x2400, lpdtp=0x2231ab4 | out: lpchText="15", lprc=0x19eb84) returned 35
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetCurrentThreadId () returned 0x9e8
[0122.417] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.417] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.417] DrawTextExW (in: hdc=0xc010682, lpchText="00:01", cchText=5, lprc=0x19eb84, format=0x2400, lpdtp=0x2231cc0 | out: lpchText="00:01", lprc=0x19eb84) returned 35
[0122.418] GetCurrentThreadId () returned 0x9e8
[0122.418] GetCurrentThreadId () returned 0x9e8
[0122.418] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.418] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.418] DrawTextExW (in: hdc=0xc010682, lpchText="TIME:", cchText=5, lprc=0x19eb84, format=0x2400, lpdtp=0x2231d9c | out: lpchText="TIME:", lprc=0x19eb84) returned 35
[0122.419] GetCurrentThreadId () returned 0x9e8
[0122.419] GetCurrentThreadId () returned 0x9e8
[0122.419] GetCurrentThreadId () returned 0x9e8
[0122.419] GetCurrentThreadId () returned 0x9e8
[0122.419] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.419] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.419] GdipGetFamilyName (in: family=0x46e7e90, name=0x19ea8c, language=0x409 | out: name="Mistral") returned 0x0
[0122.419] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.419] CoTaskMemAlloc (cb=0x5c) returned 0x8218c0
[0122.420] CreateFontIndirectW (lplf=0x8218c0) returned 0x390a098c
[0122.420] CoTaskMemFree (pv=0x8218c0)
[0122.420] GetObjectW (in: h=0x390a098c, c=92, pv=0x19ea64 | out: pv=0x19ea64) returned 92
[0122.420] SelectObject (hdc=0xc010682, h=0x390a098c) returned 0xa50a0936
[0122.421] GetMapMode (hdc=0xc010682) returned 1
[0122.421] GetTextMetricsW (in: hdc=0xc010682, lptm=0x19ea70 | out: lptm=0x19ea70) returned 1
[0122.421] DrawTextExW (in: hdc=0xc010682, lpchText="Snake World !!!", cchText=15, lprc=0x19eb84, format=0x2400, lpdtp=0x2232034 | out: lpchText="Snake World !!!", lprc=0x19eb84) returned 38
[0122.423] GetCurrentThreadId () returned 0x9e8
[0122.423] GetCurrentThreadId () returned 0x9e8
[0122.423] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.424] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.424] SelectObject (hdc=0xc010682, h=0xa50a0936) returned 0x390a098c
[0122.424] DrawTextExW (in: hdc=0xc010682, lpchText="100", cchText=3, lprc=0x19eb84, format=0x2400, lpdtp=0x223212c | out: lpchText="100", lprc=0x19eb84) returned 35
[0122.424] GetCurrentThreadId () returned 0x9e8
[0122.424] GetCurrentThreadId () returned 0x9e8
[0122.424] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.425] AdjustWindowRectEx (in: lpRect=0x19eb9c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb9c) returned 1
[0122.425] GdipGetFamilyName (in: family=0x46e7e90, name=0x19ea8c, language=0x409 | out: name="Mistral") returned 0x0
[0122.425] GetDeviceCaps (hdc=0xc010682, index=90) returned 96
[0122.425] CoTaskMemAlloc (cb=0x5c) returned 0x821720
[0122.425] CreateFontIndirectW (lplf=0x821720) returned 0x2a0a0923
[0122.425] CoTaskMemFree (pv=0x821720)
[0122.425] GetObjectW (in: h=0x2a0a0923, c=92, pv=0x19ea64 | out: pv=0x19ea64) returned 92
[0122.425] SelectObject (hdc=0xc010682, h=0x2a0a0923) returned 0xa50a0936
[0122.425] GetMapMode (hdc=0xc010682) returned 1
[0122.425] GetTextMetricsW (in: hdc=0xc010682, lptm=0x19ea70 | out: lptm=0x19ea70) returned 1
[0122.426] DrawTextExW (in: hdc=0xc010682, lpchText="SCORE:", cchText=6, lprc=0x19eb84, format=0x2400, lpdtp=0x2232378 | out: lpchText="SCORE:", lprc=0x19eb84) returned 35
[0122.428] GetCurrentThreadId () returned 0x9e8
[0122.428] GetCurrentThreadId () returned 0x9e8
[0122.429] CreateCompatibleDC (hdc=0x0) returned 0xbe01095a
[0122.430] GetDC (hWnd=0x0) returned 0xa0100d0
[0122.433] GdipCreateFromHDC (hdc=0xa0100d0, graphics=0x19ebf0) returned 0x0
[0122.434] CoTaskMemAlloc (cb=0x5c) returned 0x8214b0
[0122.434] GdipGetLogFontW (font=0x5a8ab38, graphics=0x5a8f5e8, logfontW=0x8214b0) returned 0x0
[0122.440] CoTaskMemFree (pv=0x8214b0)
[0122.440] CoTaskMemAlloc (cb=0x5c) returned 0x821b30
[0122.440] CoTaskMemFree (pv=0x821b30)
[0122.440] CoTaskMemAlloc (cb=0x5c) returned 0x821b98
[0122.441] CoTaskMemFree (pv=0x821b98)
[0122.441] GdipDeleteGraphics (graphics=0x5a8f5e8) returned 0x0
[0122.441] ReleaseDC (hWnd=0x0, hDC=0xa0100d0) returned 1
[0122.441] CoTaskMemAlloc (cb=0x5c) returned 0x821650
[0122.441] CreateFontIndirectW (lplf=0x821650) returned 0x600a0987
[0122.441] CoTaskMemFree (pv=0x821650)
[0122.442] SelectObject (hdc=0xbe01095a, h=0x600a0987) returned 0x18a0048
[0122.442] GetTextMetricsW (in: hdc=0xbe01095a, lptm=0x19ecfc | out: lptm=0x19ecfc) returned 1
[0122.442] GetTextExtentPoint32W (in: hdc=0xbe01095a, lpString="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c=52, psizl=0x223280c | out: psizl=0x223280c) returned 1
[0122.443] SelectObject (hdc=0xbe01095a, h=0x18a0048) returned 0x600a0987
[0122.443] DeleteDC (hdc=0xbe01095a) returned 1
[0122.443] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.444] AdjustWindowRectEx (in: lpRect=0x19ecdc, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19ecdc) returned 1
[0122.444] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.444] AdjustWindowRectEx (in: lpRect=0x19eb40, dwStyle=0x56000000, bMenu=0, dwExStyle=0x10000 | out: lpRect=0x19eb40) returned 1
[0122.444] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.444] AdjustWindowRectEx (in: lpRect=0x19eca8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eca8) returned 1
[0122.444] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.445] AdjustWindowRectEx (in: lpRect=0x19eb0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb0c) returned 1
[0122.445] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.445] AdjustWindowRectEx (in: lpRect=0x19e968, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e968) returned 1
[0122.445] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.445] AdjustWindowRectEx (in: lpRect=0x19eca8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eca8) returned 1
[0122.445] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.445] AdjustWindowRectEx (in: lpRect=0x19eb0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb0c) returned 1
[0122.446] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.446] AdjustWindowRectEx (in: lpRect=0x19e968, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e968) returned 1
[0122.446] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.446] AdjustWindowRectEx (in: lpRect=0x19eca8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eca8) returned 1
[0122.446] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.446] AdjustWindowRectEx (in: lpRect=0x19eb0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb0c) returned 1
[0122.446] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.446] AdjustWindowRectEx (in: lpRect=0x19e968, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e968) returned 1
[0122.446] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.447] AdjustWindowRectEx (in: lpRect=0x19eca8, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eca8) returned 1
[0122.447] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.447] AdjustWindowRectEx (in: lpRect=0x19eb0c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19eb0c) returned 1
[0122.447] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.447] AdjustWindowRectEx (in: lpRect=0x19e968, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e968) returned 1
[0122.449] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.449] AdjustWindowRectEx (in: lpRect=0x19ea54, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19ea54) returned 1
[0122.449] GetCursorPos (in: lpPoint=0x2232f3c | out: lpPoint=0x2232f3c*(x=311, y=433)) returned 1
[0122.451] GetSystemMetrics (nIndex=80) returned 1
[0122.459] MonitorFromPoint (pt=0x137, dwFlags=0x1b1) returned 0x10001
[0122.460] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x19e930 | out: lpmi=0x19e930) returned 1
[0122.517] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x6701092e
[0122.519] GetDeviceCaps (hdc=0x6701092e, index=12) returned 32
[0122.519] GetDeviceCaps (hdc=0x6701092e, index=14) returned 1
[0122.525] DeleteDC (hdc=0x6701092e) returned 1
[0122.526] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x19e984 | out: lpmi=0x19e984) returned 1
[0122.526] AdjustWindowRectEx (in: lpRect=0x19ec74, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19ec74) returned 1
[0122.527] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.527] AdjustWindowRectEx (in: lpRect=0x19e9cc, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19e9cc) returned 1
[0122.527] GetCursorPos (in: lpPoint=0x2233270 | out: lpPoint=0x2233270*(x=311, y=433)) returned 1
[0122.527] MonitorFromPoint (pt=0x137, dwFlags=0x1b3) returned 0x10001
[0122.527] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x19e8a8 | out: lpmi=0x19e8a8) returned 1
[0122.527] CreateDCW (pwszDriver="\\\\.\\DISPLAY1", pwszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x6801092e
[0122.533] GetDeviceCaps (hdc=0x6801092e, index=12) returned 32
[0122.533] GetDeviceCaps (hdc=0x6801092e, index=14) returned 1
[0122.533] DeleteDC (hdc=0x6801092e) returned 1
[0122.533] GetMonitorInfoW (in: hMonitor=0x10001, lpmi=0x19e8fc | out: lpmi=0x19e8fc) returned 1
[0122.533] AdjustWindowRectEx (in: lpRect=0x19eaac, dwStyle=0x2cf0000, bMenu=0, dwExStyle=0x50000 | out: lpRect=0x19eaac) returned 1
[0122.533] GetSystemMetrics (nIndex=34) returned 136
[0122.533] GetSystemMetrics (nIndex=35) returned 39
[0122.534] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.534] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.534] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.534] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.534] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.535] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5680000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.535] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.535] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.536] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.536] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.536] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.536] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.536] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.536] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.537] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.537] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.537] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.537] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x4600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.537] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.537] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x4600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.538] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.538] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x4600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.538] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.538] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.538] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.538] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.539] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.539] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.539] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.539] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.539] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.539] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.540] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.540] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.540] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.540] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.540] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.540] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.541] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.541] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.541] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.541] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x46000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.541] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.541] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x46000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.542] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.542] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.542] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.542] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.542] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.542] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.543] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.543] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.543] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.543] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.543] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.544] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.544] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.544] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.544] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.544] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.544] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.545] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.545] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.545] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.545] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.545] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.546] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.546] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.546] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.546] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.546] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.546] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.547] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.547] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.547] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.547] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.547] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.547] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.548] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.548] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.548] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.548] AdjustWindowRectEx (in: lpRect=0x19e92c, dwStyle=0x5600000d, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19e92c) returned 1
[0122.548] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.548] AdjustWindowRectEx (in: lpRect=0x19ec6c, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ec6c) returned 1
[0122.549] GetModuleHandleW (lpModuleName="comctl32.dll") returned 0x687a0000
[0122.549] AdjustWindowRectEx (in: lpRect=0x19ead0, dwStyle=0x56000000, bMenu=0, dwExStyle=0x0 | out: lpRect=0x19ead0) returned 1
[0122.638] EtwEventRegister (in: ProviderId=0x2233d44, EnableCallback=0x497065e, CallbackContext=0x0, RegHandle=0x2233d20 | out: RegHandle=0x2233d20) returned 0x0
[0122.646] EtwEventSetInformation (RegHandle=0x80a748, InformationClass=0x2c, EventInformation=0x2, InformationLength=0x2233cb4) returned 0x0
[0122.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", nBufferLength=0x105, lpBuffer=0x19e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", lpFilePart=0x0) returned 0x69
[0122.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19eb04) returned 1
[0122.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19eb80 | out: lpFileInformation=0x19eb80*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0122.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19eb00) returned 1
[0123.656] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x11400, lpName=0x0) returned 0x2cc
[0123.657] memcpy (in: _Dst=0x4950000, _Src=0x2236478, _Size=0x11400 | out: _Dst=0x4950000) returned 0x4950000
[0123.659] CloseHandle (hObject=0x2cc) returned 1
[0172.848] GdipLoadImageFromStream (stream=0x590030, image=0x19e9d0) returned 0x0
[0173.203] GdipImageForceValidation (image=0x5a8f5e8) returned 0x0
[0173.225] GdipGetImageType (image=0x5a8f5e8, type=0x19e9cc) returned 0x0
[0173.225] GdipGetImageRawFormat (image=0x5a8f5e8, format=0x19e94c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0))) returned 0x0
[0173.265] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef30) returned 0x0
[0173.265] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef30) returned 0x0
[0173.411] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.411] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.411] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=0, color=0x19ef20) returned 0x0
[0173.428] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.428] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.428] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=1, color=0x19ef20) returned 0x0
[0173.428] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.428] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.428] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=2, color=0x19ef20) returned 0x0
[0173.429] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.429] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.429] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=3, color=0x19ef20) returned 0x0
[0173.429] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.429] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.429] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=4, color=0x19ef20) returned 0x0
[0173.429] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.429] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.429] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=5, color=0x19ef20) returned 0x0
[0173.429] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.429] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.429] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=6, color=0x19ef20) returned 0x0
[0173.429] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.429] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.429] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=7, color=0x19ef20) returned 0x0
[0173.429] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.429] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.430] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=8, color=0x19ef20) returned 0x0
[0173.430] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.430] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.430] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=9, color=0x19ef20) returned 0x0
[0173.430] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.432] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.432] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=10, color=0x19ef20) returned 0x0
[0173.432] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.432] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.432] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=11, color=0x19ef20) returned 0x0
[0173.432] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.432] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.432] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=12, color=0x19ef20) returned 0x0
[0173.432] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.432] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.432] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=13, color=0x19ef20) returned 0x0
[0173.433] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.433] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.433] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=14, color=0x19ef20) returned 0x0
[0173.433] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.433] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.433] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=15, color=0x19ef20) returned 0x0
[0173.433] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.433] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.433] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=16, color=0x19ef20) returned 0x0
[0173.433] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.433] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.433] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=17, color=0x19ef20) returned 0x0
[0173.433] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.433] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.433] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=18, color=0x19ef20) returned 0x0
[0173.433] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.434] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.434] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=19, color=0x19ef20) returned 0x0
[0173.434] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.434] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.434] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=20, color=0x19ef20) returned 0x0
[0173.434] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.434] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.434] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=21, color=0x19ef20) returned 0x0
[0173.434] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.434] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.434] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=22, color=0x19ef20) returned 0x0
[0173.434] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.434] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.434] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=23, color=0x19ef20) returned 0x0
[0173.434] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.434] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.434] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=24, color=0x19ef20) returned 0x0
[0173.435] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.435] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.435] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=25, color=0x19ef20) returned 0x0
[0173.435] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.435] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.435] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=26, color=0x19ef20) returned 0x0
[0173.435] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.435] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.435] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=27, color=0x19ef20) returned 0x0
[0173.435] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.435] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.435] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=28, color=0x19ef20) returned 0x0
[0173.435] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.435] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.435] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=29, color=0x19ef20) returned 0x0
[0173.435] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.435] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.436] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=30, color=0x19ef20) returned 0x0
[0173.436] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.436] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.436] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=31, color=0x19ef20) returned 0x0
[0173.436] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.436] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.436] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=32, color=0x19ef20) returned 0x0
[0173.436] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.436] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.436] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=33, color=0x19ef20) returned 0x0
[0173.436] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.436] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.436] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=34, color=0x19ef20) returned 0x0
[0173.436] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.437] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.437] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=35, color=0x19ef20) returned 0x0
[0173.437] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.437] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.437] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=36, color=0x19ef20) returned 0x0
[0173.437] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.437] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.437] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=37, color=0x19ef20) returned 0x0
[0173.437] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.437] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.437] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=38, color=0x19ef20) returned 0x0
[0173.437] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.437] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.437] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=39, color=0x19ef20) returned 0x0
[0173.437] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.438] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.438] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=40, color=0x19ef20) returned 0x0
[0173.438] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.438] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.438] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=41, color=0x19ef20) returned 0x0
[0173.438] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.438] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.438] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=42, color=0x19ef20) returned 0x0
[0173.438] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.438] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.438] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=43, color=0x19ef20) returned 0x0
[0173.438] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.438] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.438] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=44, color=0x19ef20) returned 0x0
[0173.439] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.439] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.439] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=45, color=0x19ef20) returned 0x0
[0173.439] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.439] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.439] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=46, color=0x19ef20) returned 0x0
[0173.439] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.439] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.439] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=47, color=0x19ef20) returned 0x0
[0173.439] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.439] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.439] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=48, color=0x19ef20) returned 0x0
[0173.439] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.439] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.439] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=49, color=0x19ef20) returned 0x0
[0173.439] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.439] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.440] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=50, color=0x19ef20) returned 0x0
[0173.440] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.440] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.440] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=51, color=0x19ef20) returned 0x0
[0173.440] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.440] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.440] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=52, color=0x19ef20) returned 0x0
[0173.440] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.440] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.440] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=53, color=0x19ef20) returned 0x0
[0173.440] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.440] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.440] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=54, color=0x19ef20) returned 0x0
[0173.440] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.440] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.440] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=55, color=0x19ef20) returned 0x0
[0173.440] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.441] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.441] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=56, color=0x19ef20) returned 0x0
[0173.441] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.441] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.441] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=57, color=0x19ef20) returned 0x0
[0173.441] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.441] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.441] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=58, color=0x19ef20) returned 0x0
[0173.441] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.441] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.441] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=59, color=0x19ef20) returned 0x0
[0173.441] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.441] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.441] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=60, color=0x19ef20) returned 0x0
[0173.441] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.441] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.442] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=61, color=0x19ef20) returned 0x0
[0173.442] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.442] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.442] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=62, color=0x19ef20) returned 0x0
[0173.442] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.442] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.442] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=63, color=0x19ef20) returned 0x0
[0173.442] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.442] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.442] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=64, color=0x19ef20) returned 0x0
[0173.442] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.442] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.442] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=65, color=0x19ef20) returned 0x0
[0173.442] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.445] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.445] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=66, color=0x19ef20) returned 0x0
[0173.445] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.445] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.445] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=67, color=0x19ef20) returned 0x0
[0173.446] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.446] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.446] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=68, color=0x19ef20) returned 0x0
[0173.446] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.446] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.446] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=69, color=0x19ef20) returned 0x0
[0173.446] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.446] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.446] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=70, color=0x19ef20) returned 0x0
[0173.446] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.446] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.446] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=71, color=0x19ef20) returned 0x0
[0173.446] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.446] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.446] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=72, color=0x19ef20) returned 0x0
[0173.447] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.447] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.447] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=73, color=0x19ef20) returned 0x0
[0173.447] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.447] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.447] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=74, color=0x19ef20) returned 0x0
[0173.447] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.447] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.447] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=75, color=0x19ef20) returned 0x0
[0173.447] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.447] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.447] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=76, color=0x19ef20) returned 0x0
[0173.447] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.447] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.447] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=77, color=0x19ef20) returned 0x0
[0173.447] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.447] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.448] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=78, color=0x19ef20) returned 0x0
[0173.448] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.448] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.448] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=79, color=0x19ef20) returned 0x0
[0173.448] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.448] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.448] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=80, color=0x19ef20) returned 0x0
[0173.448] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.448] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.448] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=81, color=0x19ef20) returned 0x0
[0173.448] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.448] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.448] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=82, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=83, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=84, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=85, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=86, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=87, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=88, color=0x19ef20) returned 0x0
[0173.449] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.449] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.449] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=89, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.450] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.450] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=90, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.450] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.450] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=91, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.450] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.450] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=92, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.450] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.450] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=93, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.450] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.450] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=94, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.450] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.450] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=95, color=0x19ef20) returned 0x0
[0173.450] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=96, color=0x19ef20) returned 0x0
[0173.451] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=97, color=0x19ef20) returned 0x0
[0173.451] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=98, color=0x19ef20) returned 0x0
[0173.451] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=99, color=0x19ef20) returned 0x0
[0173.451] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=100, color=0x19ef20) returned 0x0
[0173.451] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=101, color=0x19ef20) returned 0x0
[0173.451] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.451] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.451] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=102, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.452] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.452] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=103, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.452] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.452] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=104, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.452] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.452] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=105, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.452] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.452] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=106, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.452] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.452] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=107, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.452] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.452] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=108, color=0x19ef20) returned 0x0
[0173.452] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=109, color=0x19ef20) returned 0x0
[0173.453] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=110, color=0x19ef20) returned 0x0
[0173.453] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=111, color=0x19ef20) returned 0x0
[0173.453] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=112, color=0x19ef20) returned 0x0
[0173.453] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=113, color=0x19ef20) returned 0x0
[0173.453] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=114, color=0x19ef20) returned 0x0
[0173.453] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.453] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.453] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=115, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=116, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=117, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=118, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=119, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=120, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=121, color=0x19ef20) returned 0x0
[0173.454] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.454] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.454] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=122, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=123, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=124, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=125, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=126, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=127, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=128, color=0x19ef20) returned 0x0
[0173.455] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.455] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.455] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=129, color=0x19ef20) returned 0x0
[0173.456] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.456] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.456] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=130, color=0x19ef20) returned 0x0
[0173.456] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.456] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.456] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=131, color=0x19ef20) returned 0x0
[0173.456] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.456] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.456] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=132, color=0x19ef20) returned 0x0
[0173.456] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.456] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.456] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=133, color=0x19ef20) returned 0x0
[0173.456] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.456] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.456] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=134, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.457] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=135, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.457] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=136, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.457] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=137, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.457] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=138, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.457] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=139, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.457] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=140, color=0x19ef20) returned 0x0
[0173.457] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.457] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.458] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=141, color=0x19ef20) returned 0x0
[0173.458] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.458] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.458] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=142, color=0x19ef20) returned 0x0
[0173.458] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.458] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.458] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=143, color=0x19ef20) returned 0x0
[0173.458] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.458] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.458] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=144, color=0x19ef20) returned 0x0
[0173.458] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.458] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.458] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=145, color=0x19ef20) returned 0x0
[0173.458] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.458] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.458] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=146, color=0x19ef20) returned 0x0
[0173.458] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.459] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.459] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=147, color=0x19ef20) returned 0x0
[0173.459] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.459] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.459] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=148, color=0x19ef20) returned 0x0
[0173.459] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.459] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.459] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=149, color=0x19ef20) returned 0x0
[0173.459] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.459] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.459] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=150, color=0x19ef20) returned 0x0
[0173.459] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.459] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.459] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=151, color=0x19ef20) returned 0x0
[0173.459] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.459] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.459] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=152, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.460] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.460] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=153, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.460] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.460] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=154, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.460] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.460] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=155, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.460] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.460] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=156, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.460] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.460] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=157, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.460] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.460] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=158, color=0x19ef20) returned 0x0
[0173.460] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.461] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.461] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=159, color=0x19ef20) returned 0x0
[0173.461] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.461] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.461] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=160, color=0x19ef20) returned 0x0
[0173.461] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.461] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.461] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=161, color=0x19ef20) returned 0x0
[0173.461] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.461] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.461] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=162, color=0x19ef20) returned 0x0
[0173.461] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.461] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.461] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=163, color=0x19ef20) returned 0x0
[0173.461] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.461] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.461] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=164, color=0x19ef20) returned 0x0
[0173.461] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.462] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=165, color=0x19ef20) returned 0x0
[0173.462] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.462] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=166, color=0x19ef20) returned 0x0
[0173.462] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.462] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=167, color=0x19ef20) returned 0x0
[0173.462] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.462] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=168, color=0x19ef20) returned 0x0
[0173.462] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.462] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=169, color=0x19ef20) returned 0x0
[0173.462] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.462] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=170, color=0x19ef20) returned 0x0
[0173.462] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.462] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=171, color=0x19ef20) returned 0x0
[0173.463] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.463] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=172, color=0x19ef20) returned 0x0
[0173.463] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.463] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=173, color=0x19ef20) returned 0x0
[0173.463] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.463] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=174, color=0x19ef20) returned 0x0
[0173.463] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.463] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=175, color=0x19ef20) returned 0x0
[0173.463] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.463] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=176, color=0x19ef20) returned 0x0
[0173.463] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.463] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.463] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=177, color=0x19ef20) returned 0x0
[0173.464] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.464] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.464] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=178, color=0x19ef20) returned 0x0
[0173.464] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.464] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.464] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=179, color=0x19ef20) returned 0x0
[0173.464] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.464] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.464] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=180, color=0x19ef20) returned 0x0
[0173.464] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.464] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.464] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=181, color=0x19ef20) returned 0x0
[0173.464] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.464] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.464] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=182, color=0x19ef20) returned 0x0
[0173.464] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.464] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.464] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=183, color=0x19ef20) returned 0x0
[0173.465] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.465] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.465] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=184, color=0x19ef20) returned 0x0
[0173.465] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.465] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.465] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=185, color=0x19ef20) returned 0x0
[0173.465] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.465] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.465] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=186, color=0x19ef20) returned 0x0
[0173.465] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.465] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.465] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=187, color=0x19ef20) returned 0x0
[0173.465] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.465] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.465] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=188, color=0x19ef20) returned 0x0
[0173.465] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.465] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.465] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=189, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.466] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=190, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.466] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=191, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.466] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=192, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.466] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=193, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.466] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=194, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.466] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=195, color=0x19ef20) returned 0x0
[0173.466] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.466] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=196, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.467] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=197, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.467] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=198, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.467] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=199, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.467] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=200, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.467] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=201, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.467] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.467] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=202, color=0x19ef20) returned 0x0
[0173.467] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.468] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.468] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=203, color=0x19ef20) returned 0x0
[0173.468] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.468] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.468] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=204, color=0x19ef20) returned 0x0
[0173.468] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.468] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.468] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=205, color=0x19ef20) returned 0x0
[0173.468] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.468] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.468] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=206, color=0x19ef20) returned 0x0
[0173.468] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.468] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.468] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=207, color=0x19ef20) returned 0x0
[0173.468] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.469] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.469] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=208, color=0x19ef20) returned 0x0
[0173.469] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.469] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.469] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=209, color=0x19ef20) returned 0x0
[0173.469] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.469] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.469] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=210, color=0x19ef20) returned 0x0
[0173.469] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.469] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.469] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=211, color=0x19ef20) returned 0x0
[0173.469] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.470] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.470] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=212, color=0x19ef20) returned 0x0
[0173.470] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.470] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.470] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=213, color=0x19ef20) returned 0x0
[0173.470] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.470] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.470] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=214, color=0x19ef20) returned 0x0
[0173.470] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.470] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.470] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=215, color=0x19ef20) returned 0x0
[0173.470] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.470] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.470] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=216, color=0x19ef20) returned 0x0
[0173.470] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.470] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.470] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=217, color=0x19ef20) returned 0x0
[0173.470] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.471] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.471] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=218, color=0x19ef20) returned 0x0
[0173.471] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.471] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.471] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=219, color=0x19ef20) returned 0x0
[0173.471] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.471] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.471] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=220, color=0x19ef20) returned 0x0
[0173.471] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.471] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.471] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=221, color=0x19ef20) returned 0x0
[0173.471] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.471] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.471] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=222, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.472] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.472] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=223, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.472] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.472] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=224, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.472] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.472] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=225, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.472] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.472] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=226, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.472] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.472] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=227, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.472] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.472] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=228, color=0x19ef20) returned 0x0
[0173.472] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=229, color=0x19ef20) returned 0x0
[0173.473] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=230, color=0x19ef20) returned 0x0
[0173.473] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=231, color=0x19ef20) returned 0x0
[0173.473] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=232, color=0x19ef20) returned 0x0
[0173.473] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=233, color=0x19ef20) returned 0x0
[0173.473] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=234, color=0x19ef20) returned 0x0
[0173.473] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.473] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.473] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=235, color=0x19ef20) returned 0x0
[0173.474] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.474] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.474] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=236, color=0x19ef20) returned 0x0
[0173.474] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.474] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.474] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=237, color=0x19ef20) returned 0x0
[0173.474] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.474] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.474] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=238, color=0x19ef20) returned 0x0
[0173.474] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.474] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.474] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=239, color=0x19ef20) returned 0x0
[0173.474] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.474] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.474] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=240, color=0x19ef20) returned 0x0
[0173.474] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.474] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.474] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=241, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.475] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.475] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=242, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.475] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.475] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=243, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.475] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.475] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=244, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.475] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.475] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=245, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.475] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.475] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=246, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.475] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.475] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=247, color=0x19ef20) returned 0x0
[0173.475] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.476] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.476] GdipBitmapGetPixel (bitmap=0x5a8f5e8, x=0, y=248, color=0x19ef20) returned 0x0
[0173.476] GdipGetImageWidth (image=0x5a8f5e8, width=0x19ef10) returned 0x0
[0173.476] GdipGetImageHeight (image=0x5a8f5e8, height=0x19ef10) returned 0x0
[0173.791] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x77600, lpName=0x0) returned 0x304
[0173.792] memcpy (in: _Dst=0x7bb0000, _Src=0x346d9f0, _Size=0x77600 | out: _Dst=0x7bb0000) returned 0x7bb0000
[0173.797] CloseHandle (hObject=0x304) returned 1
[0174.431] CoTaskMemAlloc (cb=0xd) returned 0x853440
[0174.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x228276c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.432] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.433] CoTaskMemFree (pv=0x853440)
[0174.443] CoTaskMemAlloc (cb=0x11) returned 0x805520
[0174.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResumeThread", cchWideChar=12, lpMultiByteStr=0x2282aa8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResumeThread", lpUsedDefaultChar=0x0) returned 12
[0174.444] GetProcAddress (hModule=0x76410000, lpProcName="ResumeThread") returned 0x7642a800
[0174.444] CoTaskMemFree (pv=0x805520)
[0174.464] CoTaskMemAlloc (cb=0xd) returned 0x853530
[0174.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x228322c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.464] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.465] CoTaskMemFree (pv=0x853530)
[0174.465] CoTaskMemAlloc (cb=0x1a) returned 0x843390
[0174.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64SetThreadContext", cchWideChar=21, lpMultiByteStr=0x2283264, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64SetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0174.465] GetProcAddress (hModule=0x76410000, lpProcName="Wow64SetThreadContext") returned 0x76453e60
[0174.465] CoTaskMemFree (pv=0x843390)
[0174.473] CoTaskMemAlloc (cb=0xd) returned 0x8534d0
[0174.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2283330, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.473] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.473] CoTaskMemFree (pv=0x8534d0)
[0174.473] CoTaskMemAlloc (cb=0x15) returned 0x7d44e0
[0174.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetThreadContext", cchWideChar=16, lpMultiByteStr=0x2283368, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0174.474] GetProcAddress (hModule=0x76410000, lpProcName="SetThreadContext") returned 0x76452490
[0174.474] CoTaskMemFree (pv=0x7d44e0)
[0174.476] CoTaskMemAlloc (cb=0xd) returned 0x853608
[0174.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2283430, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.476] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.477] CoTaskMemFree (pv=0x853608)
[0174.477] CoTaskMemAlloc (cb=0x1a) returned 0x843390
[0174.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wow64GetThreadContext", cchWideChar=21, lpMultiByteStr=0x2283468, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wow64GetThreadContext", lpUsedDefaultChar=0x0) returned 21
[0174.477] GetProcAddress (hModule=0x76410000, lpProcName="Wow64GetThreadContext") returned 0x76453e30
[0174.477] CoTaskMemFree (pv=0x843390)
[0174.479] CoTaskMemAlloc (cb=0xd) returned 0x853728
[0174.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2283534, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.479] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.479] CoTaskMemFree (pv=0x853728)
[0174.479] CoTaskMemAlloc (cb=0x15) returned 0x7caac8
[0174.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetThreadContext", cchWideChar=16, lpMultiByteStr=0x228356c, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetThreadContext", lpUsedDefaultChar=0x0) returned 16
[0174.480] GetProcAddress (hModule=0x76410000, lpProcName="GetThreadContext") returned 0x7642ec60
[0174.480] CoTaskMemFree (pv=0x7caac8)
[0174.482] CoTaskMemAlloc (cb=0xd) returned 0x853608
[0174.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2283628, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.482] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.482] CoTaskMemFree (pv=0x853608)
[0174.482] CoTaskMemAlloc (cb=0x13) returned 0x7d44e0
[0174.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VirtualAllocEx", cchWideChar=14, lpMultiByteStr=0x2283660, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VirtualAllocEx", lpUsedDefaultChar=0x0) returned 14
[0174.482] GetProcAddress (hModule=0x76410000, lpProcName="VirtualAllocEx") returned 0x76452730
[0174.482] CoTaskMemFree (pv=0x7d44e0)
[0174.487] CoTaskMemAlloc (cb=0xd) returned 0x853578
[0174.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x228371c, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.487] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.488] CoTaskMemFree (pv=0x853578)
[0174.488] CoTaskMemAlloc (cb=0x17) returned 0x805520
[0174.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WriteProcessMemory", cchWideChar=18, lpMultiByteStr=0x2283754, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WriteProcessMemory", lpUsedDefaultChar=0x0) returned 18
[0174.488] GetProcAddress (hModule=0x76410000, lpProcName="WriteProcessMemory") returned 0x76452850
[0174.488] CoTaskMemFree (pv=0x805520)
[0174.493] CoTaskMemAlloc (cb=0xd) returned 0x853668
[0174.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2283818, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.494] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.494] CoTaskMemFree (pv=0x853668)
[0174.494] CoTaskMemAlloc (cb=0x16) returned 0x7caac8
[0174.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ReadProcessMemory", cchWideChar=17, lpMultiByteStr=0x2283850, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ReadProcessMemory", lpUsedDefaultChar=0x0) returned 17
[0174.494] GetProcAddress (hModule=0x76410000, lpProcName="ReadProcessMemory") returned 0x76451c80
[0174.494] CoTaskMemFree (pv=0x7caac8)
[0174.499] CoTaskMemAlloc (cb=0xa) returned 0x853530
[0174.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntdll", cchWideChar=5, lpMultiByteStr=0x2283910, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntdll", lpUsedDefaultChar=0x0) returned 5
[0174.499] LoadLibraryA (lpLibFileName="ntdll") returned 0x77460000
[0174.500] CoTaskMemFree (pv=0x853530)
[0174.500] CoTaskMemAlloc (cb=0x19) returned 0x843390
[0174.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ZwUnmapViewOfSection", cchWideChar=20, lpMultiByteStr=0x228393c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ZwUnmapViewOfSection", lpUsedDefaultChar=0x0) returned 20
[0174.500] GetProcAddress (hModule=0x77460000, lpProcName="ZwUnmapViewOfSection") returned 0x774d6f40
[0174.500] CoTaskMemFree (pv=0x843390)
[0174.507] CoTaskMemAlloc (cb=0xd) returned 0x853728
[0174.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="kernel32", cchWideChar=8, lpMultiByteStr=0x2283a04, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="kernel32", lpUsedDefaultChar=0x0) returned 8
[0174.507] LoadLibraryA (lpLibFileName="kernel32") returned 0x76410000
[0174.508] CoTaskMemFree (pv=0x853728)
[0174.508] CoTaskMemAlloc (cb=0x13) returned 0x805520
[0174.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateProcessA", cchWideChar=14, lpMultiByteStr=0x2283a3c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateProcessA", lpUsedDefaultChar=0x0) returned 14
[0174.508] GetProcAddress (hModule=0x76410000, lpProcName="CreateProcessA") returned 0x76450750
[0174.508] CoTaskMemFree (pv=0x805520)
[0174.557] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", nBufferLength=0x105, lpBuffer=0x19e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", lpFilePart=0x0) returned 0x62
[0182.461] CoTaskMemAlloc (cb=0x20c) returned 0x84e160
[0182.461] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x84e160 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0
[0182.478] CoTaskMemFree (pv=0x84e160)
[0182.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x19e580, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25
[0182.533] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e604, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0182.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19ea64) returned 1
[0182.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\gflnsnnh.exe"), fInfoLevelId=0x0, lpFileInformation=0x19eae0 | out: lpFileInformation=0x19eae0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0182.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19ea60) returned 1
[0182.547] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0182.585] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0182.588] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e508, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0182.595] SetNamedSecurityInfoW () returned 0x2
[0183.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", nBufferLength=0x105, lpBuffer=0x19e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", lpFilePart=0x0) returned 0x62
[0183.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e5bc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0183.013] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\gflnsnnh.exe"), bFailIfExists=1) returned 1
[0184.208] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e584, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0184.245] GetUserNameW (in: lpBuffer=0x19e820, pcbBuffer=0x19ea98 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x19ea98) returned 1
[0184.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e4f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0184.260] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", dwFileAttributes=0x2007) returned 1
[0184.293] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.297] CoTaskMemAlloc (cb=0x8) returned 0x87d1d0
[0184.297] CoTaskMemAlloc (cb=0x1a) returned 0x87e150
[0184.298] LsaLookupNames2 (in: PolicyHandle=0x859bd8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.305] CoTaskMemFree (pv=0x87e150)
[0184.305] CoTaskMemFree (pv=0x87d1d0)
[0184.339] LsaClose (ObjectHandle=0x859bd8) returned 0x0
[0184.340] LsaFreeMemory (Buffer=0x821448) returned 0x0
[0184.340] LsaFreeMemory (Buffer=0x856860) returned 0x0
[0184.340] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.341] CoTaskMemAlloc (cb=0x8) returned 0x87d200
[0184.341] CoTaskMemAlloc (cb=0x1a) returned 0x87e128
[0184.341] LsaLookupNames2 (in: PolicyHandle=0x859a98, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.342] CoTaskMemFree (pv=0x87e128)
[0184.342] CoTaskMemFree (pv=0x87d200)
[0184.342] LsaClose (ObjectHandle=0x859a98) returned 0x0
[0184.342] LsaFreeMemory (Buffer=0x821448) returned 0x0
[0184.343] LsaFreeMemory (Buffer=0x856bd0) returned 0x0
[0184.345] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.345] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.345] CoTaskMemAlloc (cb=0x1a) returned 0x87e290
[0184.345] LsaLookupNames2 (in: PolicyHandle=0x859a58, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.346] CoTaskMemFree (pv=0x87e290)
[0184.346] CoTaskMemFree (pv=0x87d1e0)
[0184.346] LsaClose (ObjectHandle=0x859a58) returned 0x0
[0184.347] LsaFreeMemory (Buffer=0x821a60) returned 0x0
[0184.347] LsaFreeMemory (Buffer=0x856758) returned 0x0
[0184.347] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.347] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.347] CoTaskMemAlloc (cb=0x1a) returned 0x87e100
[0184.347] LsaLookupNames2 (in: PolicyHandle=0x859bf8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.348] CoTaskMemFree (pv=0x87e100)
[0184.348] CoTaskMemFree (pv=0x87d1e0)
[0184.348] LsaClose (ObjectHandle=0x859bf8) returned 0x0
[0184.349] LsaFreeMemory (Buffer=0x821448) returned 0x0
[0184.349] LsaFreeMemory (Buffer=0x856758) returned 0x0
[0184.350] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.350] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.351] CoTaskMemAlloc (cb=0x1a) returned 0x87e218
[0184.351] LsaLookupNames2 (in: PolicyHandle=0x859b98, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.351] CoTaskMemFree (pv=0x87e218)
[0184.351] CoTaskMemFree (pv=0x87d1e0)
[0184.352] LsaClose (ObjectHandle=0x859b98) returned 0x0
[0184.352] LsaFreeMemory (Buffer=0x821448) returned 0x0
[0184.352] LsaFreeMemory (Buffer=0x856808) returned 0x0
[0184.352] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.352] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.352] CoTaskMemAlloc (cb=0x1a) returned 0x87e038
[0184.353] LsaLookupNames2 (in: PolicyHandle=0x859bb8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.354] CoTaskMemFree (pv=0x87e038)
[0184.354] CoTaskMemFree (pv=0x87d1e0)
[0184.354] LsaClose (ObjectHandle=0x859bb8) returned 0x0
[0184.355] LsaFreeMemory (Buffer=0x821580) returned 0x0
[0184.355] LsaFreeMemory (Buffer=0x856758) returned 0x0
[0184.355] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.356] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.356] CoTaskMemAlloc (cb=0x1a) returned 0x87e100
[0184.356] LsaLookupNames2 (in: PolicyHandle=0x859958, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.357] CoTaskMemFree (pv=0x87e100)
[0184.357] CoTaskMemFree (pv=0x87d1e0)
[0184.357] LsaClose (ObjectHandle=0x859958) returned 0x0
[0184.357] LsaFreeMemory (Buffer=0x821a60) returned 0x0
[0184.357] LsaFreeMemory (Buffer=0x856808) returned 0x0
[0184.357] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.358] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.358] CoTaskMemAlloc (cb=0x1a) returned 0x87e290
[0184.358] LsaLookupNames2 (in: PolicyHandle=0x859b78, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.359] CoTaskMemFree (pv=0x87e290)
[0184.359] CoTaskMemFree (pv=0x87d1e0)
[0184.359] LsaClose (ObjectHandle=0x859b78) returned 0x0
[0184.359] LsaFreeMemory (Buffer=0x821720) returned 0x0
[0184.359] LsaFreeMemory (Buffer=0x856910) returned 0x0
[0184.359] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e8a8, DesiredAccess=0x800, PolicyHandle=0x19e868 | out: PolicyHandle=0x19e868) returned 0x0
[0184.360] CoTaskMemAlloc (cb=0x8) returned 0x87d1e0
[0184.360] CoTaskMemAlloc (cb=0x1a) returned 0x87e0d8
[0184.360] LsaLookupNames2 (in: PolicyHandle=0x8598d8, Flags=0x0, Count=0x1, Names="RDhJ0CNFevzX", ReferencedDomains=0x19e87c, Sids=0x19e870 | out: ReferencedDomains=0x19e87c, Sids=0x19e870) returned 0x0
[0184.361] CoTaskMemFree (pv=0x87e0d8)
[0184.361] CoTaskMemFree (pv=0x87d1e0)
[0184.361] LsaClose (ObjectHandle=0x8598d8) returned 0x0
[0184.361] LsaFreeMemory (Buffer=0x821a60) returned 0x0
[0184.361] LsaFreeMemory (Buffer=0x856808) returned 0x0
[0184.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e588, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0184.362] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", nBufferLength=0x105, lpBuffer=0x19e4cc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe", lpFilePart=0x0) returned 0x32
[0184.362] SetNamedSecurityInfoW () returned 0x0
[0184.453] GetCurrentProcess () returned 0xffffffff
[0184.453] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e994 | out: TokenHandle=0x19e994*=0x3bc) returned 1
[0184.468] GetTokenInformation (in: TokenHandle=0x3bc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19e98c | out: TokenInformation=0x0, ReturnLength=0x19e98c) returned 0
[0184.469] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x87d400
[0184.469] GetTokenInformation (in: TokenHandle=0x3bc, TokenInformationClass=0x8, TokenInformation=0x87d400, TokenInformationLength=0x4, ReturnLength=0x19e98c | out: TokenInformation=0x87d400, ReturnLength=0x19e98c) returned 1
[0184.469] LocalFree (hMem=0x87d400) returned 0x0
[0184.469] DuplicateTokenEx (in: hExistingToken=0x3bc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x19e994 | out: phNewToken=0x19e994*=0x3c0) returned 1
[0184.470] CheckTokenMembership (in: TokenHandle=0x3c0, SidToCheck=0x22964b8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x19e9a4 | out: IsMember=0x19e9a4) returned 1
[0184.470] CloseHandle (hObject=0x3c0) returned 1
[0184.749] LocalAlloc (uFlags=0x0, uBytes=0x16) returned 0x859b78
[0184.749] LocalAlloc (uFlags=0x0, uBytes=0xaa) returned 0x7aa1c50
[0184.750] ShellExecuteExW (in: pExecInfo=0x229d5c4*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x229d5c4*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="powershell", lpParameters="Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4fc)) returned 1
[0188.017] LocalFree (hMem=0x859b78) returned 0x0
[0188.017] LocalFree (hMem=0x7aa1c50) returned 0x0
[0188.021] GetCurrentProcess () returned 0xffffffff
[0188.021] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19ea00 | out: TokenHandle=0x19ea00*=0x3c8) returned 1
[0188.026] GetCurrentProcess () returned 0xffffffff
[0188.026] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e9d0 | out: TokenHandle=0x19e9d0*=0x480) returned 1
[0188.028] GetTokenInformation (in: TokenHandle=0x3c8, TokenInformationClass=0x1, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x19ea04 | out: TokenInformation=0x0, ReturnLength=0x19ea04) returned 0
[0188.028] LocalAlloc (uFlags=0x0, uBytes=0x24) returned 0x7ad72a0
[0188.028] GetTokenInformation (in: TokenHandle=0x3c8, TokenInformationClass=0x1, TokenInformation=0x7ad72a0, TokenInformationLength=0x24, ReturnLength=0x19ea04 | out: TokenInformation=0x7ad72a0, ReturnLength=0x19ea04) returned 1
[0188.029] LocalFree (hMem=0x7ad72a0) returned 0x0
[0188.030] LsaOpenPolicy (in: SystemName=0x0, ObjectAttributes=0x19e924, DesiredAccess=0x800, PolicyHandle=0x19e8e4 | out: PolicyHandle=0x19e8e4) returned 0x0
[0188.031] LsaLookupSids (in: PolicyHandle=0x7ad0f90, Count=0x1, Sids=0x229d8b4*=0x229d858*(Revision=0x1, SubAuthorityCount=0x5, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x15, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x65)), ReferencedDomains=0x19e900, Names=0x19e8f4 | out: ReferencedDomains=0x19e900, Names=0x19e8f4) returned 0x0
[0188.033] LsaClose (ObjectHandle=0x7ad0f90) returned 0x0
[0188.033] LsaFreeMemory (Buffer=0x7ac1330) returned 0x0
[0188.033] LsaFreeMemory (Buffer=0x7acf5b0) returned 0x0
[0188.034] CoTaskMemAlloc (cb=0x20c) returned 0x7ab98b0
[0188.034] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x7ab98b0 | out: lpBuffer="C:\\Users\\RDHJ0C~1\\AppData\\Local\\Temp\\") returned 0x25
[0188.034] CoTaskMemFree (pv=0x7ab98b0)
[0188.035] GetLongPathNameW (in: lpszShortPath="C:\\Users\\RDHJ0C~1\\", lpszLongPath=0x19e540, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\RDhJ0CNFevzX\\") returned 0x16
[0188.036] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e554, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0188.036] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x19e4dc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x29
[0188.036] CoTaskMemAlloc (cb=0x20c) returned 0x7ab98b0
[0188.036] GetTempFileNameW (in: lpPathName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\", lpPrefixString="tmp", uUnique=0x0, lpTempFileName=0x7ab98b0 | out: lpTempFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa573.tmp")) returned 0xa573
[0188.038] CoTaskMemFree (pv=0x7ab98b0)
[0188.144] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", nBufferLength=0x105, lpBuffer=0x19e3f8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", lpFilePart=0x0) returned 0x34
[0188.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e8ec) returned 1
[0188.145] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa573.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x430
[0188.145] GetFileType (hFile=0x430) returned 0x1
[0188.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e8e8) returned 1
[0188.145] GetFileType (hFile=0x430) returned 0x1
[0188.147] WriteFile (in: hFile=0x430, lpBuffer=0x22a1fa8*, nNumberOfBytesToWrite=0x63c, lpNumberOfBytesWritten=0x19e984, lpOverlapped=0x0 | out: lpBuffer=0x22a1fa8*, lpNumberOfBytesWritten=0x19e984*=0x63c, lpOverlapped=0x0) returned 1
[0188.148] CloseHandle (hObject=0x430) returned 1
[0188.162] LocalAlloc (uFlags=0x0, uBytes=0x1a) returned 0x84dea8
[0188.162] LocalAlloc (uFlags=0x0, uBytes=0xb6) returned 0x7abe000
[0188.162] ShellExecuteExW (in: pExecInfo=0x22a384c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\gfLnSNNH\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x22a384c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="schtasks.exe", lpParameters="/Create /TN \"Updates\\gfLnSNNH\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp\"", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4e8)) returned 1
[0192.085] LocalFree (hMem=0x84dea8) returned 0x0
[0192.086] LocalFree (hMem=0x7abe000) returned 0x0
[0193.851] GetCurrentProcess () returned 0xffffffff
[0193.851] GetCurrentProcess () returned 0xffffffff
[0193.852] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4e8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x19e9e8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x19e9e8*=0x3c0) returned 1
[0193.853] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19e9e0*=0x3c0, lpdwindex=0x19e7fc | out: lpdwindex=0x19e7fc) returned 0x0
[0199.001] CloseHandle (hObject=0x3c0) returned 1
[0199.001] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", nBufferLength=0x105, lpBuffer=0x19e568, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", lpFilePart=0x0) returned 0x34
[0199.002] DeleteFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa573.tmp")) returned 1
[0199.695] CreateFileMappingW (hFile=0xffffffff, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x36200, lpName=0x0) returned 0x3bc
[0199.695] memcpy (in: _Dst=0x7d50000, _Src=0x330fee0, _Size=0x36200 | out: _Dst=0x7d50000) returned 0x7d50000
[0199.698] CloseHandle (hObject=0x3bc) returned 1
[0199.864] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", nBufferLength=0x105, lpBuffer=0x19e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", lpFilePart=0x0) returned 0x62
[0199.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19df60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0199.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", cchWideChar=98, lpMultiByteStr=0x19e740, cbMultiByte=100, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exeÔ\x07;§\x96( «9k\x1cï\x19", lpUsedDefaultChar=0x0) returned 98
[0199.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="", cchWideChar=0, lpMultiByteStr=0x19e73c, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\x04\x82Ô\x07C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", lpUsedDefaultChar=0x0) returned 0
[0199.988] CreateProcessA (in: lpApplicationName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe", lpCommandLine="", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x8000004, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x19e800*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x19eab0 | out: lpCommandLine="", lpProcessInformation=0x19eab0*(hProcess=0x480, hThread=0x3bc, dwProcessId=0x11a8, dwThreadId=0x11b4)) returned 1
[0200.014] CoTaskMemFree (pv=0x0)
[0200.024] GetThreadContext (in: hThread=0x3bc, lpContext=0x229252c | out: lpContext=0x229252c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x34a000, Edx=0x0, Ecx=0x0, Eax=0x49ac7a, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0200.060] ReadProcessMemory (in: hProcess=0x480, lpBaseAddress=0x34a008, lpBuffer=0x19eaa0, nSize=0x4, lpNumberOfBytesRead=0x19eae4 | out: lpBuffer=0x19eaa0*, lpNumberOfBytesRead=0x19eae4*=0x4) returned 1
[0200.060] NtUnmapViewOfSection (ProcessHandle=0x480, BaseAddress=0x400000) returned 0x0
[0200.066] VirtualAllocEx (hProcess=0x480, lpAddress=0x400000, dwSize=0x3a000, flAllocationType=0x3000, flProtect=0x40) returned 0x400000
[0200.068] WriteProcessMemory (in: hProcess=0x480, lpBaseAddress=0x400000, lpBuffer=0x337a520*, nSize=0x200, lpNumberOfBytesWritten=0x19eae4 | out: lpBuffer=0x337a520*, lpNumberOfBytesWritten=0x19eae4*=0x200) returned 1
[0200.078] WriteProcessMemory (in: hProcess=0x480, lpBaseAddress=0x402000, lpBuffer=0x33ae940*, nSize=0x33c00, lpNumberOfBytesWritten=0x19eae4 | out: lpBuffer=0x33ae940*, lpNumberOfBytesWritten=0x19eae4*=0x33c00) returned 1
[0200.088] WriteProcessMemory (in: hProcess=0x480, lpBaseAddress=0x436000, lpBuffer=0x22935fc*, nSize=0x400, lpNumberOfBytesWritten=0x19eae4 | out: lpBuffer=0x22935fc*, lpNumberOfBytesWritten=0x19eae4*=0x400) returned 1
[0200.094] WriteProcessMemory (in: hProcess=0x480, lpBaseAddress=0x438000, lpBuffer=0x2293a08*, nSize=0x200, lpNumberOfBytesWritten=0x19eae4 | out: lpBuffer=0x2293a08*, lpNumberOfBytesWritten=0x19eae4*=0x200) returned 1
[0200.177] WriteProcessMemory (in: hProcess=0x480, lpBaseAddress=0x34a008, lpBuffer=0x2293f14*, nSize=0x4, lpNumberOfBytesWritten=0x19eae4 | out: lpBuffer=0x2293f14*, lpNumberOfBytesWritten=0x19eae4*=0x4) returned 1
[0200.276] SetThreadContext (hThread=0x3bc, lpContext=0x229252c*(ContextFlags=0x10002, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, FloatSave.ControlWord=0x0, FloatSave.StatusWord=0x0, FloatSave.TagWord=0x0, FloatSave.ErrorOffset=0x0, FloatSave.ErrorSelector=0x0, FloatSave.DataOffset=0x0, FloatSave.DataSelector=0x0, FloatSave.RegisterArea=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0), FloatSave.Cr0NpxState=0x0, SegGs=0x0, SegFs=0x0, SegEs=0x0, SegDs=0x0, Edi=0x0, Esi=0x0, Ebx=0x34a000, Edx=0x0, Ecx=0x0, Eax=0x435b9e, Ebp=0x0, Eip=0x0, SegCs=0x0, EFlags=0x0, Esp=0x0, SegSs=0x0, ExtendedRegisters=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0, [192]=0x0, [193]=0x0, [194]=0x0, [195]=0x0, [196]=0x0, [197]=0x0, [198]=0x0, [199]=0x0, [200]=0x0, [201]=0x0, [202]=0x0, [203]=0x0, [204]=0x0, [205]=0x0, [206]=0x0, [207]=0x0, [208]=0x0, [209]=0x0, [210]=0x0, [211]=0x0, [212]=0x0, [213]=0x0, [214]=0x0, [215]=0x0, [216]=0x0, [217]=0x0, [218]=0x0, [219]=0x0, [220]=0x0, [221]=0x0, [222]=0x0, [223]=0x0, [224]=0x0, [225]=0x0, [226]=0x0, [227]=0x0, [228]=0x0, [229]=0x0, [230]=0x0, [231]=0x0, [232]=0x0, [233]=0x0, [234]=0x0, [235]=0x0, [236]=0x0, [237]=0x0, [238]=0x0, [239]=0x0, [240]=0x0, [241]=0x0, [242]=0x0, [243]=0x0, [244]=0x0, [245]=0x0, [246]=0x0, [247]=0x0, [248]=0x0, [249]=0x0, [250]=0x0, [251]=0x0, [252]=0x0, [253]=0x0, [254]=0x0, [255]=0x0, [256]=0x0, [257]=0x0, [258]=0x0, [259]=0x0, [260]=0x0, [261]=0x0, [262]=0x0, [263]=0x0, [264]=0x0, [265]=0x0, [266]=0x0, [267]=0x0, [268]=0x0, [269]=0x0, [270]=0x0, [271]=0x0, [272]=0x0, [273]=0x0, [274]=0x0, [275]=0x0, [276]=0x0, [277]=0x0, [278]=0x0, [279]=0x0, [280]=0x0, [281]=0x0, [282]=0x0, [283]=0x0, [284]=0x0, [285]=0x0, [286]=0x0, [287]=0x0, [288]=0x0, [289]=0x0, [290]=0x0, [291]=0x0, [292]=0x0, [293]=0x0, [294]=0x0, [295]=0x0, [296]=0x0, [297]=0x0, [298]=0x0, [299]=0x0, [300]=0x0, [301]=0x0, [302]=0x0, [303]=0x0, [304]=0x0, [305]=0x0, [306]=0x0, [307]=0x0, [308]=0x0, [309]=0x0, [310]=0x0, [311]=0x0, [312]=0x0, [313]=0x0, [314]=0x0, [315]=0x0, [316]=0x0, [317]=0x0, [318]=0x0, [319]=0x0, [320]=0x0, [321]=0x0, [322]=0x0, [323]=0x0, [324]=0x0, [325]=0x0, [326]=0x0, [327]=0x0, [328]=0x0, [329]=0x0, [330]=0x0, [331]=0x0, [332]=0x0, [333]=0x0, [334]=0x0, [335]=0x0, [336]=0x0, [337]=0x0, [338]=0x0, [339]=0x0, [340]=0x0, [341]=0x0, [342]=0x0, [343]=0x0, [344]=0x0, [345]=0x0, [346]=0x0, [347]=0x0, [348]=0x0, [349]=0x0, [350]=0x0, [351]=0x0, [352]=0x0, [353]=0x0, [354]=0x0, [355]=0x0, [356]=0x0, [357]=0x0, [358]=0x0, [359]=0x0, [360]=0x0, [361]=0x0, [362]=0x0, [363]=0x0, [364]=0x0, [365]=0x0, [366]=0x0, [367]=0x0, [368]=0x0, [369]=0x0, [370]=0x0, [371]=0x0, [372]=0x0, [373]=0x0, [374]=0x0, [375]=0x0, [376]=0x0, [377]=0x0, [378]=0x0, [379]=0x0, [380]=0x0, [381]=0x0, [382]=0x0, [383]=0x0, [384]=0x0, [385]=0x0, [386]=0x0, [387]=0x0, [388]=0x0, [389]=0x0, [390]=0x0, [391]=0x0, [392]=0x0, [393]=0x0, [394]=0x0, [395]=0x0, [396]=0x0, [397]=0x0, [398]=0x0, [399]=0x0, [400]=0x0, [401]=0x0, [402]=0x0, [403]=0x0, [404]=0x0, [405]=0x0, [406]=0x0, [407]=0x0, [408]=0x0, [409]=0x0, [410]=0x0, [411]=0x0, [412]=0x0, [413]=0x0, [414]=0x0, [415]=0x0, [416]=0x0, [417]=0x0, [418]=0x0, [419]=0x0, [420]=0x0, [421]=0x0, [422]=0x0, [423]=0x0, [424]=0x0, [425]=0x0, [426]=0x0, [427]=0x0, [428]=0x0, [429]=0x0, [430]=0x0, [431]=0x0, [432]=0x0, [433]=0x0, [434]=0x0, [435]=0x0, [436]=0x0, [437]=0x0, [438]=0x0, [439]=0x0, [440]=0x0, [441]=0x0, [442]=0x0, [443]=0x0, [444]=0x0, [445]=0x0, [446]=0x0, [447]=0x0, [448]=0x0, [449]=0x0, [450]=0x0, [451]=0x0, [452]=0x0, [453]=0x0, [454]=0x0, [455]=0x0, [456]=0x0, [457]=0x0, [458]=0x0, [459]=0x0, [460]=0x0, [461]=0x0, [462]=0x0, [463]=0x0, [464]=0x0, [465]=0x0, [466]=0x0, [467]=0x0, [468]=0x0, [469]=0x0, [470]=0x0, [471]=0x0, [472]=0x0, [473]=0x0, [474]=0x0, [475]=0x0, [476]=0x0, [477]=0x0, [478]=0x0, [479]=0x0, [480]=0x0, [481]=0x0, [482]=0x0, [483]=0x0, [484]=0x0, [485]=0x0, [486]=0x0, [487]=0x0, [488]=0x0, [489]=0x0, [490]=0x0, [491]=0x0, [492]=0x0, [493]=0x0, [494]=0x0, [495]=0x0, [496]=0x0, [497]=0x0, [498]=0x0, [499]=0x0, [500]=0x0, [501]=0x0, [502]=0x0, [503]=0x0, [504]=0x0, [505]=0x0, [506]=0x0, [507]=0x0, [508]=0x0, [509]=0x0, [510]=0x0, [511]=0x0))) returned 1
[0200.277] ResumeThread (hThread=0x3bc) returned 0x1
[0200.314] CoGetContextToken (in: pToken=0x19ee88 | out: pToken=0x19ee88) returned 0x0
[0200.314] CObjectContext::QueryInterface () returned 0x0
[0200.314] CObjectContext::GetCurrentThreadType () returned 0x0
[0200.314] Release () returned 0x3
[0200.315] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0x13880, cHandles=0x1, pHandles=0x7d83a8*=0x14c, lpdwindex=0x19ed2c | out: lpdwindex=0x19ed2c) returned 0x0
Thread:
id = 2
os_tid = 0x13d4
Thread:
id = 3
os_tid = 0x4fc
Thread:
id = 4
os_tid = 0x4d0
[0110.869] CoGetContextToken (in: pToken=0x431fc3c | out: pToken=0x431fc3c) returned 0x800401f0
[0110.870] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0110.870] RoInitialize () returned 0x1
[0110.870] RoUninitialize () returned 0x0
[0199.561] CloseHandle (hObject=0x3c8) returned 1
[0199.561] CloseHandle (hObject=0x4fc) returned 1
[0199.561] CloseHandle (hObject=0x4e8) returned 1
[0199.562] CloseHandle (hObject=0x480) returned 1
[0199.563] CloseHandle (hObject=0x3bc) returned 1
[0200.391] SetWindowLongW (hWnd=0xa01f8, nIndex=-4, dwNewLong=1947273184) returned 77006310
[0200.393] SetClassLongW (hWnd=0xa01f8, nIndex=-24, dwNewLong=1947273184) returned 0x49705be
[0200.393] PostMessageW (hWnd=0xa01f8, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0200.394] GetModuleHandleW (lpModuleName=0x0) returned 0x400000
[0200.395] UnregisterClassW (lpClassName="WindowsForms10.Window.8.app.0.141b42a_r10_ad1", hInstance=0x400000) returned 0
[0200.400] IsWindow (hWnd=0x701ec) returned 1
[0200.403] GetModuleHandleW (lpModuleName="user32.dll") returned 0x755e0000
[0200.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x400, lpWideCharStr="DefWindowProcW", cchWideChar=14, lpMultiByteStr=0x431f9dc, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DefWindowProcW\x83i;§\x96( «9kXü1\x040o\x7f", lpUsedDefaultChar=0x0) returned 14
[0200.404] GetProcAddress (hModule=0x755e0000, lpProcName="DefWindowProcW") returned 0x741107e0
[0200.404] SetWindowLongW (hWnd=0x701ec, nIndex=-4, dwNewLong=1947273184) returned 77006390
[0200.405] SetClassLongW (hWnd=0x701ec, nIndex=-24, dwNewLong=1947273184) returned 0x4970636
[0200.405] IsWindow (hWnd=0x701ec) returned 1
[0200.405] DestroyWindow (hWnd=0x701ec) returned 0
[0200.406] PostMessageW (hWnd=0x701ec, Msg=0x10, wParam=0x0, lParam=0x0) returned 1
[0200.406] SetConsoleCtrlHandler (HandlerRoutine=0x497060e, Add=0) returned 1
[0200.406] EtwEventUnregister (RegHandle=0x80a748) returned 0x0
[0200.424] CloseHandle (hObject=0x264) returned 1
[0200.438] GdipDeleteFont (font=0x5a8b1b8) returned 0x0
[0200.438] GdipDeleteFont (font=0x5a8b190) returned 0x0
[0200.439] GdipDeleteFont (font=0x5a8b168) returned 0x0
[0200.439] GdipDeleteFont (font=0x5a8b140) returned 0x0
[0200.440] GdipDeleteFont (font=0x5a8b118) returned 0x0
[0200.440] GdipDeleteFont (font=0x5a8b0f0) returned 0x0
[0200.442] GdipDisposeImage (image=0x5a8f5e8) returned 0x0
[0200.446] GdipDeleteFont (font=0x46e04c0) returned 0x0
[0200.447] GdipDeleteFont (font=0x5a8b0c8) returned 0x0
[0200.447] GdipDeleteFont (font=0x5a8b1e0) returned 0x0
[0200.448] GdipDeleteFont (font=0x5a8ab38) returned 0x0
[0200.448] DeleteObject (ho=0x870a097e) returned 1
[0200.449] GdipDeleteFont (font=0x5a8b0a0) returned 0x0
[0200.449] DeleteObject (ho=0x230a01bf) returned 1
[0200.449] GdipDeleteFont (font=0x5a8a920) returned 0x0
[0200.450] DeleteObject (ho=0x600a0987) returned 1
[0200.450] GdipDeleteFont (font=0x5a8b078) returned 0x0
[0200.451] DeleteObject (ho=0x2a0a0923) returned 1
[0200.451] DeleteObject (ho=0x390a098c) returned 1
[0200.452] DeleteObject (ho=0xa50a0936) returned 1
[0200.453] DeleteDC (hdc=0xc010682) returned 1
[0200.453] RestoreDC (hdc=0x0, nSavedDC=-1) returned 0
[0200.454] DeleteObject (ho=0x230a0550) returned 1
[0200.454] GdipDeleteFont (font=0x5a8b050) returned 0x0
[0200.455] GdipDeleteFont (font=0x5a8b028) returned 0x0
[0200.455] GdipDeleteFont (font=0x5a8b000) returned 0x0
[0200.462] RegCloseKey (hKey=0x80000004) returned 0x0
Thread:
id = 5
os_tid = 0x3b0
Thread:
id = 6
os_tid = 0x9ac
Thread:
id = 7
os_tid = 0x8ac
Thread:
id = 8
os_tid = 0x4d8
Thread:
id = 9
os_tid = 0xc40
Thread:
id = 10
os_tid = 0x7c0
Thread:
id = 11
os_tid = 0x1214
Thread:
id = 12
os_tid = 0x1384
Thread:
id = 116
os_tid = 0x708
Process:
id = "2"
image_name = "powershell.exe"
filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe"
page_root = "0x56e3b000"
os_pid = "0x1340"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x704"
cmd_line = "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" Add-MpPreference -ExclusionPath \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 643
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 644
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 645
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 646
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 647
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 648
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 649
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 650
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 651
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 652
start_va = 0x1100000
end_va = 0x1170fff
monitored = 0
entry_point = 0x1109c00
region_type = mapped_file
name = "powershell.exe"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")
Region:
id = 653
start_va = 0x1180000
end_va = 0x517ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001180000"
filename = ""
Region:
id = 654
start_va = 0x77460000
end_va = 0x775dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 655
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 656
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 657
start_va = 0x7fff0000
end_va = 0x7df884cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 658
start_va = 0x7df884cc0000
end_va = 0x7ff884cbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df884cc0000"
filename = ""
Region:
id = 659
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 660
start_va = 0x7ff884e81000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff884e81000"
filename = ""
Region:
id = 661
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 662
start_va = 0x5f960000
end_va = 0x5f9affff
monitored = 0
entry_point = 0x5f978180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 663
start_va = 0x5f9b0000
end_va = 0x5fa29fff
monitored = 0
entry_point = 0x5f9c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 664
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 665
start_va = 0x5fa30000
end_va = 0x5fa37fff
monitored = 0
entry_point = 0x5fa317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 666
start_va = 0x590000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 667
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 668
start_va = 0x77270000
end_va = 0x773edfff
monitored = 0
entry_point = 0x77321b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 669
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 670
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 869
start_va = 0x110000
end_va = 0x1cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 870
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 871
start_va = 0x76b70000
end_va = 0x76beafff
monitored = 0
entry_point = 0x76b8e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 872
start_va = 0x76570000
end_va = 0x7662dfff
monitored = 0
entry_point = 0x765a5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 873
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 874
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 875
start_va = 0x758e0000
end_va = 0x75923fff
monitored = 0
entry_point = 0x758f9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 876
start_va = 0x76630000
end_va = 0x766dcfff
monitored = 0
entry_point = 0x76644f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 877
start_va = 0x74190000
end_va = 0x741adfff
monitored = 0
entry_point = 0x7419b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 878
start_va = 0x74180000
end_va = 0x74189fff
monitored = 0
entry_point = 0x74182a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 879
start_va = 0x75880000
end_va = 0x758d7fff
monitored = 0
entry_point = 0x758c25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 880
start_va = 0x767c0000
end_va = 0x768aafff
monitored = 0
entry_point = 0x767fd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 881
start_va = 0x769b0000
end_va = 0x76b6cfff
monitored = 0
entry_point = 0x76a92a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 882
start_va = 0x76d80000
end_va = 0x76ecefff
monitored = 0
entry_point = 0x76e36820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 883
start_va = 0x755e0000
end_va = 0x75726fff
monitored = 0
entry_point = 0x755f1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 884
start_va = 0x76bf0000
end_va = 0x76c81fff
monitored = 0
entry_point = 0x76c28cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 885
start_va = 0x6c7d0000
end_va = 0x6c7e7fff
monitored = 0
entry_point = 0x6c7d4820
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\SysWOW64\\atl.dll" (normalized: "c:\\windows\\syswow64\\atl.dll")
Region:
id = 887
start_va = 0x6c800000
end_va = 0x6c858fff
monitored = 1
entry_point = 0x6c810780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 888
start_va = 0x590000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 889
start_va = 0x6e0000
end_va = 0x7dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006e0000"
filename = ""
Region:
id = 890
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 891
start_va = 0x7e0000
end_va = 0x967fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007e0000"
filename = ""
Region:
id = 892
start_va = 0x764f0000
end_va = 0x7651afff
monitored = 0
entry_point = 0x764f5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 893
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 894
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 895
start_va = 0x1e0000
end_va = 0x1e2fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "powershell.exe.mui"
filename = "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui")
Region:
id = 896
start_va = 0x970000
end_va = 0xaf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000970000"
filename = ""
Region:
id = 897
start_va = 0x5180000
end_va = 0x657ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000005180000"
filename = ""
Region:
id = 902
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 903
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 904
start_va = 0x590000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 905
start_va = 0x6d0000
end_va = 0x6dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006d0000"
filename = ""
Region:
id = 911
start_va = 0x6c750000
end_va = 0x6c7c8fff
monitored = 1
entry_point = 0x6c75f82a
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1273
start_va = 0x76ed0000
end_va = 0x76f14fff
monitored = 0
entry_point = 0x76eede90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1274
start_va = 0x755d0000
end_va = 0x755dbfff
monitored = 0
entry_point = 0x755d3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1275
start_va = 0x6c7f0000
end_va = 0x6c7f7fff
monitored = 0
entry_point = 0x6c7f17b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1276
start_va = 0x6b390000
end_va = 0x6ba40fff
monitored = 1
entry_point = 0x6b3a5d20
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1277
start_va = 0x6b290000
end_va = 0x6b384fff
monitored = 0
entry_point = 0x6b2e4160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 1278
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 1279
start_va = 0x4a0000
end_va = 0x4affff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 1280
start_va = 0x4b0000
end_va = 0x4bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 1281
start_va = 0x4c0000
end_va = 0x4cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004c0000"
filename = ""
Region:
id = 1282
start_va = 0x4d0000
end_va = 0x4dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004d0000"
filename = ""
Region:
id = 1283
start_va = 0x4e0000
end_va = 0x4effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004e0000"
filename = ""
Region:
id = 1284
start_va = 0x4f0000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004f0000"
filename = ""
Region:
id = 1285
start_va = 0x500000
end_va = 0x500fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 1286
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 1287
start_va = 0xb00000
end_va = 0xc0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1288
start_va = 0xc10000
end_va = 0xd7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c10000"
filename = ""
Region:
id = 1289
start_va = 0x520000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000520000"
filename = ""
Region:
id = 1290
start_va = 0x590000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1291
start_va = 0x680000
end_va = 0x68ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 1292
start_va = 0x560000
end_va = 0x56ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 1293
start_va = 0x6580000
end_va = 0x857ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006580000"
filename = ""
Region:
id = 1294
start_va = 0x560000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 1295
start_va = 0x5d0000
end_va = 0x60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005d0000"
filename = ""
Region:
id = 1296
start_va = 0x610000
end_va = 0x64ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 1310
start_va = 0xd80000
end_va = 0x10b6fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1311
start_va = 0x6a060000
end_va = 0x6b287fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")
Region:
id = 1317
start_va = 0xb00000
end_va = 0xbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b00000"
filename = ""
Region:
id = 1318
start_va = 0xc00000
end_va = 0xc0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c00000"
filename = ""
Region:
id = 1319
start_va = 0x650000
end_va = 0x65ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000650000"
filename = ""
Region:
id = 1368
start_va = 0x69630000
end_va = 0x69fdbfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")
Region:
id = 1385
start_va = 0x6be30000
end_va = 0x6c541fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")
Region:
id = 1388
start_va = 0x68710000
end_va = 0x6879afff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.powershell.consolehost.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Pb378ec07#\\24c2ce3e0888a5f9c613c20443ec3711\\Microsoft.PowerShell.ConsoleHost.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.pb378ec07#\\24c2ce3e0888a5f9c613c20443ec3711\\microsoft.powershell.consolehost.ni.dll")
Region:
id = 1393
start_va = 0x70040000
end_va = 0x70052fff
monitored = 0
entry_point = 0x70049950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1394
start_va = 0x70010000
end_va = 0x7003efff
monitored = 0
entry_point = 0x700295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1395
start_va = 0x73e30000
end_va = 0x73e4afff
monitored = 0
entry_point = 0x73e39050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1428
start_va = 0x66e60000
end_va = 0x6870dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.automation.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Manaa57fc8cc#\\1ccb63704392d146fb118a3c7c02e118\\System.Management.Automation.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.manaa57fc8cc#\\1ccb63704392d146fb118a3c7c02e118\\system.management.automation.ni.dll")
Region:
id = 1469
start_va = 0xb00000
end_va = 0xb61fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorrc.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll")
Region:
id = 1470
start_va = 0xbf0000
end_va = 0xbfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bf0000"
filename = ""
Region:
id = 1475
start_va = 0x660000
end_va = 0x664fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\SysWOW64\\winnlsres.dll" (normalized: "c:\\windows\\syswow64\\winnlsres.dll")
Region:
id = 1476
start_va = 0x670000
end_va = 0x67ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\winnlsres.dll.mui")
Region:
id = 1477
start_va = 0x75930000
end_va = 0x75935fff
monitored = 0
entry_point = 0x75931460
region_type = mapped_file
name = "psapi.dll"
filename = "\\Windows\\SysWOW64\\psapi.dll" (normalized: "c:\\windows\\syswow64\\psapi.dll")
Region:
id = 1479
start_va = 0xc10000
end_va = 0xd0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000c10000"
filename = ""
Region:
id = 1480
start_va = 0xd70000
end_va = 0xd7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d70000"
filename = ""
Region:
id = 1494
start_va = 0x6a010000
end_va = 0x6a053fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.numerics.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Numerics\\4d1e79f86c195a48bfb3d1e5ca404930\\System.Numerics.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.numerics\\4d1e79f86c195a48bfb3d1e5ca404930\\system.numerics.ni.dll")
Region:
id = 1506
start_va = 0x690000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000690000"
filename = ""
Region:
id = 1513
start_va = 0x68950000
end_va = 0x689c9fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "microsoft.management.infrastructure.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.Mf49f6405#\\c5cf09a01c434d73a149336798330955\\Microsoft.Management.Infrastructure.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.mf49f6405#\\c5cf09a01c434d73a149336798330955\\microsoft.management.infrastructure.ni.dll")
Region:
id = 1518
start_va = 0x66740000
end_va = 0x66e55fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll")
Region:
id = 1519
start_va = 0x6a0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 1520
start_va = 0x68830000
end_va = 0x6894bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.directoryservices.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Dired13b18a9#\\495b4726107659a7a7f716d2b34703ce\\System.DirectoryServices.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.dired13b18a9#\\495b4726107659a7a7f716d2b34703ce\\system.directoryservices.ni.dll")
Region:
id = 1605
start_va = 0x66620000
end_va = 0x6673bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll")
Region:
id = 1615
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1616
start_va = 0x6c0000
end_va = 0x6cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 1618
start_va = 0xb70000
end_va = 0xb7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b70000"
filename = ""
Region:
id = 1619
start_va = 0xb80000
end_va = 0xb8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b80000"
filename = ""
Region:
id = 1629
start_va = 0xb90000
end_va = 0xb9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000b90000"
filename = ""
Region:
id = 1644
start_va = 0xba0000
end_va = 0xbaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000ba0000"
filename = ""
Region:
id = 1646
start_va = 0xbb0000
end_va = 0xbbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bb0000"
filename = ""
Region:
id = 1712
start_va = 0xbc0000
end_va = 0xbcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bc0000"
filename = ""
Region:
id = 1713
start_va = 0xbd0000
end_va = 0xbdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000bd0000"
filename = ""
Region:
id = 1715
start_va = 0xbe0000
end_va = 0xbeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000be0000"
filename = ""
Region:
id = 1720
start_va = 0x69fe0000
end_va = 0x6a005fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.install.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Confe64a9051#\\1ba9fabb6a4cb3c022579f789ba3280b\\System.Configuration.Install.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.confe64a9051#\\1ba9fabb6a4cb3c022579f789ba3280b\\system.configuration.install.ni.dll")
Region:
id = 1722
start_va = 0x66570000
end_va = 0x6661dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.transactions.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Transactions\\8a03e2886313defa91cef9f385480f4e\\System.Transactions.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.transactions\\8a03e2886313defa91cef9f385480f4e\\system.transactions.ni.dll")
Region:
id = 1726
start_va = 0x687e0000
end_va = 0x6882afff
monitored = 1
entry_point = 0x687ff53e
region_type = mapped_file
name = "system.transactions.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll")
Region:
id = 1727
start_va = 0xd10000
end_va = 0xd5afff
monitored = 1
entry_point = 0xd2f53e
region_type = mapped_file
name = "system.transactions.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\System.Transactions\\v4.0_4.0.0.0__b77a5c561934e089\\System.Transactions.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\system.transactions\\v4.0_4.0.0.0__b77a5c561934e089\\system.transactions.dll")
Region:
id = 1894
start_va = 0x687d0000
end_va = 0x687d4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.diagnostics.tracing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Diagd2d95910#\\00f2884f94840274aeab684b7683f0fb\\System.Diagnostics.Tracing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.diagd2d95910#\\00f2884f94840274aeab684b7683f0fb\\system.diagnostics.tracing.ni.dll")
Region:
id = 1925
start_va = 0x741b0000
end_va = 0x755aefff
monitored = 0
entry_point = 0x7436b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1926
start_va = 0x75940000
end_va = 0x75976fff
monitored = 0
entry_point = 0x75943b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1927
start_va = 0x75f10000
end_va = 0x76408fff
monitored = 0
entry_point = 0x76117610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1928
start_va = 0x76cf0000
end_va = 0x76d7cfff
monitored = 0
entry_point = 0x76d39b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1929
start_va = 0x766e0000
end_va = 0x76723fff
monitored = 0
entry_point = 0x766e7410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1930
start_va = 0x77450000
end_va = 0x7745efff
monitored = 0
entry_point = 0x77452e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1941
start_va = 0xd10000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d10000"
filename = ""
Region:
id = 1952
start_va = 0xd20000
end_va = 0xd20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 1953
start_va = 0xd20000
end_va = 0xd28fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 1966
start_va = 0xd20000
end_va = 0xd20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 1967
start_va = 0xd20000
end_va = 0xd28fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 1968
start_va = 0xd20000
end_va = 0xd20fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll"
filename = "\\Windows\\SysWOW64\\tzres.dll" (normalized: "c:\\windows\\syswow64\\tzres.dll")
Region:
id = 1969
start_va = 0xd20000
end_va = 0xd28fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tzres.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\tzres.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\tzres.dll.mui")
Region:
id = 2035
start_va = 0xd20000
end_va = 0xd5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d20000"
filename = ""
Region:
id = 2036
start_va = 0x10c0000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010c0000"
filename = ""
Region:
id = 2037
start_va = 0x8580000
end_va = 0x85bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008580000"
filename = ""
Region:
id = 2038
start_va = 0x85c0000
end_va = 0x85fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000085c0000"
filename = ""
Region:
id = 2100
start_va = 0x6c640000
end_va = 0x6c6bdfff
monitored = 1
entry_point = 0x6c641140
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 2101
start_va = 0xd60000
end_va = 0xd6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d60000"
filename = ""
Thread:
id = 13
os_tid = 0x1398
Thread:
id = 24
os_tid = 0x3d4
Thread:
id = 113
os_tid = 0xe9c
Thread:
id = 114
os_tid = 0xf44
Thread:
id = 147
os_tid = 0x1014
Thread:
id = 148
os_tid = 0x1018
Process:
id = "3"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x30ac7000"
os_pid = "0xff0"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "2"
os_parent_pid = "0x1340"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 671
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 672
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 673
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 674
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 675
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 676
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 677
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 678
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 679
start_va = 0x7ff78ce40000
end_va = 0x7ff78ce50fff
monitored = 0
entry_point = 0x7ff78ce416b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 680
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 681
start_va = 0x720000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000720000"
filename = ""
Region:
id = 682
start_va = 0x7ff881ed0000
end_va = 0x7ff8820b7fff
monitored = 0
entry_point = 0x7ff881efba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 683
start_va = 0x7ff884c10000
end_va = 0x7ff884cbcfff
monitored = 0
entry_point = 0x7ff884c281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 684
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 685
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 686
start_va = 0x90000
end_va = 0x14dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 687
start_va = 0x7ff882220000
end_va = 0x7ff8822bcfff
monitored = 0
entry_point = 0x7ff8822278a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 688
start_va = 0x150000
end_va = 0x18ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000150000"
filename = ""
Region:
id = 689
start_va = 0x820000
end_va = 0x9dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 690
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 709
start_va = 0x7ff87ae40000
end_va = 0x7ff87ae98fff
monitored = 0
entry_point = 0x7ff87ae4fbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 710
start_va = 0x190000
end_va = 0x190fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000190000"
filename = ""
Region:
id = 711
start_va = 0x7ff8822c0000
end_va = 0x7ff88253cfff
monitored = 0
entry_point = 0x7ff882394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 712
start_va = 0x7ff883bf0000
end_va = 0x7ff883d0bfff
monitored = 0
entry_point = 0x7ff883c302b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 713
start_va = 0x7ff881d50000
end_va = 0x7ff881db9fff
monitored = 0
entry_point = 0x7ff881d86d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 714
start_va = 0x7ff8820c0000
end_va = 0x7ff882215fff
monitored = 0
entry_point = 0x7ff8820ca8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 715
start_va = 0x7ff884a10000
end_va = 0x7ff884b95fff
monitored = 0
entry_point = 0x7ff884a5ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 716
start_va = 0x1a0000
end_va = 0x1a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001a0000"
filename = ""
Region:
id = 717
start_va = 0x7ff8842c0000
end_va = 0x7ff884402fff
monitored = 0
entry_point = 0x7ff8842e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 718
start_va = 0x7ff882550000
end_va = 0x7ff8825aafff
monitored = 0
entry_point = 0x7ff8825638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 719
start_va = 0x7ff8849d0000
end_va = 0x7ff884a0afff
monitored = 0
entry_point = 0x7ff8849d12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 720
start_va = 0x7ff884410000
end_va = 0x7ff8844d0fff
monitored = 0
entry_point = 0x7ff884430da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 721
start_va = 0x7ff87f8e0000
end_va = 0x7ff87fa65fff
monitored = 0
entry_point = 0x7ff87f92d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 722
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 723
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 724
start_va = 0x820000
end_va = 0x9a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000820000"
filename = ""
Region:
id = 725
start_va = 0x9d0000
end_va = 0x9dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000009d0000"
filename = ""
Region:
id = 726
start_va = 0x9e0000
end_va = 0xb60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Region:
id = 727
start_va = 0xb70000
end_va = 0x1f6ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b70000"
filename = ""
Region:
id = 728
start_va = 0x600000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 730
start_va = 0x640000
end_va = 0x67ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000640000"
filename = ""
Region:
id = 731
start_va = 0x7ff8812e0000
end_va = 0x7ff88132afff
monitored = 0
entry_point = 0x7ff8812e35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 732
start_va = 0x7ff881330000
end_va = 0x7ff88133efff
monitored = 0
entry_point = 0x7ff881333210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 733
start_va = 0x7ff881340000
end_va = 0x7ff881353fff
monitored = 0
entry_point = 0x7ff8813452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 734
start_va = 0x7ff881370000
end_va = 0x7ff8813b2fff
monitored = 0
entry_point = 0x7ff881384b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 735
start_va = 0x7ff881620000
end_va = 0x7ff881c63fff
monitored = 0
entry_point = 0x7ff8817e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 736
start_va = 0x7ff881c70000
end_va = 0x7ff881d24fff
monitored = 0
entry_point = 0x7ff881cb22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 737
start_va = 0x7ff8825b0000
end_va = 0x7ff883b0efff
monitored = 0
entry_point = 0x7ff8827111f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 738
start_va = 0x7ff884920000
end_va = 0x7ff8849c6fff
monitored = 0
entry_point = 0x7ff8849358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 739
start_va = 0x7ff884bb0000
end_va = 0x7ff884c01fff
monitored = 0
entry_point = 0x7ff884bbf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 740
start_va = 0x7ff87fc60000
end_va = 0x7ff87fcf5fff
monitored = 0
entry_point = 0x7ff87fc85570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 749
start_va = 0x1f70000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 792
start_va = 0x2140000
end_va = 0x2476fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 793
start_va = 0x1f70000
end_va = 0x206ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f70000"
filename = ""
Region:
id = 794
start_va = 0x2130000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002130000"
filename = ""
Region:
id = 795
start_va = 0x2480000
end_va = 0x267ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002480000"
filename = ""
Region:
id = 810
start_va = 0x680000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000680000"
filename = ""
Region:
id = 811
start_va = 0x7ff883ec0000
end_va = 0x7ff884019fff
monitored = 0
entry_point = 0x7ff883f038e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 814
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 815
start_va = 0x2070000
end_va = 0x212bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002070000"
filename = ""
Region:
id = 816
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 817
start_va = 0x7ff87eb60000
end_va = 0x7ff87eb81fff
monitored = 0
entry_point = 0x7ff87eb61a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 822
start_va = 0x7ff87fad0000
end_va = 0x7ff87fae2fff
monitored = 0
entry_point = 0x7ff87fad2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 823
start_va = 0x7ff8810f0000
end_va = 0x7ff881145fff
monitored = 0
entry_point = 0x7ff881100bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 824
start_va = 0x60000
end_va = 0x66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 825
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 826
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 827
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 828
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 829
start_va = 0x1f0000
end_va = 0x1f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 830
start_va = 0x600000
end_va = 0x600fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 831
start_va = 0x630000
end_va = 0x63ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 840
start_va = 0x610000
end_va = 0x611fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000610000"
filename = ""
Region:
id = 841
start_va = 0x7ff875c70000
end_va = 0x7ff875ee3fff
monitored = 0
entry_point = 0x7ff875ce0400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 842
start_va = 0x620000
end_va = 0x620fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 843
start_va = 0x6c0000
end_va = 0x6c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Thread:
id = 14
os_tid = 0xf7c
Thread:
id = 15
os_tid = 0x8fc
Thread:
id = 17
os_tid = 0x238
Thread:
id = 21
os_tid = 0x590
Process:
id = "4"
image_name = "schtasks.exe"
filename = "c:\\windows\\syswow64\\schtasks.exe"
page_root = "0x3094b000"
os_pid = "0xbfc"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x704"
cmd_line = "\"C:\\Windows\\System32\\schtasks.exe\" /Create /TN \"Updates\\gfLnSNNH\" /XML \"C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 691
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 692
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 693
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 694
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 695
start_va = 0xa0000
end_va = 0xdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 696
start_va = 0xe0000
end_va = 0xe3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 697
start_va = 0xf0000
end_va = 0xf0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000f0000"
filename = ""
Region:
id = 698
start_va = 0x100000
end_va = 0x101fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000100000"
filename = ""
Region:
id = 699
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 700
start_va = 0xe70000
end_va = 0xea1fff
monitored = 1
entry_point = 0xe905b0
region_type = mapped_file
name = "schtasks.exe"
filename = "\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")
Region:
id = 701
start_va = 0xeb0000
end_va = 0x4eaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000eb0000"
filename = ""
Region:
id = 702
start_va = 0x77460000
end_va = 0x775dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 703
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 704
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 705
start_va = 0x7fff0000
end_va = 0x7df884cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 706
start_va = 0x7df884cc0000
end_va = 0x7ff884cbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df884cc0000"
filename = ""
Region:
id = 707
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 708
start_va = 0x7ff884e81000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff884e81000"
filename = ""
Region:
id = 741
start_va = 0x1e0000
end_va = 0x1effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 742
start_va = 0x5f960000
end_va = 0x5f9affff
monitored = 0
entry_point = 0x5f978180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 743
start_va = 0x5f9b0000
end_va = 0x5fa29fff
monitored = 0
entry_point = 0x5f9c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 744
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 745
start_va = 0x5fa30000
end_va = 0x5fa37fff
monitored = 0
entry_point = 0x5fa317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 746
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 747
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 748
start_va = 0x77270000
end_va = 0x773edfff
monitored = 0
entry_point = 0x77321b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 750
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 751
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 855
start_va = 0x110000
end_va = 0x1cdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 856
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 857
start_va = 0x76570000
end_va = 0x7662dfff
monitored = 0
entry_point = 0x765a5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 858
start_va = 0x400000
end_va = 0x43ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 859
start_va = 0x440000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 860
start_va = 0x500000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 861
start_va = 0x76bf0000
end_va = 0x76c81fff
monitored = 0
entry_point = 0x76c28cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 862
start_va = 0x769b0000
end_va = 0x76b6cfff
monitored = 0
entry_point = 0x76a92a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 863
start_va = 0x76630000
end_va = 0x766dcfff
monitored = 0
entry_point = 0x76644f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 864
start_va = 0x74190000
end_va = 0x741adfff
monitored = 0
entry_point = 0x7419b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 865
start_va = 0x74180000
end_va = 0x74189fff
monitored = 0
entry_point = 0x74182a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 866
start_va = 0x75880000
end_va = 0x758d7fff
monitored = 0
entry_point = 0x758c25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 867
start_va = 0x758e0000
end_va = 0x75923fff
monitored = 0
entry_point = 0x758f9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 868
start_va = 0x30000
end_va = 0x3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 886
start_va = 0x600000
end_va = 0x6e9fff
monitored = 0
entry_point = 0x63d650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 898
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 899
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 900
start_va = 0x600000
end_va = 0x9fafff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 901
start_va = 0xa00000
end_va = 0xd36fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 906
start_va = 0x755d0000
end_va = 0x755dbfff
monitored = 0
entry_point = 0x755d3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 907
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 908
start_va = 0x76730000
end_va = 0x767b3fff
monitored = 0
entry_point = 0x76756220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 909
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 910
start_va = 0x68710000
end_va = 0x6879bfff
monitored = 0
entry_point = 0x6874a6c0
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\SysWOW64\\taskschd.dll" (normalized: "c:\\windows\\syswow64\\taskschd.dll")
Thread:
id = 16
os_tid = 0xe1c
[0197.325] GetModuleHandleA (lpModuleName=0x0) returned 0xe70000
[0197.325] __set_app_type (_Type=0x1)
[0197.325] __p__fmode () returned 0x76624d6c
[0197.325] __p__commode () returned 0x76625b1c
[0197.325] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe90840) returned 0x0
[0197.326] __wgetmainargs (in: _Argc=0xe9ade0, _Argv=0xe9ade4, _Env=0xe9ade8, _DoWildCard=0, _StartInfo=0xe9adf4 | out: _Argc=0xe9ade0, _Argv=0xe9ade4, _Env=0xe9ade8) returned 0
[0197.326] _onexit (_Func=0xe92bc0) returned 0xe92bc0
[0197.326] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1
[0197.326] WinSqmIsOptedIn () returned 0x0
[0197.327] GetProcessHeap () returned 0x500000
[0197.327] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507338
[0197.327] RtlRestoreLastWin32Error () returned 0x0
[0197.327] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0197.327] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0197.327] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0197.327] RtlVerifyVersionInfo (VersionInfo=0xdf9f8, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0197.327] GetProcessHeap () returned 0x500000
[0197.327] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x5073e0
[0197.327] lstrlenW (lpString="") returned 0
[0197.327] GetProcessHeap () returned 0x500000
[0197.327] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x2) returned 0x500598
[0197.327] GetProcessHeap () returned 0x500000
[0197.327] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506e38
[0197.327] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507410
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506c00
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506c20
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506c40
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506830
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x5073c8
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506850
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506870
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5065c8
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5065e8
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507470
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x506608
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x502778
[0197.328] GetProcessHeap () returned 0x500000
[0197.328] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x502798
[0197.328] GetProcessHeap () returned 0x500000
[0197.329] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5027b8
[0197.329] SetThreadUILanguage (LangId=0x0) returned 0x409
[0197.397] RtlRestoreLastWin32Error () returned 0x0
[0197.397] GetProcessHeap () returned 0x500000
[0197.397] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509358
[0197.397] GetProcessHeap () returned 0x500000
[0197.397] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509458
[0197.398] GetProcessHeap () returned 0x500000
[0197.398] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509498
[0197.398] GetProcessHeap () returned 0x500000
[0197.398] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509658
[0197.398] GetProcessHeap () returned 0x500000
[0197.398] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5094f8
[0197.398] GetProcessHeap () returned 0x500000
[0197.398] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507440
[0197.398] _memicmp (_Buf1=0x507440, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.398] GetProcessHeap () returned 0x500000
[0197.398] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x208) returned 0x508cd0
[0197.398] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x508cd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0197.398] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdfb04 | out: lpdwHandle=0xdfb04) returned 0x76c
[0197.401] GetProcessHeap () returned 0x500000
[0197.401] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x776) returned 0x509da8
[0197.402] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x509da8 | out: lpData=0x509da8) returned 1
[0197.402] VerQueryValueW (in: pBlock=0x509da8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdfb0c, puLen=0xdfb10 | out: lplpBuffer=0xdfb0c*=0x50a158, puLen=0xdfb10) returned 1
[0197.405] _memicmp (_Buf1=0x507440, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.405] _vsnwprintf (in: _Buffer=0x508cd0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdfaf0 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0197.406] VerQueryValueW (in: pBlock=0x509da8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdfb1c, puLen=0xdfb18 | out: lplpBuffer=0xdfb1c*=0x509f88, puLen=0xdfb18) returned 1
[0197.406] lstrlenW (lpString="schtasks.exe") returned 12
[0197.406] lstrlenW (lpString="schtasks.exe") returned 12
[0197.406] lstrlenW (lpString=".EXE") returned 4
[0197.406] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0197.407] lstrlenW (lpString="schtasks.exe") returned 12
[0197.407] lstrlenW (lpString=".EXE") returned 4
[0197.407] _memicmp (_Buf1=0x507440, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.407] lstrlenW (lpString="schtasks") returned 8
[0197.407] GetProcessHeap () returned 0x500000
[0197.407] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509558
[0197.407] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509338
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509318
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509638
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x5073f8
[0197.408] _memicmp (_Buf1=0x5073f8, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0xa0) returned 0x5069d0
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5095b8
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509378
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x509538
[0197.408] GetProcessHeap () returned 0x500000
[0197.408] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507428
[0197.408] _memicmp (_Buf1=0x507428, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.409] GetProcessHeap () returned 0x500000
[0197.409] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x200) returned 0x50a788
[0197.409] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x50a788, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0197.409] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0197.409] GetProcessHeap () returned 0x500000
[0197.409] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x30) returned 0x506a78
[0197.409] _vsnwprintf (in: _Buffer=0x5069d0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdfaf4 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29
[0197.409] GetProcessHeap () returned 0x500000
[0197.409] GetProcessHeap () returned 0x500000
[0197.409] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509da8) returned 1
[0197.409] GetProcessHeap () returned 0x500000
[0197.409] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509da8) returned 0x776
[0197.410] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509da8) returned 1
[0197.410] RtlRestoreLastWin32Error () returned 0x0
[0197.410] GetThreadLocale () returned 0x409
[0197.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.410] lstrlenW (lpString="?") returned 1
[0197.410] GetThreadLocale () returned 0x409
[0197.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.410] lstrlenW (lpString="create") returned 6
[0197.410] GetThreadLocale () returned 0x409
[0197.410] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] lstrlenW (lpString="delete") returned 6
[0197.411] GetThreadLocale () returned 0x409
[0197.411] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] lstrlenW (lpString="query") returned 5
[0197.411] GetThreadLocale () returned 0x409
[0197.411] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] lstrlenW (lpString="change") returned 6
[0197.411] GetThreadLocale () returned 0x409
[0197.411] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] lstrlenW (lpString="run") returned 3
[0197.411] GetThreadLocale () returned 0x409
[0197.411] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] lstrlenW (lpString="end") returned 3
[0197.411] GetThreadLocale () returned 0x409
[0197.411] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] lstrlenW (lpString="showsid") returned 7
[0197.411] GetThreadLocale () returned 0x409
[0197.411] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.411] RtlRestoreLastWin32Error () returned 0x0
[0197.411] RtlRestoreLastWin32Error () returned 0x0
[0197.411] lstrlenW (lpString="/Create") returned 7
[0197.411] lstrlenW (lpString="-/") returned 2
[0197.411] StrChrIW (lpStart="-/", wMatch=0x3002f) returned="/"
[0197.411] lstrlenW (lpString="?") returned 1
[0197.411] lstrlenW (lpString="?") returned 1
[0197.411] GetProcessHeap () returned 0x500000
[0197.411] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x5074a0
[0197.411] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.411] GetProcessHeap () returned 0x500000
[0197.411] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0xa) returned 0x5074b8
[0197.411] lstrlenW (lpString="Create") returned 6
[0197.411] GetProcessHeap () returned 0x500000
[0197.411] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507308
[0197.412] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.412] GetProcessHeap () returned 0x500000
[0197.412] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5093b8
[0197.412] _vsnwprintf (in: _Buffer=0x5074b8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0197.412] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0197.412] lstrlenW (lpString="|?|") returned 3
[0197.412] lstrlenW (lpString="|Create|") returned 8
[0197.412] RtlRestoreLastWin32Error () returned 0x490
[0197.412] lstrlenW (lpString="create") returned 6
[0197.412] lstrlenW (lpString="create") returned 6
[0197.412] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.412] GetProcessHeap () returned 0x500000
[0197.412] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5074b8) returned 1
[0197.412] GetProcessHeap () returned 0x500000
[0197.412] RtlReAllocateHeap (Heap=0x500000, Flags=0xc, Ptr=0x5074b8, Size=0x14) returned 0x5095d8
[0197.412] lstrlenW (lpString="Create") returned 6
[0197.412] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.412] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0197.412] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|Create|") returned 8
[0197.412] lstrlenW (lpString="|create|") returned 8
[0197.412] lstrlenW (lpString="|Create|") returned 8
[0197.412] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0197.412] RtlRestoreLastWin32Error () returned 0x0
[0197.412] RtlRestoreLastWin32Error () returned 0x0
[0197.412] RtlRestoreLastWin32Error () returned 0x0
[0197.412] lstrlenW (lpString="/TN") returned 3
[0197.413] lstrlenW (lpString="-/") returned 2
[0197.413] StrChrIW (lpStart="-/", wMatch=0x3002f) returned="/"
[0197.413] lstrlenW (lpString="?") returned 1
[0197.413] lstrlenW (lpString="?") returned 1
[0197.413] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.413] lstrlenW (lpString="TN") returned 2
[0197.413] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.413] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0197.413] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.413] lstrlenW (lpString="|?|") returned 3
[0197.413] lstrlenW (lpString="|TN|") returned 4
[0197.413] RtlRestoreLastWin32Error () returned 0x490
[0197.413] lstrlenW (lpString="create") returned 6
[0197.413] lstrlenW (lpString="create") returned 6
[0197.413] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.413] lstrlenW (lpString="TN") returned 2
[0197.413] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.413] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0197.413] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.413] lstrlenW (lpString="|create|") returned 8
[0197.413] lstrlenW (lpString="|TN|") returned 4
[0197.413] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0197.413] RtlRestoreLastWin32Error () returned 0x490
[0197.413] lstrlenW (lpString="delete") returned 6
[0197.413] lstrlenW (lpString="delete") returned 6
[0197.413] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.414] lstrlenW (lpString="TN") returned 2
[0197.414] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.414] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0197.414] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.414] lstrlenW (lpString="|delete|") returned 8
[0197.414] lstrlenW (lpString="|TN|") returned 4
[0197.414] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0
[0197.414] RtlRestoreLastWin32Error () returned 0x490
[0197.414] lstrlenW (lpString="query") returned 5
[0197.414] lstrlenW (lpString="query") returned 5
[0197.414] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.414] lstrlenW (lpString="TN") returned 2
[0197.414] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.414] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0197.414] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.414] lstrlenW (lpString="|query|") returned 7
[0197.414] lstrlenW (lpString="|TN|") returned 4
[0197.414] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0
[0197.414] RtlRestoreLastWin32Error () returned 0x490
[0197.414] lstrlenW (lpString="change") returned 6
[0197.414] lstrlenW (lpString="change") returned 6
[0197.414] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.414] lstrlenW (lpString="TN") returned 2
[0197.414] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.415] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0197.415] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.415] lstrlenW (lpString="|change|") returned 8
[0197.415] lstrlenW (lpString="|TN|") returned 4
[0197.415] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0
[0197.415] RtlRestoreLastWin32Error () returned 0x490
[0197.415] lstrlenW (lpString="run") returned 3
[0197.415] lstrlenW (lpString="run") returned 3
[0197.415] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.415] lstrlenW (lpString="TN") returned 2
[0197.415] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.415] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0197.415] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.415] lstrlenW (lpString="|run|") returned 5
[0197.415] lstrlenW (lpString="|TN|") returned 4
[0197.415] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0
[0197.415] RtlRestoreLastWin32Error () returned 0x490
[0197.415] lstrlenW (lpString="end") returned 3
[0197.415] lstrlenW (lpString="end") returned 3
[0197.415] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.415] lstrlenW (lpString="TN") returned 2
[0197.415] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.415] _vsnwprintf (in: _Buffer=0x5095d8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0197.415] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.415] lstrlenW (lpString="|end|") returned 5
[0197.415] lstrlenW (lpString="|TN|") returned 4
[0197.415] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0
[0197.415] RtlRestoreLastWin32Error () returned 0x490
[0197.416] lstrlenW (lpString="showsid") returned 7
[0197.416] lstrlenW (lpString="showsid") returned 7
[0197.416] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.416] GetProcessHeap () returned 0x500000
[0197.416] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5095d8) returned 1
[0197.416] GetProcessHeap () returned 0x500000
[0197.416] RtlReAllocateHeap (Heap=0x500000, Flags=0xc, Ptr=0x5095d8, Size=0x16) returned 0x509398
[0197.416] lstrlenW (lpString="TN") returned 2
[0197.416] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.416] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0197.416] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|TN|") returned 4
[0197.416] lstrlenW (lpString="|showsid|") returned 9
[0197.416] lstrlenW (lpString="|TN|") returned 4
[0197.416] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0
[0197.416] RtlRestoreLastWin32Error () returned 0x490
[0197.416] RtlRestoreLastWin32Error () returned 0x490
[0197.416] RtlRestoreLastWin32Error () returned 0x0
[0197.416] lstrlenW (lpString="/TN") returned 3
[0197.416] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0
[0197.416] RtlRestoreLastWin32Error () returned 0x490
[0197.416] RtlRestoreLastWin32Error () returned 0x0
[0197.418] lstrlenW (lpString="/TN") returned 3
[0197.418] GetProcessHeap () returned 0x500000
[0197.418] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x8) returned 0x506c60
[0197.418] GetProcessHeap () returned 0x500000
[0197.418] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5093d8
[0197.418] RtlRestoreLastWin32Error () returned 0x0
[0197.418] RtlRestoreLastWin32Error () returned 0x0
[0197.418] lstrlenW (lpString="Updates\\gfLnSNNH") returned 16
[0197.418] lstrlenW (lpString="-/") returned 2
[0197.418] StrChrIW (lpStart="-/", wMatch=0x30055) returned 0x0
[0197.418] RtlRestoreLastWin32Error () returned 0x490
[0197.418] RtlRestoreLastWin32Error () returned 0x490
[0197.418] RtlRestoreLastWin32Error () returned 0x0
[0197.418] lstrlenW (lpString="Updates\\gfLnSNNH") returned 16
[0197.418] StrChrIW (lpStart="Updates\\gfLnSNNH", wMatch=0x3a) returned 0x0
[0197.418] RtlRestoreLastWin32Error () returned 0x490
[0197.418] RtlRestoreLastWin32Error () returned 0x0
[0197.418] lstrlenW (lpString="Updates\\gfLnSNNH") returned 16
[0197.418] GetProcessHeap () returned 0x500000
[0197.418] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x22) returned 0x508fb0
[0197.418] GetProcessHeap () returned 0x500000
[0197.418] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5094b8
[0197.418] RtlRestoreLastWin32Error () returned 0x0
[0197.418] RtlRestoreLastWin32Error () returned 0x0
[0197.418] lstrlenW (lpString="/XML") returned 4
[0197.418] lstrlenW (lpString="-/") returned 2
[0197.418] StrChrIW (lpStart="-/", wMatch=0x3002f) returned="/"
[0197.418] lstrlenW (lpString="?") returned 1
[0197.419] lstrlenW (lpString="?") returned 1
[0197.419] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.419] lstrlenW (lpString="XML") returned 3
[0197.419] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.419] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|?|") returned 3
[0197.419] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.419] lstrlenW (lpString="|?|") returned 3
[0197.419] lstrlenW (lpString="|XML|") returned 5
[0197.419] RtlRestoreLastWin32Error () returned 0x490
[0197.419] lstrlenW (lpString="create") returned 6
[0197.419] lstrlenW (lpString="create") returned 6
[0197.419] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.419] lstrlenW (lpString="XML") returned 3
[0197.419] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.419] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|create|") returned 8
[0197.419] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.419] lstrlenW (lpString="|create|") returned 8
[0197.419] lstrlenW (lpString="|XML|") returned 5
[0197.419] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0197.419] RtlRestoreLastWin32Error () returned 0x490
[0197.419] lstrlenW (lpString="delete") returned 6
[0197.420] lstrlenW (lpString="delete") returned 6
[0197.420] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.420] lstrlenW (lpString="XML") returned 3
[0197.420] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.420] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|delete|") returned 8
[0197.420] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.420] lstrlenW (lpString="|delete|") returned 8
[0197.420] lstrlenW (lpString="|XML|") returned 5
[0197.420] StrStrIW (lpFirst="|delete|", lpSrch="|XML|") returned 0x0
[0197.420] RtlRestoreLastWin32Error () returned 0x490
[0197.420] lstrlenW (lpString="query") returned 5
[0197.420] lstrlenW (lpString="query") returned 5
[0197.420] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.420] lstrlenW (lpString="XML") returned 3
[0197.420] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.420] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x8, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|query|") returned 7
[0197.420] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.420] lstrlenW (lpString="|query|") returned 7
[0197.420] lstrlenW (lpString="|XML|") returned 5
[0197.420] StrStrIW (lpFirst="|query|", lpSrch="|XML|") returned 0x0
[0197.420] RtlRestoreLastWin32Error () returned 0x490
[0197.420] lstrlenW (lpString="change") returned 6
[0197.420] lstrlenW (lpString="change") returned 6
[0197.420] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.421] lstrlenW (lpString="XML") returned 3
[0197.421] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.421] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|change|") returned 8
[0197.421] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.421] lstrlenW (lpString="|change|") returned 8
[0197.421] lstrlenW (lpString="|XML|") returned 5
[0197.421] StrStrIW (lpFirst="|change|", lpSrch="|XML|") returned 0x0
[0197.421] RtlRestoreLastWin32Error () returned 0x490
[0197.421] lstrlenW (lpString="run") returned 3
[0197.421] lstrlenW (lpString="run") returned 3
[0197.421] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.421] lstrlenW (lpString="XML") returned 3
[0197.421] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.421] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|run|") returned 5
[0197.421] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.421] lstrlenW (lpString="|run|") returned 5
[0197.421] lstrlenW (lpString="|XML|") returned 5
[0197.421] StrStrIW (lpFirst="|run|", lpSrch="|XML|") returned 0x0
[0197.421] RtlRestoreLastWin32Error () returned 0x490
[0197.421] lstrlenW (lpString="end") returned 3
[0197.421] lstrlenW (lpString="end") returned 3
[0197.421] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.421] lstrlenW (lpString="XML") returned 3
[0197.421] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.422] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|end|") returned 5
[0197.422] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.422] lstrlenW (lpString="|end|") returned 5
[0197.422] lstrlenW (lpString="|XML|") returned 5
[0197.422] StrStrIW (lpFirst="|end|", lpSrch="|XML|") returned 0x0
[0197.422] RtlRestoreLastWin32Error () returned 0x490
[0197.422] lstrlenW (lpString="showsid") returned 7
[0197.422] lstrlenW (lpString="showsid") returned 7
[0197.422] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.422] lstrlenW (lpString="XML") returned 3
[0197.422] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.422] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0xa, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|showsid|") returned 9
[0197.422] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdfae0 | out: _Buffer="|XML|") returned 5
[0197.422] lstrlenW (lpString="|showsid|") returned 9
[0197.422] lstrlenW (lpString="|XML|") returned 5
[0197.422] StrStrIW (lpFirst="|showsid|", lpSrch="|XML|") returned 0x0
[0197.422] RtlRestoreLastWin32Error () returned 0x490
[0197.422] RtlRestoreLastWin32Error () returned 0x490
[0197.422] RtlRestoreLastWin32Error () returned 0x0
[0197.422] lstrlenW (lpString="/XML") returned 4
[0197.422] StrChrIW (lpStart="/XML", wMatch=0x3a) returned 0x0
[0197.422] RtlRestoreLastWin32Error () returned 0x490
[0197.422] RtlRestoreLastWin32Error () returned 0x0
[0197.422] lstrlenW (lpString="/XML") returned 4
[0197.422] GetProcessHeap () returned 0x500000
[0197.422] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0xa) returned 0x5074b8
[0197.422] GetProcessHeap () returned 0x500000
[0197.422] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5094d8
[0197.422] RtlRestoreLastWin32Error () returned 0x0
[0197.423] RtlRestoreLastWin32Error () returned 0x0
[0197.423] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.423] lstrlenW (lpString="-/") returned 2
[0197.423] StrChrIW (lpStart="-/", wMatch=0x30043) returned 0x0
[0197.423] RtlRestoreLastWin32Error () returned 0x490
[0197.423] RtlRestoreLastWin32Error () returned 0x490
[0197.423] RtlRestoreLastWin32Error () returned 0x0
[0197.423] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.423] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp"
[0197.423] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.423] GetProcessHeap () returned 0x500000
[0197.423] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x507320
[0197.423] _memicmp (_Buf1=0x507320, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.423] GetProcessHeap () returned 0x500000
[0197.423] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0xc) returned 0x507350
[0197.423] GetProcessHeap () returned 0x500000
[0197.423] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x50ac30
[0197.423] _memicmp (_Buf1=0x50ac30, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.423] GetProcessHeap () returned 0x500000
[0197.423] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x6e) returned 0x5070c0
[0197.423] RtlRestoreLastWin32Error () returned 0x7a
[0197.423] RtlRestoreLastWin32Error () returned 0x0
[0197.423] RtlRestoreLastWin32Error () returned 0x0
[0197.423] lstrlenW (lpString="C") returned 1
[0197.423] RtlRestoreLastWin32Error () returned 0x490
[0197.423] RtlRestoreLastWin32Error () returned 0x0
[0197.423] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.423] GetProcessHeap () returned 0x500000
[0197.424] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x6a) returned 0x50ad98
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5093f8
[0197.424] RtlRestoreLastWin32Error () returned 0x0
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506c60) returned 1
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506c60) returned 0x8
[0197.424] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506c60) returned 1
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5093d8) returned 1
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5093d8) returned 0x14
[0197.424] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5093d8) returned 1
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x508fb0) returned 1
[0197.424] GetProcessHeap () returned 0x500000
[0197.424] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x508fb0) returned 0x22
[0197.425] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x508fb0) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5094b8) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5094b8) returned 0x14
[0197.425] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5094b8) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5074b8) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5074b8) returned 0xa
[0197.425] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5074b8) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5094d8) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5094d8) returned 0x14
[0197.425] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5094d8) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] GetProcessHeap () returned 0x500000
[0197.425] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x50ad98) returned 1
[0197.425] GetProcessHeap () returned 0x500000
[0197.426] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x50ad98) returned 0x6a
[0197.426] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50ad98) returned 1
[0197.426] GetProcessHeap () returned 0x500000
[0197.426] GetProcessHeap () returned 0x500000
[0197.426] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5093f8) returned 1
[0197.426] GetProcessHeap () returned 0x500000
[0197.426] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5093f8) returned 0x14
[0197.426] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5093f8) returned 1
[0197.426] GetProcessHeap () returned 0x500000
[0197.426] GetProcessHeap () returned 0x500000
[0197.426] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507338) returned 1
[0197.426] GetProcessHeap () returned 0x500000
[0197.426] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507338) returned 0x10
[0197.426] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507338) returned 1
[0197.427] RtlRestoreLastWin32Error () returned 0x0
[0197.427] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18
[0197.427] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b
[0197.427] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b
[0197.427] RtlVerifyVersionInfo (VersionInfo=0xdce60, TypeMask=0x3, ConditionMask=0x1801b) returned 0x0
[0197.427] RtlRestoreLastWin32Error () returned 0x0
[0197.427] lstrlenW (lpString="create") returned 6
[0197.427] StrChrIW (lpStart="create", wMatch=0x7c) returned 0x0
[0197.427] RtlRestoreLastWin32Error () returned 0x490
[0197.427] RtlRestoreLastWin32Error () returned 0x0
[0197.427] lstrlenW (lpString="create") returned 6
[0197.427] GetProcessHeap () returned 0x500000
[0197.427] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5093d8
[0197.428] GetProcessHeap () returned 0x500000
[0197.428] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x10) returned 0x50aca8
[0197.428] _memicmp (_Buf1=0x50aca8, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.428] GetProcessHeap () returned 0x500000
[0197.428] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x16) returned 0x509678
[0197.428] RtlRestoreLastWin32Error () returned 0x0
[0197.428] _memicmp (_Buf1=0x507440, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.428] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x508cd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20
[0197.428] GetFileVersionInfoSizeExW (in: dwFlags=0x1, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0xdcf6c | out: lpdwHandle=0xdcf6c) returned 0x76c
[0197.428] GetProcessHeap () returned 0x500000
[0197.428] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x776) returned 0x509da8
[0197.428] GetFileVersionInfoExW (in: dwFlags=0x3, lpwstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x776, lpData=0x509da8 | out: lpData=0x509da8) returned 1
[0197.428] VerQueryValueW (in: pBlock=0x509da8, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xdcf74, puLen=0xdcf78 | out: lplpBuffer=0xdcf74*=0x50a158, puLen=0xdcf78) returned 1
[0197.428] _memicmp (_Buf1=0x507440, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.429] _vsnwprintf (in: _Buffer=0x508cd0, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xdcf58 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37
[0197.429] VerQueryValueW (in: pBlock=0x509da8, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xdcf84, puLen=0xdcf80 | out: lplpBuffer=0xdcf84*=0x509f88, puLen=0xdcf80) returned 1
[0197.429] lstrlenW (lpString="schtasks.exe") returned 12
[0197.429] lstrlenW (lpString="schtasks.exe") returned 12
[0197.429] lstrlenW (lpString=".EXE") returned 4
[0197.429] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe"
[0197.429] lstrlenW (lpString="schtasks.exe") returned 12
[0197.429] lstrlenW (lpString=".EXE") returned 4
[0197.429] lstrlenW (lpString="schtasks") returned 8
[0197.429] lstrlenW (lpString="/create") returned 7
[0197.429] _memicmp (_Buf1=0x507440, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.429] _vsnwprintf (in: _Buffer=0x508cd0, _BufferCount=0x19, _Format="%s %s", _ArgList=0xdcf58 | out: _Buffer="schtasks /create") returned 16
[0197.429] _memicmp (_Buf1=0x5073f8, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.429] GetProcessHeap () returned 0x500000
[0197.429] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x5094b8
[0197.429] _memicmp (_Buf1=0x507428, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.429] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x50a788, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17
[0197.429] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23
[0197.429] GetProcessHeap () returned 0x500000
[0197.429] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x30) returned 0x50ad98
[0197.430] _vsnwprintf (in: _Buffer=0x5069d0, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xdcf5c | out: _Buffer="Type \"SCHTASKS /CREATE /?\" for usage.") returned 37
[0197.430] GetProcessHeap () returned 0x500000
[0197.430] GetProcessHeap () returned 0x500000
[0197.430] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509da8) returned 1
[0197.430] GetProcessHeap () returned 0x500000
[0197.430] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509da8) returned 0x776
[0197.430] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509da8) returned 1
[0197.430] RtlRestoreLastWin32Error () returned 0x0
[0197.430] GetThreadLocale () returned 0x409
[0197.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.430] lstrlenW (lpString="create") returned 6
[0197.430] GetThreadLocale () returned 0x409
[0197.430] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.430] lstrlenW (lpString="?") returned 1
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="s") returned 1
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="u") returned 1
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="p") returned 1
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="ru") returned 2
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="rp") returned 2
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="sc") returned 2
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="mo") returned 2
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="d") returned 1
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.431] lstrlenW (lpString="m") returned 1
[0197.431] GetThreadLocale () returned 0x409
[0197.431] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="i") returned 1
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="tn") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="tr") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="st") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="sd") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="ed") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="it") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="et") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="k") returned 1
[0197.432] GetThreadLocale () returned 0x409
[0197.432] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.432] lstrlenW (lpString="du") returned 2
[0197.432] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="ri") returned 2
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="z") returned 1
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="f") returned 1
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="v1") returned 2
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="xml") returned 3
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="ec") returned 2
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="rl") returned 2
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="delay") returned 5
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="np") returned 2
[0197.433] GetThreadLocale () returned 0x409
[0197.433] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2
[0197.433] lstrlenW (lpString="hresult") returned 7
[0197.433] RtlRestoreLastWin32Error () returned 0x0
[0197.434] RtlRestoreLastWin32Error () returned 0x0
[0197.434] lstrlenW (lpString="/Create") returned 7
[0197.434] lstrlenW (lpString="-/") returned 2
[0197.434] StrChrIW (lpStart="-/", wMatch=0x3002f) returned="/"
[0197.434] lstrlenW (lpString="create") returned 6
[0197.434] lstrlenW (lpString="create") returned 6
[0197.434] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.434] lstrlenW (lpString="Create") returned 6
[0197.434] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.434] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0197.434] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|Create|") returned 8
[0197.434] lstrlenW (lpString="|create|") returned 8
[0197.434] lstrlenW (lpString="|Create|") returned 8
[0197.434] StrStrIW (lpFirst="|create|", lpSrch="|Create|") returned="|create|"
[0197.434] RtlRestoreLastWin32Error () returned 0x0
[0197.434] RtlRestoreLastWin32Error () returned 0x0
[0197.434] RtlRestoreLastWin32Error () returned 0x0
[0197.434] lstrlenW (lpString="/TN") returned 3
[0197.434] lstrlenW (lpString="-/") returned 2
[0197.434] StrChrIW (lpStart="-/", wMatch=0x3002f) returned="/"
[0197.434] lstrlenW (lpString="create") returned 6
[0197.434] lstrlenW (lpString="create") returned 6
[0197.434] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.434] lstrlenW (lpString="TN") returned 2
[0197.434] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.435] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0197.435] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.435] lstrlenW (lpString="|create|") returned 8
[0197.435] lstrlenW (lpString="|TN|") returned 4
[0197.435] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0
[0197.435] RtlRestoreLastWin32Error () returned 0x490
[0197.435] lstrlenW (lpString="?") returned 1
[0197.435] lstrlenW (lpString="?") returned 1
[0197.435] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.435] lstrlenW (lpString="TN") returned 2
[0197.435] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.435] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0197.435] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.435] lstrlenW (lpString="|?|") returned 3
[0197.435] lstrlenW (lpString="|TN|") returned 4
[0197.435] RtlRestoreLastWin32Error () returned 0x490
[0197.435] lstrlenW (lpString="s") returned 1
[0197.435] lstrlenW (lpString="s") returned 1
[0197.435] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.435] lstrlenW (lpString="TN") returned 2
[0197.435] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.435] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0197.435] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.435] lstrlenW (lpString="|s|") returned 3
[0197.435] lstrlenW (lpString="|TN|") returned 4
[0197.436] RtlRestoreLastWin32Error () returned 0x490
[0197.436] lstrlenW (lpString="u") returned 1
[0197.436] lstrlenW (lpString="u") returned 1
[0197.436] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.436] lstrlenW (lpString="TN") returned 2
[0197.436] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.436] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0197.436] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.436] lstrlenW (lpString="|u|") returned 3
[0197.436] lstrlenW (lpString="|TN|") returned 4
[0197.436] RtlRestoreLastWin32Error () returned 0x490
[0197.436] lstrlenW (lpString="p") returned 1
[0197.436] lstrlenW (lpString="p") returned 1
[0197.436] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.436] lstrlenW (lpString="TN") returned 2
[0197.436] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.436] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0197.436] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.436] lstrlenW (lpString="|p|") returned 3
[0197.436] lstrlenW (lpString="|TN|") returned 4
[0197.436] RtlRestoreLastWin32Error () returned 0x490
[0197.436] lstrlenW (lpString="ru") returned 2
[0197.436] lstrlenW (lpString="ru") returned 2
[0197.436] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.436] lstrlenW (lpString="TN") returned 2
[0197.437] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.437] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0197.437] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.437] lstrlenW (lpString="|ru|") returned 4
[0197.437] lstrlenW (lpString="|TN|") returned 4
[0197.437] StrStrIW (lpFirst="|ru|", lpSrch="|TN|") returned 0x0
[0197.437] RtlRestoreLastWin32Error () returned 0x490
[0197.437] lstrlenW (lpString="rp") returned 2
[0197.437] lstrlenW (lpString="rp") returned 2
[0197.437] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.437] lstrlenW (lpString="TN") returned 2
[0197.437] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.437] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0197.437] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.437] lstrlenW (lpString="|rp|") returned 4
[0197.437] lstrlenW (lpString="|TN|") returned 4
[0197.437] StrStrIW (lpFirst="|rp|", lpSrch="|TN|") returned 0x0
[0197.437] RtlRestoreLastWin32Error () returned 0x490
[0197.437] lstrlenW (lpString="sc") returned 2
[0197.438] lstrlenW (lpString="sc") returned 2
[0197.438] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.438] lstrlenW (lpString="TN") returned 2
[0197.438] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.438] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0197.438] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.438] lstrlenW (lpString="|sc|") returned 4
[0197.438] lstrlenW (lpString="|TN|") returned 4
[0197.438] StrStrIW (lpFirst="|sc|", lpSrch="|TN|") returned 0x0
[0197.438] RtlRestoreLastWin32Error () returned 0x490
[0197.438] lstrlenW (lpString="mo") returned 2
[0197.438] lstrlenW (lpString="mo") returned 2
[0197.438] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.438] lstrlenW (lpString="TN") returned 2
[0197.438] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.438] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0197.438] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.438] lstrlenW (lpString="|mo|") returned 4
[0197.438] lstrlenW (lpString="|TN|") returned 4
[0197.438] StrStrIW (lpFirst="|mo|", lpSrch="|TN|") returned 0x0
[0197.438] RtlRestoreLastWin32Error () returned 0x490
[0197.438] lstrlenW (lpString="d") returned 1
[0197.438] lstrlenW (lpString="d") returned 1
[0197.438] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.438] lstrlenW (lpString="TN") returned 2
[0197.438] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.439] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0197.439] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.439] lstrlenW (lpString="|d|") returned 3
[0197.439] lstrlenW (lpString="|TN|") returned 4
[0197.439] RtlRestoreLastWin32Error () returned 0x490
[0197.439] lstrlenW (lpString="m") returned 1
[0197.439] lstrlenW (lpString="m") returned 1
[0197.439] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.439] lstrlenW (lpString="TN") returned 2
[0197.439] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.439] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0197.439] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.439] lstrlenW (lpString="|m|") returned 3
[0197.439] lstrlenW (lpString="|TN|") returned 4
[0197.439] RtlRestoreLastWin32Error () returned 0x490
[0197.439] lstrlenW (lpString="i") returned 1
[0197.439] lstrlenW (lpString="i") returned 1
[0197.439] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.439] lstrlenW (lpString="TN") returned 2
[0197.439] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.439] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0197.440] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.440] lstrlenW (lpString="|i|") returned 3
[0197.440] lstrlenW (lpString="|TN|") returned 4
[0197.440] RtlRestoreLastWin32Error () returned 0x490
[0197.440] lstrlenW (lpString="tn") returned 2
[0197.440] lstrlenW (lpString="tn") returned 2
[0197.440] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.440] lstrlenW (lpString="TN") returned 2
[0197.440] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.440] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0197.440] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|TN|") returned 4
[0197.440] lstrlenW (lpString="|tn|") returned 4
[0197.440] lstrlenW (lpString="|TN|") returned 4
[0197.440] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|"
[0197.440] RtlRestoreLastWin32Error () returned 0x0
[0197.440] RtlRestoreLastWin32Error () returned 0x0
[0197.440] lstrlenW (lpString="Updates\\gfLnSNNH") returned 16
[0197.440] lstrlenW (lpString="-/") returned 2
[0197.440] StrChrIW (lpStart="-/", wMatch=0x30055) returned 0x0
[0197.440] RtlRestoreLastWin32Error () returned 0x490
[0197.440] RtlRestoreLastWin32Error () returned 0x490
[0197.440] RtlRestoreLastWin32Error () returned 0x0
[0197.440] lstrlenW (lpString="Updates\\gfLnSNNH") returned 16
[0197.440] StrChrIW (lpStart="Updates\\gfLnSNNH", wMatch=0x3a) returned 0x0
[0197.440] RtlRestoreLastWin32Error () returned 0x490
[0197.440] RtlRestoreLastWin32Error () returned 0x0
[0197.441] lstrlenW (lpString="Updates\\gfLnSNNH") returned 16
[0197.441] RtlRestoreLastWin32Error () returned 0x0
[0197.441] RtlRestoreLastWin32Error () returned 0x0
[0197.441] lstrlenW (lpString="/XML") returned 4
[0197.441] lstrlenW (lpString="-/") returned 2
[0197.441] StrChrIW (lpStart="-/", wMatch=0x3002f) returned="/"
[0197.441] lstrlenW (lpString="create") returned 6
[0197.441] lstrlenW (lpString="create") returned 6
[0197.441] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.441] lstrlenW (lpString="XML") returned 3
[0197.441] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.441] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x9, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|create|") returned 8
[0197.441] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.441] lstrlenW (lpString="|create|") returned 8
[0197.441] lstrlenW (lpString="|XML|") returned 5
[0197.441] StrStrIW (lpFirst="|create|", lpSrch="|XML|") returned 0x0
[0197.441] RtlRestoreLastWin32Error () returned 0x490
[0197.441] lstrlenW (lpString="?") returned 1
[0197.441] lstrlenW (lpString="?") returned 1
[0197.441] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.441] lstrlenW (lpString="XML") returned 3
[0197.441] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.441] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|?|") returned 3
[0197.441] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.441] lstrlenW (lpString="|?|") returned 3
[0197.441] lstrlenW (lpString="|XML|") returned 5
[0197.441] RtlRestoreLastWin32Error () returned 0x490
[0197.443] lstrlenW (lpString="s") returned 1
[0197.443] lstrlenW (lpString="s") returned 1
[0197.478] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.478] lstrlenW (lpString="XML") returned 3
[0197.478] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.478] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|s|") returned 3
[0197.478] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.478] lstrlenW (lpString="|s|") returned 3
[0197.478] lstrlenW (lpString="|XML|") returned 5
[0197.478] RtlRestoreLastWin32Error () returned 0x490
[0197.478] lstrlenW (lpString="u") returned 1
[0197.478] lstrlenW (lpString="u") returned 1
[0197.478] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.478] lstrlenW (lpString="XML") returned 3
[0197.478] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.478] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|u|") returned 3
[0197.478] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.478] lstrlenW (lpString="|u|") returned 3
[0197.478] lstrlenW (lpString="|XML|") returned 5
[0197.478] RtlRestoreLastWin32Error () returned 0x490
[0197.478] lstrlenW (lpString="p") returned 1
[0197.478] lstrlenW (lpString="p") returned 1
[0197.478] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.478] lstrlenW (lpString="XML") returned 3
[0197.478] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.478] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|p|") returned 3
[0197.478] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.478] lstrlenW (lpString="|p|") returned 3
[0197.478] lstrlenW (lpString="|XML|") returned 5
[0197.478] RtlRestoreLastWin32Error () returned 0x490
[0197.479] lstrlenW (lpString="ru") returned 2
[0197.479] lstrlenW (lpString="ru") returned 2
[0197.479] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.479] lstrlenW (lpString="XML") returned 3
[0197.479] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.479] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ru|") returned 4
[0197.479] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.479] lstrlenW (lpString="|ru|") returned 4
[0197.479] lstrlenW (lpString="|XML|") returned 5
[0197.479] RtlRestoreLastWin32Error () returned 0x490
[0197.479] lstrlenW (lpString="rp") returned 2
[0197.479] lstrlenW (lpString="rp") returned 2
[0197.479] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.479] lstrlenW (lpString="XML") returned 3
[0197.479] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.479] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|rp|") returned 4
[0197.479] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.479] lstrlenW (lpString="|rp|") returned 4
[0197.479] lstrlenW (lpString="|XML|") returned 5
[0197.479] RtlRestoreLastWin32Error () returned 0x490
[0197.479] lstrlenW (lpString="sc") returned 2
[0197.479] lstrlenW (lpString="sc") returned 2
[0197.479] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.479] lstrlenW (lpString="XML") returned 3
[0197.479] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.479] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sc|") returned 4
[0197.480] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.480] lstrlenW (lpString="|sc|") returned 4
[0197.480] lstrlenW (lpString="|XML|") returned 5
[0197.480] RtlRestoreLastWin32Error () returned 0x490
[0197.480] lstrlenW (lpString="mo") returned 2
[0197.480] lstrlenW (lpString="mo") returned 2
[0197.480] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.480] lstrlenW (lpString="XML") returned 3
[0197.480] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.480] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|mo|") returned 4
[0197.480] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.480] lstrlenW (lpString="|mo|") returned 4
[0197.480] lstrlenW (lpString="|XML|") returned 5
[0197.480] RtlRestoreLastWin32Error () returned 0x490
[0197.480] lstrlenW (lpString="d") returned 1
[0197.480] lstrlenW (lpString="d") returned 1
[0197.480] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.480] lstrlenW (lpString="XML") returned 3
[0197.480] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.480] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|d|") returned 3
[0197.480] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.480] lstrlenW (lpString="|d|") returned 3
[0197.480] lstrlenW (lpString="|XML|") returned 5
[0197.480] RtlRestoreLastWin32Error () returned 0x490
[0197.480] lstrlenW (lpString="m") returned 1
[0197.480] lstrlenW (lpString="m") returned 1
[0197.480] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.480] lstrlenW (lpString="XML") returned 3
[0197.480] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.480] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|m|") returned 3
[0197.481] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.481] lstrlenW (lpString="|m|") returned 3
[0197.481] lstrlenW (lpString="|XML|") returned 5
[0197.481] RtlRestoreLastWin32Error () returned 0x490
[0197.481] lstrlenW (lpString="i") returned 1
[0197.481] lstrlenW (lpString="i") returned 1
[0197.481] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.481] lstrlenW (lpString="XML") returned 3
[0197.481] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.481] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|i|") returned 3
[0197.481] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.481] lstrlenW (lpString="|i|") returned 3
[0197.481] lstrlenW (lpString="|XML|") returned 5
[0197.481] RtlRestoreLastWin32Error () returned 0x490
[0197.481] lstrlenW (lpString="tn") returned 2
[0197.481] lstrlenW (lpString="tn") returned 2
[0197.481] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.481] lstrlenW (lpString="XML") returned 3
[0197.481] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.481] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tn|") returned 4
[0197.481] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.481] lstrlenW (lpString="|tn|") returned 4
[0197.481] lstrlenW (lpString="|XML|") returned 5
[0197.481] RtlRestoreLastWin32Error () returned 0x490
[0197.481] lstrlenW (lpString="tr") returned 2
[0197.481] lstrlenW (lpString="tr") returned 2
[0197.481] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.481] lstrlenW (lpString="XML") returned 3
[0197.481] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|tr|") returned 4
[0197.482] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.482] lstrlenW (lpString="|tr|") returned 4
[0197.482] lstrlenW (lpString="|XML|") returned 5
[0197.482] RtlRestoreLastWin32Error () returned 0x490
[0197.482] lstrlenW (lpString="st") returned 2
[0197.482] lstrlenW (lpString="st") returned 2
[0197.482] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] lstrlenW (lpString="XML") returned 3
[0197.482] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|st|") returned 4
[0197.482] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.482] lstrlenW (lpString="|st|") returned 4
[0197.482] lstrlenW (lpString="|XML|") returned 5
[0197.482] RtlRestoreLastWin32Error () returned 0x490
[0197.482] lstrlenW (lpString="sd") returned 2
[0197.482] lstrlenW (lpString="sd") returned 2
[0197.482] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] lstrlenW (lpString="XML") returned 3
[0197.482] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|sd|") returned 4
[0197.482] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.482] lstrlenW (lpString="|sd|") returned 4
[0197.482] lstrlenW (lpString="|XML|") returned 5
[0197.482] RtlRestoreLastWin32Error () returned 0x490
[0197.482] lstrlenW (lpString="ed") returned 2
[0197.482] lstrlenW (lpString="ed") returned 2
[0197.482] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] lstrlenW (lpString="XML") returned 3
[0197.482] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.482] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ed|") returned 4
[0197.482] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.482] lstrlenW (lpString="|ed|") returned 4
[0197.482] lstrlenW (lpString="|XML|") returned 5
[0197.482] RtlRestoreLastWin32Error () returned 0x490
[0197.482] lstrlenW (lpString="it") returned 2
[0197.483] lstrlenW (lpString="it") returned 2
[0197.483] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] lstrlenW (lpString="XML") returned 3
[0197.483] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|it|") returned 4
[0197.483] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.483] lstrlenW (lpString="|it|") returned 4
[0197.483] lstrlenW (lpString="|XML|") returned 5
[0197.483] RtlRestoreLastWin32Error () returned 0x490
[0197.483] lstrlenW (lpString="et") returned 2
[0197.483] lstrlenW (lpString="et") returned 2
[0197.483] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] lstrlenW (lpString="XML") returned 3
[0197.483] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|et|") returned 4
[0197.483] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.483] lstrlenW (lpString="|et|") returned 4
[0197.483] lstrlenW (lpString="|XML|") returned 5
[0197.483] RtlRestoreLastWin32Error () returned 0x490
[0197.483] lstrlenW (lpString="k") returned 1
[0197.483] lstrlenW (lpString="k") returned 1
[0197.483] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] lstrlenW (lpString="XML") returned 3
[0197.483] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|k|") returned 3
[0197.483] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.483] lstrlenW (lpString="|k|") returned 3
[0197.483] lstrlenW (lpString="|XML|") returned 5
[0197.483] RtlRestoreLastWin32Error () returned 0x490
[0197.483] lstrlenW (lpString="du") returned 2
[0197.483] lstrlenW (lpString="du") returned 2
[0197.483] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] lstrlenW (lpString="XML") returned 3
[0197.483] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.483] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|du|") returned 4
[0197.484] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.484] lstrlenW (lpString="|du|") returned 4
[0197.484] lstrlenW (lpString="|XML|") returned 5
[0197.484] RtlRestoreLastWin32Error () returned 0x490
[0197.484] lstrlenW (lpString="ri") returned 2
[0197.484] lstrlenW (lpString="ri") returned 2
[0197.484] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.484] lstrlenW (lpString="XML") returned 3
[0197.484] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.484] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|ri|") returned 4
[0197.484] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.484] lstrlenW (lpString="|ri|") returned 4
[0197.484] lstrlenW (lpString="|XML|") returned 5
[0197.484] RtlRestoreLastWin32Error () returned 0x490
[0197.484] lstrlenW (lpString="z") returned 1
[0197.484] lstrlenW (lpString="z") returned 1
[0197.533] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.533] lstrlenW (lpString="XML") returned 3
[0197.533] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.533] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|z|") returned 3
[0197.533] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.533] lstrlenW (lpString="|z|") returned 3
[0197.533] lstrlenW (lpString="|XML|") returned 5
[0197.533] RtlRestoreLastWin32Error () returned 0x490
[0197.533] lstrlenW (lpString="f") returned 1
[0197.533] lstrlenW (lpString="f") returned 1
[0197.533] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.534] lstrlenW (lpString="XML") returned 3
[0197.534] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.534] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x4, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|f|") returned 3
[0197.534] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.534] lstrlenW (lpString="|f|") returned 3
[0197.534] lstrlenW (lpString="|XML|") returned 5
[0197.534] RtlRestoreLastWin32Error () returned 0x490
[0197.534] lstrlenW (lpString="v1") returned 2
[0197.534] lstrlenW (lpString="v1") returned 2
[0197.534] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.534] lstrlenW (lpString="XML") returned 3
[0197.534] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.534] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x5, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|v1|") returned 4
[0197.534] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.534] lstrlenW (lpString="|v1|") returned 4
[0197.534] lstrlenW (lpString="|XML|") returned 5
[0197.534] RtlRestoreLastWin32Error () returned 0x490
[0197.534] lstrlenW (lpString="xml") returned 3
[0197.534] lstrlenW (lpString="xml") returned 3
[0197.534] _memicmp (_Buf1=0x5074a0, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.534] lstrlenW (lpString="XML") returned 3
[0197.534] _memicmp (_Buf1=0x507308, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.534] _vsnwprintf (in: _Buffer=0x509398, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|xml|") returned 5
[0197.534] _vsnwprintf (in: _Buffer=0x5093b8, _BufferCount=0x6, _Format="|%s|", _ArgList=0xdcf48 | out: _Buffer="|XML|") returned 5
[0197.534] lstrlenW (lpString="|xml|") returned 5
[0197.534] lstrlenW (lpString="|XML|") returned 5
[0197.534] StrStrIW (lpFirst="|xml|", lpSrch="|XML|") returned="|xml|"
[0197.534] RtlRestoreLastWin32Error () returned 0x0
[0197.534] RtlRestoreLastWin32Error () returned 0x0
[0197.534] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.534] lstrlenW (lpString="-/") returned 2
[0197.535] StrChrIW (lpStart="-/", wMatch=0x30043) returned 0x0
[0197.535] RtlRestoreLastWin32Error () returned 0x490
[0197.535] RtlRestoreLastWin32Error () returned 0x490
[0197.535] RtlRestoreLastWin32Error () returned 0x0
[0197.535] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.535] StrChrIW (lpStart="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", wMatch=0x3a) returned=":\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp"
[0197.535] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.535] _memicmp (_Buf1=0x507320, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.535] _memicmp (_Buf1=0x50ac30, _Buf2=0xe72708, _Size=0x7) returned 0
[0197.535] RtlRestoreLastWin32Error () returned 0x7a
[0197.535] RtlRestoreLastWin32Error () returned 0x0
[0197.535] RtlRestoreLastWin32Error () returned 0x0
[0197.535] lstrlenW (lpString="C") returned 1
[0197.535] RtlRestoreLastWin32Error () returned 0x490
[0197.535] RtlRestoreLastWin32Error () returned 0x0
[0197.535] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.535] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.535] GetProcessHeap () returned 0x500000
[0197.535] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x6a) returned 0x50add0
[0197.535] RtlRestoreLastWin32Error () returned 0x0
[0197.535] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0197.535] RtlRestoreLastWin32Error () returned 0x0
[0197.535] GetProcessHeap () returned 0x500000
[0197.535] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x1fc) returned 0x509da8
[0197.536] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0197.541] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0
[0197.552] CoCreateInstance (in: rclsid=0xe726c0*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0xe726d0*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xdd39c | out: ppv=0xdd39c*=0x33758) returned 0x0
[0197.803] TaskScheduler:ITaskService:Connect (This=0x33758, serverName=0xdd34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xdd35c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xdd36c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xdd37c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0
[0197.855] TaskScheduler:ITaskService:GetFolder (in: This=0x33758, Path=0x0, ppFolder=0xdd464 | out: ppFolder=0xdd464*=0x33880) returned 0x0
[0197.857] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\temp\\tmpa573.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x5, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8000080, hTemplateFile=0x0) returned 0x128
[0197.857] GetFileSizeEx (in: hFile=0x128, lpFileSize=0xdcd7c | out: lpFileSize=0xdcd7c*=1596) returned 1
[0197.857] ReadFile (in: hFile=0x128, lpBuffer=0xdcd8c, nNumberOfBytesToRead=0x2, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0xdcd8c*, lpNumberOfBytesRead=0xdcd88*=0x2, lpOverlapped=0x0) returned 1
[0197.858] SetFilePointer (in: hFile=0x128, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x0
[0197.858] malloc (_Size=0x63d) returned 0x338d0
[0197.858] ReadFile (in: hFile=0x128, lpBuffer=0x338d0, nNumberOfBytesToRead=0x63d, lpNumberOfBytesRead=0xdcd88, lpOverlapped=0x0 | out: lpBuffer=0x338d0*, lpNumberOfBytesRead=0xdcd88*=0x63c, lpOverlapped=0x0) returned 1
[0197.858] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x338d0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 1597
[0197.858] MultiByteToWideChar (in: CodePage=0x3, dwFlags=0x0, lpMultiByteStr=0x338d0, cbMultiByte=-1, lpWideCharStr=0x51ab2c, cchWideChar=1597 | out: lpWideCharStr="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\n \n \n") returned 1597
[0197.858] SysStringLen (param_1="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\n \n \n") returned 0x63c
[0197.858] VarBstrCat (in: bstrLeft=0x0, bstrRight="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\n \n \n", pbstrResult=0xdcd2c | out: pbstrResult=0xdcd2c) returned 0x0
[0197.859] free (_Block=0x338d0)
[0197.859] CloseHandle (hObject=0x128) returned 1
[0197.860] lstrlenW (lpString="") returned 0
[0197.860] malloc (_Size=0xc) returned 0x33830
[0197.860] SysStringLen (param_1="") returned 0x0
[0197.860] free (_Block=0x33830)
[0197.860] lstrlenW (lpString="") returned 0
[0197.860] ITaskFolder:RegisterTask (in: This=0x33880, Path="Updates\\gfLnSNNH", XmlText="\n\n \n 2014-10-25T14:27:44.8929027\n XC64ZB\\RDhJ0CNFevzX\n \n \n \n true\n XC64ZB\\RDhJ0CNFevzX\n \n \n false\n \n \n \n \n XC64ZB\\RDhJ0CNFevzX\n InteractiveToken\n LeastPrivilege\n \n \n \n StopExisting\n false\n true\n false\n true\n false\n \n true\n false\n \n true\n true\n false\n false\n false\n PT0S\n 7\n \n \n \n C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\gfLnSNNH.exe\n \n \n", flags=2, UserId=0xdcd60*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="", varVal2=0x0), password=0xdcd70*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), LogonType=0, sddl=0xdcd84*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), ppTask=0xdcde0 | out: ppTask=0xdcde0*=0x338d0) returned 0x0
[0198.575] GetProcessHeap () returned 0x500000
[0198.575] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x14) returned 0x511ea0
[0198.575] _memicmp (_Buf1=0x507428, _Buf2=0xe72708, _Size=0x7) returned 0
[0198.575] LoadStringW (in: hInstance=0x0, uID=0x12e, lpBuffer=0x50a788, cchBufferMax=256 | out: lpBuffer="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 0x40
[0198.576] lstrlenW (lpString="SUCCESS: The scheduled task \"%s\" has successfully been created.\n") returned 64
[0198.576] GetProcessHeap () returned 0x500000
[0198.576] RtlAllocateHeap (HeapHandle=0x500000, Flags=0xc, Size=0x82) returned 0x5198e0
[0198.576] _vsnwprintf (in: _Buffer=0xdcdf8, _BufferCount=0x1fb, _Format="SUCCESS: The scheduled task \"%s\" has successfully been created.\n", _ArgList=0xdcd94 | out: _Buffer="SUCCESS: The scheduled task \"Updates\\gfLnSNNH\" has successfully been created.\n") returned 78
[0198.576] __iob_func () returned 0x76621208
[0198.576] _fileno (_File=0x76621228) returned 1
[0198.576] _errno () returned 0x305b0
[0198.576] _get_osfhandle (_FileHandle=1) returned 0x3c
[0198.576] _errno () returned 0x305b0
[0198.576] GetFileType (hFile=0x3c) returned 0x2
[0198.576] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0198.576] GetFileType (hFile=0x3c) returned 0x2
[0198.576] GetConsoleMode (in: hConsoleHandle=0x3c, lpMode=0xdcd68 | out: lpMode=0xdcd68) returned 1
[0198.653] __iob_func () returned 0x76621208
[0198.653] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3c
[0198.653] lstrlenW (lpString="SUCCESS: The scheduled task \"Updates\\gfLnSNNH\" has successfully been created.\n") returned 78
[0198.653] WriteConsoleW (in: hConsoleOutput=0x3c, lpBuffer=0xdcdf8*, nNumberOfCharsToWrite=0x4e, lpNumberOfCharsWritten=0xdcd8c, lpReserved=0x0 | out: lpBuffer=0xdcdf8*, lpNumberOfCharsWritten=0xdcd8c*=0x4e) returned 1
[0198.728] IUnknown:Release (This=0x338d0) returned 0x0
[0198.729] TaskScheduler:IUnknown:Release (This=0x33880) returned 0x0
[0198.729] TaskScheduler:IUnknown:Release (This=0x33758) returned 0x0
[0198.729] lstrlenW (lpString="") returned 0
[0198.729] lstrlenW (lpString="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp") returned 52
[0198.729] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Temp\\tmpA573.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53
[0198.729] GetProcessHeap () returned 0x500000
[0198.729] GetProcessHeap () returned 0x500000
[0198.729] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509da8) returned 1
[0198.729] GetProcessHeap () returned 0x500000
[0198.729] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509da8) returned 0x1fc
[0198.730] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509da8) returned 1
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x50add0) returned 1
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x50add0) returned 0x6a
[0198.730] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50add0) returned 1
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509678) returned 1
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509678) returned 0x16
[0198.730] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509678) returned 1
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] GetProcessHeap () returned 0x500000
[0198.730] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x50aca8) returned 1
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x50aca8) returned 0x10
[0198.731] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50aca8) returned 1
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5093d8) returned 1
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5093d8) returned 0x14
[0198.731] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5093d8) returned 1
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5069d0) returned 1
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5069d0) returned 0xa0
[0198.731] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5069d0) returned 1
[0198.731] GetProcessHeap () returned 0x500000
[0198.731] GetProcessHeap () returned 0x500000
[0198.732] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5073f8) returned 1
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5073f8) returned 0x10
[0198.732] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5073f8) returned 1
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509638) returned 1
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509638) returned 0x14
[0198.732] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509638) returned 1
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5070c0) returned 1
[0198.732] GetProcessHeap () returned 0x500000
[0198.732] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5070c0) returned 0x6e
[0198.732] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5070c0) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x50ac30) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x50ac30) returned 0x10
[0198.733] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50ac30) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509338) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509338) returned 0x14
[0198.733] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509338) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507350) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.733] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507350) returned 0xc
[0198.733] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507350) returned 1
[0198.733] GetProcessHeap () returned 0x500000
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507320) returned 1
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507320) returned 0x10
[0198.734] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507320) returned 1
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509558) returned 1
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509558) returned 0x14
[0198.734] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509558) returned 1
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x508cd0) returned 1
[0198.734] GetProcessHeap () returned 0x500000
[0198.734] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x508cd0) returned 0x208
[0198.734] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x508cd0) returned 1
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507440) returned 1
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507440) returned 0x10
[0198.735] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507440) returned 1
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5094f8) returned 1
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5094f8) returned 0x14
[0198.735] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5094f8) returned 1
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x50a788) returned 1
[0198.735] GetProcessHeap () returned 0x500000
[0198.735] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x50a788) returned 0x200
[0198.736] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50a788) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507428) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507428) returned 0x10
[0198.736] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507428) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509458) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509458) returned 0x14
[0198.736] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509458) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5093b8) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5093b8) returned 0x14
[0198.736] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5093b8) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507308) returned 1
[0198.736] GetProcessHeap () returned 0x500000
[0198.736] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507308) returned 0x10
[0198.737] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507308) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x502778) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x502778) returned 0x14
[0198.737] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x502778) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509398) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509398) returned 0x16
[0198.737] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509398) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5074a0) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5074a0) returned 0x10
[0198.737] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5074a0) returned 1
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] GetProcessHeap () returned 0x500000
[0198.737] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506608) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506608) returned 0x14
[0198.738] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506608) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x500598) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x500598) returned 0x2
[0198.738] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x500598) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506e38) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506e38) returned 0x14
[0198.738] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506e38) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506c00) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506c00) returned 0x14
[0198.738] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506c00) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506c20) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.738] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506c20) returned 0x14
[0198.738] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506c20) returned 1
[0198.738] GetProcessHeap () returned 0x500000
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506c40) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506c40) returned 0x14
[0198.739] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506c40) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5095b8) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5095b8) returned 0x14
[0198.739] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5095b8) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509378) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509378) returned 0x14
[0198.739] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509378) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506a78) returned 1
[0198.739] GetProcessHeap () returned 0x500000
[0198.739] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506a78) returned 0x30
[0198.740] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506a78) returned 1
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509538) returned 1
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509538) returned 0x14
[0198.740] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509538) returned 1
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x50ad98) returned 1
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x50ad98) returned 0x30
[0198.740] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x50ad98) returned 1
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5094b8) returned 1
[0198.740] GetProcessHeap () returned 0x500000
[0198.740] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5094b8) returned 0x14
[0198.740] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5094b8) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5198e0) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5198e0) returned 0x82
[0198.741] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5198e0) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x511ea0) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x511ea0) returned 0x14
[0198.741] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x511ea0) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507410) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507410) returned 0x10
[0198.741] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507410) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] GetProcessHeap () returned 0x500000
[0198.741] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506830) returned 1
[0198.741] GetProcessHeap () returned 0x500000
[0198.742] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506830) returned 0x14
[0198.742] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506830) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506850) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506850) returned 0x14
[0198.742] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506850) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x506870) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x506870) returned 0x14
[0198.742] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x506870) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5065c8) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5065c8) returned 0x14
[0198.742] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5065c8) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5073c8) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5073c8) returned 0x10
[0198.742] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5073c8) returned 1
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] GetProcessHeap () returned 0x500000
[0198.742] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5065e8) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5065e8) returned 0x14
[0198.743] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5065e8) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x502798) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x502798) returned 0x14
[0198.743] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x502798) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509358) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509358) returned 0x14
[0198.743] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509358) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509498) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509498) returned 0x14
[0198.743] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509498) returned 1
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] GetProcessHeap () returned 0x500000
[0198.743] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509658) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509658) returned 0x14
[0198.744] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509658) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x509318) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x509318) returned 0x14
[0198.744] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x509318) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x507470) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x507470) returned 0x10
[0198.744] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x507470) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5027b8) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5027b8) returned 0x14
[0198.744] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5027b8) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] HeapValidate (hHeap=0x500000, dwFlags=0x0, lpMem=0x5073e0) returned 1
[0198.744] GetProcessHeap () returned 0x500000
[0198.744] RtlSizeHeap (HeapHandle=0x500000, Flags=0x0, MemoryPointer=0x5073e0) returned 0x10
[0198.744] RtlFreeHeap (HeapHandle=0x500000, Flags=0x0, BaseAddress=0x5073e0) returned 1
[0198.745] exit (_Code=0)
Thread:
id = 23
os_tid = 0x634
Process:
id = "5"
image_name = "conhost.exe"
filename = "c:\\windows\\system32\\conhost.exe"
page_root = "0x30822000"
os_pid = "0xb60"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "4"
os_parent_pid = "0xbfc"
cmd_line = "\\??\\C:\\Windows\\system32\\conhost.exe 0xffffffff -ForceV1"
cur_dir = "C:\\Windows"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 752
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 753
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 754
start_va = 0x50000
end_va = 0x8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 755
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 756
start_va = 0x400000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 757
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 758
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 759
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 760
start_va = 0x7ff78ce40000
end_va = 0x7ff78ce50fff
monitored = 0
entry_point = 0x7ff78ce416b0
region_type = mapped_file
name = "conhost.exe"
filename = "\\Windows\\System32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")
Region:
id = 761
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 762
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 763
start_va = 0xc0000
end_va = 0x1bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000c0000"
filename = ""
Region:
id = 764
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 765
start_va = 0x7ff881ed0000
end_va = 0x7ff8820b7fff
monitored = 0
entry_point = 0x7ff881efba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 766
start_va = 0x7ff884c10000
end_va = 0x7ff884cbcfff
monitored = 0
entry_point = 0x7ff884c281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 767
start_va = 0x600000
end_va = 0x6bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 768
start_va = 0x7ff882220000
end_va = 0x7ff8822bcfff
monitored = 0
entry_point = 0x7ff8822278a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 769
start_va = 0x1c0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 770
start_va = 0x6c0000
end_va = 0x87ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006c0000"
filename = ""
Region:
id = 771
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 772
start_va = 0x7ff87ae40000
end_va = 0x7ff87ae98fff
monitored = 0
entry_point = 0x7ff87ae4fbf0
region_type = mapped_file
name = "conhostv2.dll"
filename = "\\Windows\\System32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")
Region:
id = 773
start_va = 0x90000
end_va = 0x90fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000090000"
filename = ""
Region:
id = 774
start_va = 0x7ff8822c0000
end_va = 0x7ff88253cfff
monitored = 0
entry_point = 0x7ff882394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 775
start_va = 0x7ff883bf0000
end_va = 0x7ff883d0bfff
monitored = 0
entry_point = 0x7ff883c302b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 776
start_va = 0x7ff881d50000
end_va = 0x7ff881db9fff
monitored = 0
entry_point = 0x7ff881d86d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 777
start_va = 0x7ff8820c0000
end_va = 0x7ff882215fff
monitored = 0
entry_point = 0x7ff8820ca8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 778
start_va = 0x7ff884a10000
end_va = 0x7ff884b95fff
monitored = 0
entry_point = 0x7ff884a5ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 779
start_va = 0xa0000
end_va = 0xa6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 780
start_va = 0x7ff8842c0000
end_va = 0x7ff884402fff
monitored = 0
entry_point = 0x7ff8842e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 781
start_va = 0x7ff882550000
end_va = 0x7ff8825aafff
monitored = 0
entry_point = 0x7ff8825638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 782
start_va = 0x7ff8849d0000
end_va = 0x7ff884a0afff
monitored = 0
entry_point = 0x7ff8849d12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 783
start_va = 0x7ff884410000
end_va = 0x7ff8844d0fff
monitored = 0
entry_point = 0x7ff884430da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 784
start_va = 0x7ff87f8e0000
end_va = 0x7ff87fa65fff
monitored = 0
entry_point = 0x7ff87f92d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 785
start_va = 0xb0000
end_va = 0xb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000b0000"
filename = ""
Region:
id = 786
start_va = 0x6c0000
end_va = 0x847fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Region:
id = 787
start_va = 0x850000
end_va = 0x850fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000850000"
filename = ""
Region:
id = 788
start_va = 0x870000
end_va = 0x87ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 789
start_va = 0x880000
end_va = 0xa00fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000880000"
filename = ""
Region:
id = 790
start_va = 0xa10000
end_va = 0x1e0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a10000"
filename = ""
Region:
id = 791
start_va = 0x1e10000
end_va = 0x1e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 796
start_va = 0x1e10000
end_va = 0x1e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e10000"
filename = ""
Region:
id = 797
start_va = 0x1e80000
end_va = 0x1e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e80000"
filename = ""
Region:
id = 798
start_va = 0x7ff8812e0000
end_va = 0x7ff88132afff
monitored = 0
entry_point = 0x7ff8812e35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 799
start_va = 0x7ff881330000
end_va = 0x7ff88133efff
monitored = 0
entry_point = 0x7ff881333210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 800
start_va = 0x7ff881340000
end_va = 0x7ff881353fff
monitored = 0
entry_point = 0x7ff8813452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 801
start_va = 0x7ff881370000
end_va = 0x7ff8813b2fff
monitored = 0
entry_point = 0x7ff881384b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 802
start_va = 0x7ff881620000
end_va = 0x7ff881c63fff
monitored = 0
entry_point = 0x7ff8817e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 803
start_va = 0x7ff881c70000
end_va = 0x7ff881d24fff
monitored = 0
entry_point = 0x7ff881cb22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 804
start_va = 0x7ff8825b0000
end_va = 0x7ff883b0efff
monitored = 0
entry_point = 0x7ff8827111f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 805
start_va = 0x7ff884920000
end_va = 0x7ff8849c6fff
monitored = 0
entry_point = 0x7ff8849358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 806
start_va = 0x7ff884bb0000
end_va = 0x7ff884c01fff
monitored = 0
entry_point = 0x7ff884bbf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 807
start_va = 0x7ff87fc60000
end_va = 0x7ff87fcf5fff
monitored = 0
entry_point = 0x7ff87fc85570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 808
start_va = 0x1e90000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Region:
id = 809
start_va = 0x2060000
end_va = 0x2396fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 812
start_va = 0x23a0000
end_va = 0x25bdfff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023a0000"
filename = ""
Region:
id = 813
start_va = 0x25c0000
end_va = 0x27d2fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025c0000"
filename = ""
Region:
id = 818
start_va = 0x1e90000
end_va = 0x1fa7fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Region:
id = 819
start_va = 0x2050000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002050000"
filename = ""
Region:
id = 820
start_va = 0x27e0000
end_va = 0x29f9fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000027e0000"
filename = ""
Region:
id = 821
start_va = 0x2a00000
end_va = 0x2b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 832
start_va = 0x1fb0000
end_va = 0x1feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fb0000"
filename = ""
Region:
id = 833
start_va = 0x7ff883ec0000
end_va = 0x7ff884019fff
monitored = 0
entry_point = 0x7ff883f038e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 834
start_va = 0x50000
end_va = 0x50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 835
start_va = 0x2b10000
end_va = 0x2bcbfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002b10000"
filename = ""
Region:
id = 836
start_va = 0x50000
end_va = 0x53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000050000"
filename = ""
Region:
id = 837
start_va = 0x7ff87eb60000
end_va = 0x7ff87eb81fff
monitored = 0
entry_point = 0x7ff87eb61a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 838
start_va = 0x7ff87fad0000
end_va = 0x7ff87fae2fff
monitored = 0
entry_point = 0x7ff87fad2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 839
start_va = 0x7ff8810f0000
end_va = 0x7ff881145fff
monitored = 0
entry_point = 0x7ff881100bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 844
start_va = 0x60000
end_va = 0x66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 845
start_va = 0x70000
end_va = 0x70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000070000"
filename = ""
Region:
id = 846
start_va = 0x80000
end_va = 0x80fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000080000"
filename = ""
Region:
id = 847
start_va = 0x860000
end_va = 0x861fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000860000"
filename = ""
Region:
id = 848
start_va = 0x1e50000
end_va = 0x1e50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001e50000"
filename = ""
Region:
id = 849
start_va = 0x1e60000
end_va = 0x1e64fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 850
start_va = 0x1e70000
end_va = 0x1e70fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "conhostv2.dll.mui"
filename = "\\Windows\\System32\\en-US\\ConhostV2.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\conhostv2.dll.mui")
Region:
id = 851
start_va = 0x1ff0000
end_va = 0x1ff1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001ff0000"
filename = ""
Region:
id = 852
start_va = 0x7ff875c70000
end_va = 0x7ff875ee3fff
monitored = 0
entry_point = 0x7ff875ce0400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 853
start_va = 0x2000000
end_va = 0x2000fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "windowsshell.manifest"
filename = "\\Windows\\WindowsShell.Manifest" (normalized: "c:\\windows\\windowsshell.manifest")
Region:
id = 854
start_va = 0x2010000
end_va = 0x2011fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002010000"
filename = ""
Thread:
id = 18
os_tid = 0xb70
Thread:
id = 19
os_tid = 0x6bc
Thread:
id = 20
os_tid = 0x13e0
Thread:
id = 22
os_tid = 0x13d8
Process:
id = "6"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x75524000"
os_pid = "0x360"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "4"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac2c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 912
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 913
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 914
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 915
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 916
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 917
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 918
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 919
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 920
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 921
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 922
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 923
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 924
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 925
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 926
start_va = 0x410000
end_va = 0x410fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 927
start_va = 0x440000
end_va = 0x441fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 928
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 929
start_va = 0x490000
end_va = 0x496fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 930
start_va = 0x4b0000
end_va = 0x4b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004b0000"
filename = ""
Region:
id = 931
start_va = 0x4c0000
end_va = 0x4c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004c0000"
filename = ""
Region:
id = 932
start_va = 0x4d0000
end_va = 0x4d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004d0000"
filename = ""
Region:
id = 933
start_va = 0x4e0000
end_va = 0x4e1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004e0000"
filename = ""
Region:
id = 934
start_va = 0x4f0000
end_va = 0x4f3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 935
start_va = 0x500000
end_va = 0x503fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 936
start_va = 0x510000
end_va = 0x516fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 937
start_va = 0x520000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 938
start_va = 0x5e0000
end_va = 0x5e6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 939
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 940
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 941
start_va = 0x800000
end_va = 0x987fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000800000"
filename = ""
Region:
id = 942
start_va = 0x990000
end_va = 0xb10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000990000"
filename = ""
Region:
id = 943
start_va = 0xb20000
end_va = 0xf1afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b20000"
filename = ""
Region:
id = 944
start_va = 0xf20000
end_va = 0xf9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f20000"
filename = ""
Region:
id = 945
start_va = 0xfa0000
end_va = 0x109ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000fa0000"
filename = ""
Region:
id = 946
start_va = 0x10c0000
end_va = 0x10c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000010c0000"
filename = ""
Region:
id = 947
start_va = 0x1100000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 948
start_va = 0x1200000
end_va = 0x124efff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001200000"
filename = ""
Region:
id = 949
start_va = 0x1280000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001280000"
filename = ""
Region:
id = 950
start_va = 0x1300000
end_va = 0x137ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 951
start_va = 0x13a0000
end_va = 0x13a6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000013a0000"
filename = ""
Region:
id = 952
start_va = 0x13b0000
end_va = 0x13f4fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 953
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 954
start_va = 0x1500000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 955
start_va = 0x1600000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 956
start_va = 0x1700000
end_va = 0x1a36fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 957
start_va = 0x1a40000
end_va = 0x1b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a40000"
filename = ""
Region:
id = 958
start_va = 0x1b40000
end_va = 0x1c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 959
start_va = 0x1c40000
end_va = 0x1cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c40000"
filename = ""
Region:
id = 960
start_va = 0x1cc0000
end_va = 0x1d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001cc0000"
filename = ""
Region:
id = 961
start_va = 0x1d40000
end_va = 0x1e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d40000"
filename = ""
Region:
id = 962
start_va = 0x1e40000
end_va = 0x1f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e40000"
filename = ""
Region:
id = 963
start_va = 0x1f40000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 964
start_va = 0x2000000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 965
start_va = 0x2100000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 966
start_va = 0x2180000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 967
start_va = 0x2200000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 968
start_va = 0x2300000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 969
start_va = 0x2400000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 970
start_va = 0x2500000
end_va = 0x25dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 971
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 972
start_va = 0x2700000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 973
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 974
start_va = 0x2900000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 975
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 976
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 977
start_va = 0x2c00000
end_va = 0x2cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 978
start_va = 0x2d00000
end_va = 0x2d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 979
start_va = 0x2d80000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d80000"
filename = ""
Region:
id = 980
start_va = 0x2e00000
end_va = 0x2efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e00000"
filename = ""
Region:
id = 981
start_va = 0x2f00000
end_va = 0x2f7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f00000"
filename = ""
Region:
id = 982
start_va = 0x2f80000
end_va = 0x300dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 983
start_va = 0x3010000
end_va = 0x308ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003010000"
filename = ""
Region:
id = 984
start_va = 0x3170000
end_va = 0x3176fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003170000"
filename = ""
Region:
id = 985
start_va = 0x3200000
end_va = 0x32fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003200000"
filename = ""
Region:
id = 986
start_va = 0x3300000
end_va = 0x33fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003300000"
filename = ""
Region:
id = 987
start_va = 0x3600000
end_va = 0x36fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003600000"
filename = ""
Region:
id = 988
start_va = 0x3900000
end_va = 0x39fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003900000"
filename = ""
Region:
id = 989
start_va = 0x3a00000
end_va = 0x3afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a00000"
filename = ""
Region:
id = 990
start_va = 0x3b00000
end_va = 0x3bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b00000"
filename = ""
Region:
id = 991
start_va = 0x3c00000
end_va = 0x3cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 992
start_va = 0x3d00000
end_va = 0x3dfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003d00000"
filename = ""
Region:
id = 993
start_va = 0x3e10000
end_va = 0x3e16fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e10000"
filename = ""
Region:
id = 994
start_va = 0x3e20000
end_va = 0x3f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e20000"
filename = ""
Region:
id = 995
start_va = 0x3fe0000
end_va = 0x3fe6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003fe0000"
filename = ""
Region:
id = 996
start_va = 0x3ff0000
end_va = 0x40effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ff0000"
filename = ""
Region:
id = 997
start_va = 0x40f0000
end_va = 0x41effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040f0000"
filename = ""
Region:
id = 998
start_va = 0x41f0000
end_va = 0x42effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000041f0000"
filename = ""
Region:
id = 999
start_va = 0x42f0000
end_va = 0x43effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000042f0000"
filename = ""
Region:
id = 1000
start_va = 0x43f0000
end_va = 0x44effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043f0000"
filename = ""
Region:
id = 1001
start_va = 0x44f0000
end_va = 0x45effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000044f0000"
filename = ""
Region:
id = 1002
start_va = 0x4680000
end_va = 0x4686fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004680000"
filename = ""
Region:
id = 1003
start_va = 0x4700000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 1004
start_va = 0x4800000
end_va = 0x48fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 1005
start_va = 0x4900000
end_va = 0x49fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004900000"
filename = ""
Region:
id = 1006
start_va = 0x4a00000
end_va = 0x4afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a00000"
filename = ""
Region:
id = 1007
start_va = 0x4b00000
end_va = 0x4bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004b00000"
filename = ""
Region:
id = 1008
start_va = 0x4c00000
end_va = 0x4cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c00000"
filename = ""
Region:
id = 1009
start_va = 0x4d00000
end_va = 0x4dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d00000"
filename = ""
Region:
id = 1010
start_va = 0x4e10000
end_va = 0x4e11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004e10000"
filename = ""
Region:
id = 1011
start_va = 0x4e20000
end_va = 0x4e26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e20000"
filename = ""
Region:
id = 1012
start_va = 0x4e30000
end_va = 0x4e31fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "activeds.dll.mui"
filename = "\\Windows\\System32\\en-US\\activeds.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\activeds.dll.mui")
Region:
id = 1013
start_va = 0x4e50000
end_va = 0x4e54fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll"
filename = "\\Windows\\System32\\winnlsres.dll" (normalized: "c:\\windows\\system32\\winnlsres.dll")
Region:
id = 1014
start_va = 0x4e60000
end_va = 0x4f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e60000"
filename = ""
Region:
id = 1015
start_va = 0x5100000
end_va = 0x51fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005100000"
filename = ""
Region:
id = 1016
start_va = 0x5200000
end_va = 0x52fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005200000"
filename = ""
Region:
id = 1017
start_va = 0x5300000
end_va = 0x53fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005300000"
filename = ""
Region:
id = 1018
start_va = 0x5400000
end_va = 0x54fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005400000"
filename = ""
Region:
id = 1019
start_va = 0x5500000
end_va = 0x55fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005500000"
filename = ""
Region:
id = 1020
start_va = 0x5600000
end_va = 0x56fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005600000"
filename = ""
Region:
id = 1021
start_va = 0x5700000
end_va = 0x57fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005700000"
filename = ""
Region:
id = 1022
start_va = 0x5880000
end_va = 0x588ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "winnlsres.dll.mui"
filename = "\\Windows\\System32\\en-US\\winnlsres.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\winnlsres.dll.mui")
Region:
id = 1023
start_va = 0x5890000
end_va = 0x598ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005890000"
filename = ""
Region:
id = 1024
start_va = 0x5990000
end_va = 0x5a8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005990000"
filename = ""
Region:
id = 1025
start_va = 0x5af0000
end_va = 0x5beffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005af0000"
filename = ""
Region:
id = 1026
start_va = 0x5bf0000
end_va = 0x5ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005bf0000"
filename = ""
Region:
id = 1027
start_va = 0x5cf0000
end_va = 0x5deffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005cf0000"
filename = ""
Region:
id = 1028
start_va = 0x5e70000
end_va = 0x5f6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005e70000"
filename = ""
Region:
id = 1029
start_va = 0x5f70000
end_va = 0x5feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005f70000"
filename = ""
Region:
id = 1030
start_va = 0x5ff0000
end_va = 0x606ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000005ff0000"
filename = ""
Region:
id = 1031
start_va = 0x6070000
end_va = 0x616ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006070000"
filename = ""
Region:
id = 1032
start_va = 0x6170000
end_va = 0x626ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006170000"
filename = ""
Region:
id = 1033
start_va = 0x62d0000
end_va = 0x62d6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000062d0000"
filename = ""
Region:
id = 1034
start_va = 0x6300000
end_va = 0x63fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006300000"
filename = ""
Region:
id = 1035
start_va = 0x6400000
end_va = 0x64fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006400000"
filename = ""
Region:
id = 1036
start_va = 0x6500000
end_va = 0x65fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006500000"
filename = ""
Region:
id = 1037
start_va = 0x6600000
end_va = 0x66fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006600000"
filename = ""
Region:
id = 1038
start_va = 0x6700000
end_va = 0x67fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006700000"
filename = ""
Region:
id = 1039
start_va = 0x6800000
end_va = 0x68fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006800000"
filename = ""
Region:
id = 1040
start_va = 0x6900000
end_va = 0x69fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006900000"
filename = ""
Region:
id = 1041
start_va = 0x6a00000
end_va = 0x6afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006a00000"
filename = ""
Region:
id = 1042
start_va = 0x6b00000
end_va = 0x6bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006b00000"
filename = ""
Region:
id = 1043
start_va = 0x6c00000
end_va = 0x6cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006c00000"
filename = ""
Region:
id = 1044
start_va = 0x6d00000
end_va = 0x6dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006d00000"
filename = ""
Region:
id = 1045
start_va = 0x6e00000
end_va = 0x6efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006e00000"
filename = ""
Region:
id = 1046
start_va = 0x6f00000
end_va = 0x6ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000006f00000"
filename = ""
Region:
id = 1047
start_va = 0x7000000
end_va = 0x70fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007000000"
filename = ""
Region:
id = 1048
start_va = 0x7100000
end_va = 0x71fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007100000"
filename = ""
Region:
id = 1049
start_va = 0x7200000
end_va = 0x72fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007200000"
filename = ""
Region:
id = 1050
start_va = 0x7300000
end_va = 0x73fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007300000"
filename = ""
Region:
id = 1051
start_va = 0x7400000
end_va = 0x74fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007400000"
filename = ""
Region:
id = 1052
start_va = 0x7550000
end_va = 0x7550fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usocore.dll.mui"
filename = "\\Windows\\System32\\en-US\\usocore.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\usocore.dll.mui")
Region:
id = 1053
start_va = 0x7560000
end_va = 0x7561fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007560000"
filename = ""
Region:
id = 1054
start_va = 0x7600000
end_va = 0x76fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007600000"
filename = ""
Region:
id = 1055
start_va = 0x7820000
end_va = 0x791ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007820000"
filename = ""
Region:
id = 1056
start_va = 0x7a00000
end_va = 0x7afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a00000"
filename = ""
Region:
id = 1057
start_va = 0x7d20000
end_va = 0x7e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007d20000"
filename = ""
Region:
id = 1058
start_va = 0x7f00000
end_va = 0x7ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f00000"
filename = ""
Region:
id = 1059
start_va = 0x8500000
end_va = 0x85fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008500000"
filename = ""
Region:
id = 1060
start_va = 0x8600000
end_va = 0x86fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008600000"
filename = ""
Region:
id = 1061
start_va = 0x8700000
end_va = 0x87fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008700000"
filename = ""
Region:
id = 1062
start_va = 0x8800000
end_va = 0x88fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008800000"
filename = ""
Region:
id = 1063
start_va = 0x8900000
end_va = 0x89fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008900000"
filename = ""
Region:
id = 1064
start_va = 0x9b10000
end_va = 0x9c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009b10000"
filename = ""
Region:
id = 1065
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1066
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1067
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1068
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1069
start_va = 0x7ff6a1cd0000
end_va = 0x7ff6a1cdcfff
monitored = 0
entry_point = 0x7ff6a1cd3980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 1070
start_va = 0x7ff867800000
end_va = 0x7ff867aaffff
monitored = 0
entry_point = 0x7ff867801cf0
region_type = mapped_file
name = "netshell.dll"
filename = "\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")
Region:
id = 1071
start_va = 0x7ff868e50000
end_va = 0x7ff868e93fff
monitored = 0
entry_point = 0x7ff868e783e0
region_type = mapped_file
name = "updatehandlers.dll"
filename = "\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")
Region:
id = 1072
start_va = 0x7ff868ea0000
end_va = 0x7ff868efcfff
monitored = 0
entry_point = 0x7ff868ece510
region_type = mapped_file
name = "usocore.dll"
filename = "\\Windows\\System32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")
Region:
id = 1073
start_va = 0x7ff868f40000
end_va = 0x7ff868f57fff
monitored = 0
entry_point = 0x7ff868f41b10
region_type = mapped_file
name = "locationframeworkinternalps.dll"
filename = "\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")
Region:
id = 1074
start_va = 0x7ff86e320000
end_va = 0x7ff86e35efff
monitored = 0
entry_point = 0x7ff86e3482d0
region_type = mapped_file
name = "tcpipcfg.dll"
filename = "\\Windows\\System32\\tcpipcfg.dll" (normalized: "c:\\windows\\system32\\tcpipcfg.dll")
Region:
id = 1075
start_va = 0x7ff86e360000
end_va = 0x7ff86e391fff
monitored = 0
entry_point = 0x7ff86e36b0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 1076
start_va = 0x7ff86f4c0000
end_va = 0x7ff86f4f5fff
monitored = 0
entry_point = 0x7ff86f4c27f0
region_type = mapped_file
name = "windows.networking.hostname.dll"
filename = "\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")
Region:
id = 1077
start_va = 0x7ff8701d0000
end_va = 0x7ff8701e5fff
monitored = 0
entry_point = 0x7ff8701d1af0
region_type = mapped_file
name = "napinsp.dll"
filename = "\\Windows\\System32\\NapiNSP.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")
Region:
id = 1078
start_va = 0x7ff8701f0000
end_va = 0x7ff870209fff
monitored = 0
entry_point = 0x7ff8701f2330
region_type = mapped_file
name = "pnrpnsp.dll"
filename = "\\Windows\\System32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")
Region:
id = 1079
start_va = 0x7ff870210000
end_va = 0x7ff87021cfff
monitored = 0
entry_point = 0x7ff870211420
region_type = mapped_file
name = "winrnr.dll"
filename = "\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")
Region:
id = 1080
start_va = 0x7ff870230000
end_va = 0x7ff8702b3fff
monitored = 0
entry_point = 0x7ff870248d50
region_type = mapped_file
name = "wbemess.dll"
filename = "\\Windows\\System32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")
Region:
id = 1081
start_va = 0x7ff8702c0000
end_va = 0x7ff8702d5fff
monitored = 0
entry_point = 0x7ff8702c55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1082
start_va = 0x7ff8702e0000
end_va = 0x7ff8703b5fff
monitored = 0
entry_point = 0x7ff87030a800
region_type = mapped_file
name = "wmiprvsd.dll"
filename = "\\Windows\\System32\\wbem\\WmiPrvSD.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")
Region:
id = 1083
start_va = 0x7ff8703c0000
end_va = 0x7ff870423fff
monitored = 0
entry_point = 0x7ff8703dbed0
region_type = mapped_file
name = "repdrvfs.dll"
filename = "\\Windows\\System32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")
Region:
id = 1084
start_va = 0x7ff870430000
end_va = 0x7ff870454fff
monitored = 0
entry_point = 0x7ff870439900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1085
start_va = 0x7ff870460000
end_va = 0x7ff870473fff
monitored = 0
entry_point = 0x7ff870461800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1086
start_va = 0x7ff870480000
end_va = 0x7ff870575fff
monitored = 0
entry_point = 0x7ff8704b9590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1087
start_va = 0x7ff870580000
end_va = 0x7ff8705f3fff
monitored = 0
entry_point = 0x7ff870595eb0
region_type = mapped_file
name = "esscli.dll"
filename = "\\Windows\\System32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")
Region:
id = 1088
start_va = 0x7ff870600000
end_va = 0x7ff870736fff
monitored = 0
entry_point = 0x7ff870640480
region_type = mapped_file
name = "wbemcore.dll"
filename = "\\Windows\\System32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")
Region:
id = 1089
start_va = 0x7ff870790000
end_va = 0x7ff87079efff
monitored = 0
entry_point = 0x7ff870794960
region_type = mapped_file
name = "nci.dll"
filename = "\\Windows\\System32\\nci.dll" (normalized: "c:\\windows\\system32\\nci.dll")
Region:
id = 1090
start_va = 0x7ff8707b0000
end_va = 0x7ff8707f5fff
monitored = 0
entry_point = 0x7ff8707b79a0
region_type = mapped_file
name = "adsldp.dll"
filename = "\\Windows\\System32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")
Region:
id = 1091
start_va = 0x7ff870800000
end_va = 0x7ff87083ffff
monitored = 0
entry_point = 0x7ff87080cbe0
region_type = mapped_file
name = "adsldpc.dll"
filename = "\\Windows\\System32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")
Region:
id = 1092
start_va = 0x7ff870840000
end_va = 0x7ff870886fff
monitored = 0
entry_point = 0x7ff870841d10
region_type = mapped_file
name = "activeds.dll"
filename = "\\Windows\\System32\\activeds.dll" (normalized: "c:\\windows\\system32\\activeds.dll")
Region:
id = 1093
start_va = 0x7ff870890000
end_va = 0x7ff8708a0fff
monitored = 0
entry_point = 0x7ff870892fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1094
start_va = 0x7ff8708b0000
end_va = 0x7ff8708cdfff
monitored = 0
entry_point = 0x7ff8708b3a40
region_type = mapped_file
name = "atl.dll"
filename = "\\Windows\\System32\\atl.dll" (normalized: "c:\\windows\\system32\\atl.dll")
Region:
id = 1095
start_va = 0x7ff8708d0000
end_va = 0x7ff870951fff
monitored = 0
entry_point = 0x7ff8708d2a10
region_type = mapped_file
name = "hnetcfg.dll"
filename = "\\Windows\\System32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")
Region:
id = 1096
start_va = 0x7ff870960000
end_va = 0x7ff870970fff
monitored = 0
entry_point = 0x7ff870967480
region_type = mapped_file
name = "tetheringclient.dll"
filename = "\\Windows\\System32\\tetheringclient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")
Region:
id = 1097
start_va = 0x7ff8709f0000
end_va = 0x7ff870a31fff
monitored = 0
entry_point = 0x7ff8709f3670
region_type = mapped_file
name = "wdscore.dll"
filename = "\\Windows\\System32\\wdscore.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")
Region:
id = 1098
start_va = 0x7ff8717e0000
end_va = 0x7ff8717fefff
monitored = 0
entry_point = 0x7ff8717e37e0
region_type = mapped_file
name = "netsetupapi.dll"
filename = "\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")
Region:
id = 1099
start_va = 0x7ff871800000
end_va = 0x7ff871878fff
monitored = 0
entry_point = 0x7ff8718076a0
region_type = mapped_file
name = "netsetupshim.dll"
filename = "\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")
Region:
id = 1100
start_va = 0x7ff871ab0000
end_va = 0x7ff871ac3fff
monitored = 0
entry_point = 0x7ff871ab3710
region_type = mapped_file
name = "mskeyprotect.dll"
filename = "\\Windows\\System32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")
Region:
id = 1101
start_va = 0x7ff871ad0000
end_va = 0x7ff871af7fff
monitored = 0
entry_point = 0x7ff871adefc0
region_type = mapped_file
name = "dssenh.dll"
filename = "\\Windows\\System32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")
Region:
id = 1102
start_va = 0x7ff871b60000
end_va = 0x7ff871b7dfff
monitored = 0
entry_point = 0x7ff871b6ef80
region_type = mapped_file
name = "ncryptsslp.dll"
filename = "\\Windows\\System32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")
Region:
id = 1103
start_va = 0x7ff871b80000
end_va = 0x7ff871b97fff
monitored = 0
entry_point = 0x7ff871b84e10
region_type = mapped_file
name = "adhsvc.dll"
filename = "\\Windows\\System32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")
Region:
id = 1104
start_va = 0x7ff871ba0000
end_va = 0x7ff871bc4fff
monitored = 0
entry_point = 0x7ff871ba5ca0
region_type = mapped_file
name = "httpprxm.dll"
filename = "\\Windows\\System32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")
Region:
id = 1105
start_va = 0x7ff871c00000
end_va = 0x7ff871c40fff
monitored = 0
entry_point = 0x7ff871c03750
region_type = mapped_file
name = "sqmapi.dll"
filename = "\\Windows\\System32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")
Region:
id = 1106
start_va = 0x7ff871c50000
end_va = 0x7ff871d42fff
monitored = 0
entry_point = 0x7ff871c75d80
region_type = mapped_file
name = "iphlpsvc.dll"
filename = "\\Windows\\System32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")
Region:
id = 1107
start_va = 0x7ff871e70000
end_va = 0x7ff871f12fff
monitored = 0
entry_point = 0x7ff871e72c10
region_type = mapped_file
name = "clusapi.dll"
filename = "\\Windows\\System32\\clusapi.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")
Region:
id = 1108
start_va = 0x7ff871f20000
end_va = 0x7ff871f71fff
monitored = 0
entry_point = 0x7ff871f25770
region_type = mapped_file
name = "resutils.dll"
filename = "\\Windows\\System32\\resutils.dll" (normalized: "c:\\windows\\system32\\resutils.dll")
Region:
id = 1109
start_va = 0x7ff871f80000
end_va = 0x7ff871fadfff
monitored = 1
entry_point = 0x7ff871f82300
region_type = mapped_file
name = "wmidcom.dll"
filename = "\\Windows\\System32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")
Region:
id = 1110
start_va = 0x7ff871fb0000
end_va = 0x7ff87200dfff
monitored = 0
entry_point = 0x7ff871fb5080
region_type = mapped_file
name = "miutils.dll"
filename = "\\Windows\\System32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")
Region:
id = 1111
start_va = 0x7ff872010000
end_va = 0x7ff87202ffff
monitored = 0
entry_point = 0x7ff872011f50
region_type = mapped_file
name = "mi.dll"
filename = "\\Windows\\System32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")
Region:
id = 1112
start_va = 0x7ff872030000
end_va = 0x7ff872038fff
monitored = 0
entry_point = 0x7ff8720318f0
region_type = mapped_file
name = "sscoreext.dll"
filename = "\\Windows\\System32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")
Region:
id = 1113
start_va = 0x7ff872040000
end_va = 0x7ff872050fff
monitored = 0
entry_point = 0x7ff872041d30
region_type = mapped_file
name = "sscore.dll"
filename = "\\Windows\\System32\\sscore.dll" (normalized: "c:\\windows\\system32\\sscore.dll")
Region:
id = 1114
start_va = 0x7ff872110000
end_va = 0x7ff872127fff
monitored = 0
entry_point = 0x7ff872112000
region_type = mapped_file
name = "vsstrace.dll"
filename = "\\Windows\\System32\\vsstrace.dll" (normalized: "c:\\windows\\system32\\vsstrace.dll")
Region:
id = 1115
start_va = 0x7ff872130000
end_va = 0x7ff8722b1fff
monitored = 0
entry_point = 0x7ff8721482a0
region_type = mapped_file
name = "vssapi.dll"
filename = "\\Windows\\System32\\vssapi.dll" (normalized: "c:\\windows\\system32\\vssapi.dll")
Region:
id = 1116
start_va = 0x7ff8722c0000
end_va = 0x7ff87230bfff
monitored = 0
entry_point = 0x7ff8722d5310
region_type = mapped_file
name = "srvsvc.dll"
filename = "\\Windows\\System32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")
Region:
id = 1117
start_va = 0x7ff872310000
end_va = 0x7ff87238efff
monitored = 0
entry_point = 0x7ff872327110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1118
start_va = 0x7ff872390000
end_va = 0x7ff8723cbfff
monitored = 0
entry_point = 0x7ff872396aa0
region_type = mapped_file
name = "wmisvc.dll"
filename = "\\Windows\\System32\\wbem\\WMIsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")
Region:
id = 1119
start_va = 0x7ff872470000
end_va = 0x7ff87247bfff
monitored = 0
entry_point = 0x7ff8724735c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1120
start_va = 0x7ff8737e0000
end_va = 0x7ff873814fff
monitored = 0
entry_point = 0x7ff8737ea270
region_type = mapped_file
name = "fwpolicyiomgr.dll"
filename = "\\Windows\\System32\\fwpolicyiomgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")
Region:
id = 1121
start_va = 0x7ff873d90000
end_va = 0x7ff873da5fff
monitored = 0
entry_point = 0x7ff873d91d50
region_type = mapped_file
name = "wwapi.dll"
filename = "\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")
Region:
id = 1122
start_va = 0x7ff874360000
end_va = 0x7ff874369fff
monitored = 0
entry_point = 0x7ff874361350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 1123
start_va = 0x7ff876ee0000
end_va = 0x7ff876f01fff
monitored = 0
entry_point = 0x7ff876ef2540
region_type = mapped_file
name = "updatepolicy.dll"
filename = "\\Windows\\System32\\updatepolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")
Region:
id = 1124
start_va = 0x7ff876f10000
end_va = 0x7ff876fe4fff
monitored = 0
entry_point = 0x7ff876f2cf80
region_type = mapped_file
name = "wuapi.dll"
filename = "\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")
Region:
id = 1125
start_va = 0x7ff877a50000
end_va = 0x7ff877a5ffff
monitored = 0
entry_point = 0x7ff877a51700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 1126
start_va = 0x7ff877a60000
end_va = 0x7ff877a68fff
monitored = 0
entry_point = 0x7ff877a61ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 1127
start_va = 0x7ff877a70000
end_va = 0x7ff877a9cfff
monitored = 0
entry_point = 0x7ff877a72290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 1128
start_va = 0x7ff877aa0000
end_va = 0x7ff877af1fff
monitored = 0
entry_point = 0x7ff877aa38e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 1129
start_va = 0x7ff877c20000
end_va = 0x7ff877c31fff
monitored = 0
entry_point = 0x7ff877c21a80
region_type = mapped_file
name = "bitsproxy.dll"
filename = "\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")
Region:
id = 1130
start_va = 0x7ff877db0000
end_va = 0x7ff877db9fff
monitored = 0
entry_point = 0x7ff877db14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Region:
id = 1131
start_va = 0x7ff8784c0000
end_va = 0x7ff8784d2fff
monitored = 0
entry_point = 0x7ff8784c1b10
region_type = mapped_file
name = "devrtl.dll"
filename = "\\Windows\\System32\\devrtl.dll" (normalized: "c:\\windows\\system32\\devrtl.dll")
Region:
id = 1132
start_va = 0x7ff8784e0000
end_va = 0x7ff87857ffff
monitored = 0
entry_point = 0x7ff878550910
region_type = mapped_file
name = "wer.dll"
filename = "\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")
Region:
id = 1133
start_va = 0x7ff878580000
end_va = 0x7ff8785a5fff
monitored = 0
entry_point = 0x7ff878599020
region_type = mapped_file
name = "devicemetadataretrievalclient.dll"
filename = "\\Windows\\System32\\DeviceMetadataRetrievalClient.dll" (normalized: "c:\\windows\\system32\\devicemetadataretrievalclient.dll")
Region:
id = 1134
start_va = 0x7ff8785f0000
end_va = 0x7ff8786fefff
monitored = 0
entry_point = 0x7ff87862c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1135
start_va = 0x7ff8788a0000
end_va = 0x7ff8788b6fff
monitored = 0
entry_point = 0x7ff8788a7520
region_type = mapped_file
name = "usoapi.dll"
filename = "\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")
Region:
id = 1136
start_va = 0x7ff8788c0000
end_va = 0x7ff8788d7fff
monitored = 0
entry_point = 0x7ff8788cb850
region_type = mapped_file
name = "dmcmnutils.dll"
filename = "\\Windows\\System32\\dmcmnutils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")
Region:
id = 1137
start_va = 0x7ff878930000
end_va = 0x7ff878996fff
monitored = 0
entry_point = 0x7ff87893b160
region_type = mapped_file
name = "upnp.dll"
filename = "\\Windows\\System32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")
Region:
id = 1138
start_va = 0x7ff878a10000
end_va = 0x7ff878b2cfff
monitored = 0
entry_point = 0x7ff878a3fe60
region_type = mapped_file
name = "qmgr.dll"
filename = "\\Windows\\System32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")
Region:
id = 1139
start_va = 0x7ff878e40000
end_va = 0x7ff878e50fff
monitored = 0
entry_point = 0x7ff878e428d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 1140
start_va = 0x7ff879010000
end_va = 0x7ff879023fff
monitored = 0
entry_point = 0x7ff879012a00
region_type = mapped_file
name = "bitsigd.dll"
filename = "\\Windows\\System32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")
Region:
id = 1141
start_va = 0x7ff879450000
end_va = 0x7ff87945cfff
monitored = 0
entry_point = 0x7ff879455020
region_type = mapped_file
name = "devicedriverretrievalclient.dll"
filename = "\\Windows\\System32\\DeviceDriverRetrievalClient.dll" (normalized: "c:\\windows\\system32\\devicedriverretrievalclient.dll")
Region:
id = 1142
start_va = 0x7ff879460000
end_va = 0x7ff879483fff
monitored = 0
entry_point = 0x7ff879476390
region_type = mapped_file
name = "devpropmgr.dll"
filename = "\\Windows\\System32\\DevPropMgr.dll" (normalized: "c:\\windows\\system32\\devpropmgr.dll")
Region:
id = 1143
start_va = 0x7ff879720000
end_va = 0x7ff879731fff
monitored = 0
entry_point = 0x7ff879723580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1144
start_va = 0x7ff8797b0000
end_va = 0x7ff8797cafff
monitored = 0
entry_point = 0x7ff8797b1040
region_type = mapped_file
name = "mpr.dll"
filename = "\\Windows\\System32\\mpr.dll" (normalized: "c:\\windows\\system32\\mpr.dll")
Region:
id = 1145
start_va = 0x7ff8797d0000
end_va = 0x7ff8797ddfff
monitored = 0
entry_point = 0x7ff8797d1460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 1146
start_va = 0x7ff8797e0000
end_va = 0x7ff87985ffff
monitored = 0
entry_point = 0x7ff87980d280
region_type = mapped_file
name = "webio.dll"
filename = "\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")
Region:
id = 1147
start_va = 0x7ff879860000
end_va = 0x7ff879874fff
monitored = 0
entry_point = 0x7ff879862dc0
region_type = mapped_file
name = "ondemandconnroutehelper.dll"
filename = "\\Windows\\System32\\OnDemandConnRouteHelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")
Region:
id = 1148
start_va = 0x7ff879880000
end_va = 0x7ff879919fff
monitored = 0
entry_point = 0x7ff87989ada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 1149
start_va = 0x7ff879a60000
end_va = 0x7ff879b0dfff
monitored = 0
entry_point = 0x7ff879a780c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 1150
start_va = 0x7ff879b10000
end_va = 0x7ff879b21fff
monitored = 0
entry_point = 0x7ff879b19260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 1151
start_va = 0x7ff879b30000
end_va = 0x7ff879be0fff
monitored = 0
entry_point = 0x7ff879ba88b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 1152
start_va = 0x7ff879c90000
end_va = 0x7ff879cf6fff
monitored = 0
entry_point = 0x7ff879c963e0
region_type = mapped_file
name = "fwpuclnt.dll"
filename = "\\Windows\\System32\\FWPUCLNT.DLL" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")
Region:
id = 1153
start_va = 0x7ff879d00000
end_va = 0x7ff879d24fff
monitored = 0
entry_point = 0x7ff879d12f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 1154
start_va = 0x7ff879d30000
end_va = 0x7ff879d40fff
monitored = 0
entry_point = 0x7ff879d37ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 1155
start_va = 0x7ff879dd0000
end_va = 0x7ff879deefff
monitored = 0
entry_point = 0x7ff879dd4960
region_type = mapped_file
name = "ncprov.dll"
filename = "\\Windows\\System32\\wbem\\NCProv.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")
Region:
id = 1156
start_va = 0x7ff879e20000
end_va = 0x7ff879e3cfff
monitored = 0
entry_point = 0x7ff879e24f60
region_type = mapped_file
name = "appinfo.dll"
filename = "\\Windows\\System32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")
Region:
id = 1157
start_va = 0x7ff879e40000
end_va = 0x7ff879e59fff
monitored = 0
entry_point = 0x7ff879e42cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 1158
start_va = 0x7ff879e60000
end_va = 0x7ff879e6bfff
monitored = 0
entry_point = 0x7ff879e614d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 1159
start_va = 0x7ff879e70000
end_va = 0x7ff879ec4fff
monitored = 0
entry_point = 0x7ff879e73fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 1160
start_va = 0x7ff879ed0000
end_va = 0x7ff879f06fff
monitored = 0
entry_point = 0x7ff879ed6020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 1161
start_va = 0x7ff879f10000
end_va = 0x7ff879f2ffff
monitored = 0
entry_point = 0x7ff879f139a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 1162
start_va = 0x7ff879f30000
end_va = 0x7ff879f70fff
monitored = 0
entry_point = 0x7ff879f34840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 1163
start_va = 0x7ff879f80000
end_va = 0x7ff87a03ffff
monitored = 0
entry_point = 0x7ff879fafd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 1164
start_va = 0x7ff87a040000
end_va = 0x7ff87a054fff
monitored = 0
entry_point = 0x7ff87a043460
region_type = mapped_file
name = "ssdpapi.dll"
filename = "\\Windows\\System32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")
Region:
id = 1165
start_va = 0x7ff87a240000
end_va = 0x7ff87a307fff
monitored = 0
entry_point = 0x7ff87a2813f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 1166
start_va = 0x7ff87a310000
end_va = 0x7ff87a370fff
monitored = 0
entry_point = 0x7ff87a314b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 1167
start_va = 0x7ff87a380000
end_va = 0x7ff87a4fbfff
monitored = 0
entry_point = 0x7ff87a3d1650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 1168
start_va = 0x7ff87a500000
end_va = 0x7ff87a50afff
monitored = 0
entry_point = 0x7ff87a501770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 1169
start_va = 0x7ff87a5b0000
end_va = 0x7ff87a5ddfff
monitored = 0
entry_point = 0x7ff87a5b7550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 1170
start_va = 0x7ff87a5e0000
end_va = 0x7ff87a5ecfff
monitored = 0
entry_point = 0x7ff87a5e2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 1171
start_va = 0x7ff87a5f0000
end_va = 0x7ff87a61efff
monitored = 0
entry_point = 0x7ff87a5f8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 1172
start_va = 0x7ff87a8c0000
end_va = 0x7ff87a9a5fff
monitored = 0
entry_point = 0x7ff87a8dcf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 1173
start_va = 0x7ff87a9b0000
end_va = 0x7ff87a9c9fff
monitored = 0
entry_point = 0x7ff87a9b2430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 1174
start_va = 0x7ff87a9d0000
end_va = 0x7ff87a9e5fff
monitored = 0
entry_point = 0x7ff87a9d19f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 1175
start_va = 0x7ff87a9f0000
end_va = 0x7ff87aa27fff
monitored = 0
entry_point = 0x7ff87aa08cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 1176
start_va = 0x7ff87aa30000
end_va = 0x7ff87aa3afff
monitored = 0
entry_point = 0x7ff87aa31d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 1177
start_va = 0x7ff87aa90000
end_va = 0x7ff87aaa5fff
monitored = 0
entry_point = 0x7ff87aa91b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1178
start_va = 0x7ff87aab0000
end_va = 0x7ff87aab7fff
monitored = 0
entry_point = 0x7ff87aab13b0
region_type = mapped_file
name = "dmiso8601utils.dll"
filename = "\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")
Region:
id = 1179
start_va = 0x7ff87aae0000
end_va = 0x7ff87aaeafff
monitored = 0
entry_point = 0x7ff87aae1de0
region_type = mapped_file
name = "bitsperf.dll"
filename = "\\Windows\\System32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")
Region:
id = 1180
start_va = 0x7ff87ab50000
end_va = 0x7ff87ab66fff
monitored = 0
entry_point = 0x7ff87ab55630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 1181
start_va = 0x7ff87ac20000
end_va = 0x7ff87ac33fff
monitored = 0
entry_point = 0x7ff87ac22d50
region_type = mapped_file
name = "rtutils.dll"
filename = "\\Windows\\System32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")
Region:
id = 1182
start_va = 0x7ff87afb0000
end_va = 0x7ff87b042fff
monitored = 0
entry_point = 0x7ff87afb9680
region_type = mapped_file
name = "msvcp_win.dll"
filename = "\\Windows\\System32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")
Region:
id = 1183
start_va = 0x7ff87b160000
end_va = 0x7ff87b178fff
monitored = 0
entry_point = 0x7ff87b164520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1184
start_va = 0x7ff87b670000
end_va = 0x7ff87b6ddfff
monitored = 0
entry_point = 0x7ff87b677f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 1185
start_va = 0x7ff87b6e0000
end_va = 0x7ff87b6effff
monitored = 0
entry_point = 0x7ff87b6e2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 1186
start_va = 0x7ff87b6f0000
end_va = 0x7ff87b700fff
monitored = 0
entry_point = 0x7ff87b6f3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1187
start_va = 0x7ff87b750000
end_va = 0x7ff87b7e1fff
monitored = 0
entry_point = 0x7ff87b79a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 1188
start_va = 0x7ff87bb00000
end_va = 0x7ff87be81fff
monitored = 0
entry_point = 0x7ff87bb51220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 1189
start_va = 0x7ff87be90000
end_va = 0x7ff87bfc5fff
monitored = 0
entry_point = 0x7ff87bebf350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 1190
start_va = 0x7ff87d0c0000
end_va = 0x7ff87d1cdfff
monitored = 0
entry_point = 0x7ff87d10eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 1191
start_va = 0x7ff87d4d0000
end_va = 0x7ff87d510fff
monitored = 0
entry_point = 0x7ff87d4e7eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 1192
start_va = 0x7ff87d520000
end_va = 0x7ff87d61bfff
monitored = 0
entry_point = 0x7ff87d556df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 1193
start_va = 0x7ff87d630000
end_va = 0x7ff87d6a9fff
monitored = 0
entry_point = 0x7ff87d657630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 1194
start_va = 0x7ff87d6e0000
end_va = 0x7ff87d6e8fff
monitored = 0
entry_point = 0x7ff87d6e21d0
region_type = mapped_file
name = "httpprxc.dll"
filename = "\\Windows\\System32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")
Region:
id = 1195
start_va = 0x7ff87d6f0000
end_va = 0x7ff87d6fbfff
monitored = 0
entry_point = 0x7ff87d6f2830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 1196
start_va = 0x7ff87d700000
end_va = 0x7ff87d712fff
monitored = 0
entry_point = 0x7ff87d7057f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 1197
start_va = 0x7ff87d720000
end_va = 0x7ff87d75dfff
monitored = 0
entry_point = 0x7ff87d72a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1198
start_va = 0x7ff87d760000
end_va = 0x7ff87d786fff
monitored = 0
entry_point = 0x7ff87d763bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 1199
start_va = 0x7ff87d790000
end_va = 0x7ff87d7e4fff
monitored = 0
entry_point = 0x7ff87d79fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 1200
start_va = 0x7ff87d7f0000
end_va = 0x7ff87d853fff
monitored = 0
entry_point = 0x7ff87d805ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1201
start_va = 0x7ff87da20000
end_va = 0x7ff87dadefff
monitored = 0
entry_point = 0x7ff87da41c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 1202
start_va = 0x7ff87dae0000
end_va = 0x7ff87db08fff
monitored = 0
entry_point = 0x7ff87daeca00
region_type = mapped_file
name = "cabinet.dll"
filename = "\\Windows\\System32\\cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")
Region:
id = 1203
start_va = 0x7ff87db10000
end_va = 0x7ff87db45fff
monitored = 0
entry_point = 0x7ff87db20070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 1204
start_va = 0x7ff87e310000
end_va = 0x7ff87e34ffff
monitored = 0
entry_point = 0x7ff87e326c60
region_type = mapped_file
name = "netprofm.dll"
filename = "\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")
Region:
id = 1205
start_va = 0x7ff87e420000
end_va = 0x7ff87e429fff
monitored = 0
entry_point = 0x7ff87e421660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1206
start_va = 0x7ff87e430000
end_va = 0x7ff87e447fff
monitored = 0
entry_point = 0x7ff87e435910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 1207
start_va = 0x7ff87e450000
end_va = 0x7ff87e59cfff
monitored = 0
entry_point = 0x7ff87e493da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 1208
start_va = 0x7ff87ebb0000
end_va = 0x7ff87ebb7fff
monitored = 0
entry_point = 0x7ff87ebb13e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 1209
start_va = 0x7ff87f0a0000
end_va = 0x7ff87f0dffff
monitored = 0
entry_point = 0x7ff87f0b1960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 1210
start_va = 0x7ff87f150000
end_va = 0x7ff87f1c8fff
monitored = 0
entry_point = 0x7ff87f16fb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 1211
start_va = 0x7ff87f380000
end_va = 0x7ff87f812fff
monitored = 0
entry_point = 0x7ff87f38f760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 1212
start_va = 0x7ff87f820000
end_va = 0x7ff87f886fff
monitored = 0
entry_point = 0x7ff87f83e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 1213
start_va = 0x7ff87f8e0000
end_va = 0x7ff87fa65fff
monitored = 0
entry_point = 0x7ff87f92d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 1214
start_va = 0x7ff87fa70000
end_va = 0x7ff87fa8bfff
monitored = 0
entry_point = 0x7ff87fa737a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 1215
start_va = 0x7ff87fad0000
end_va = 0x7ff87fae2fff
monitored = 0
entry_point = 0x7ff87fad2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1216
start_va = 0x7ff87fd00000
end_va = 0x7ff87fd26fff
monitored = 0
entry_point = 0x7ff87fd07940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1217
start_va = 0x7ff87fd50000
end_va = 0x7ff87fdf9fff
monitored = 0
entry_point = 0x7ff87fd77910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 1218
start_va = 0x7ff87fe00000
end_va = 0x7ff87fefffff
monitored = 0
entry_point = 0x7ff87fe40f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 1219
start_va = 0x7ff87ff90000
end_va = 0x7ff87ff9bfff
monitored = 0
entry_point = 0x7ff87ff92480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 1220
start_va = 0x7ff880060000
end_va = 0x7ff880091fff
monitored = 0
entry_point = 0x7ff880072340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 1221
start_va = 0x7ff8802d0000
end_va = 0x7ff8802dbfff
monitored = 0
entry_point = 0x7ff8802d2790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 1222
start_va = 0x7ff8802e0000
end_va = 0x7ff880303fff
monitored = 0
entry_point = 0x7ff8802e3260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 1223
start_va = 0x7ff880480000
end_va = 0x7ff880573fff
monitored = 0
entry_point = 0x7ff88048a960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 1224
start_va = 0x7ff8805d0000
end_va = 0x7ff880618fff
monitored = 0
entry_point = 0x7ff8805da090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 1225
start_va = 0x7ff8806f0000
end_va = 0x7ff8806fbfff
monitored = 0
entry_point = 0x7ff8806f27e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1226
start_va = 0x7ff8807d0000
end_va = 0x7ff880800fff
monitored = 0
entry_point = 0x7ff8807d7d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1227
start_va = 0x7ff880830000
end_va = 0x7ff8808a9fff
monitored = 0
entry_point = 0x7ff880851a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1228
start_va = 0x7ff8808f0000
end_va = 0x7ff880923fff
monitored = 0
entry_point = 0x7ff88090ae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 1229
start_va = 0x7ff880930000
end_va = 0x7ff880939fff
monitored = 0
entry_point = 0x7ff880931830
region_type = mapped_file
name = "dpapi.dll"
filename = "\\Windows\\System32\\dpapi.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")
Region:
id = 1230
start_va = 0x7ff880a40000
end_va = 0x7ff880a5efff
monitored = 0
entry_point = 0x7ff880a45d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 1231
start_va = 0x7ff880bb0000
end_va = 0x7ff880c0bfff
monitored = 0
entry_point = 0x7ff880bc6f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 1232
start_va = 0x7ff880c60000
end_va = 0x7ff880c76fff
monitored = 0
entry_point = 0x7ff880c679d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 1233
start_va = 0x7ff880d80000
end_va = 0x7ff880d8afff
monitored = 0
entry_point = 0x7ff880d819a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 1234
start_va = 0x7ff880dc0000
end_va = 0x7ff880de0fff
monitored = 0
entry_point = 0x7ff880dd0250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 1235
start_va = 0x7ff880e10000
end_va = 0x7ff880e49fff
monitored = 0
entry_point = 0x7ff880e18d20
region_type = mapped_file
name = "ntasn1.dll"
filename = "\\Windows\\System32\\ntasn1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")
Region:
id = 1236
start_va = 0x7ff880e50000
end_va = 0x7ff880e76fff
monitored = 0
entry_point = 0x7ff880e60aa0
region_type = mapped_file
name = "ncrypt.dll"
filename = "\\Windows\\System32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")
Region:
id = 1237
start_va = 0x7ff880f60000
end_va = 0x7ff880f8cfff
monitored = 0
entry_point = 0x7ff880f79d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1238
start_va = 0x7ff8810f0000
end_va = 0x7ff881145fff
monitored = 0
entry_point = 0x7ff881100bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1239
start_va = 0x7ff881150000
end_va = 0x7ff881168fff
monitored = 0
entry_point = 0x7ff881155e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 1240
start_va = 0x7ff881170000
end_va = 0x7ff881198fff
monitored = 0
entry_point = 0x7ff881184530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1241
start_va = 0x7ff8811a0000
end_va = 0x7ff881238fff
monitored = 0
entry_point = 0x7ff8811cf4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 1242
start_va = 0x7ff8812e0000
end_va = 0x7ff88132afff
monitored = 0
entry_point = 0x7ff8812e35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1243
start_va = 0x7ff881330000
end_va = 0x7ff88133efff
monitored = 0
entry_point = 0x7ff881333210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1244
start_va = 0x7ff881340000
end_va = 0x7ff881353fff
monitored = 0
entry_point = 0x7ff8813452e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 1245
start_va = 0x7ff881360000
end_va = 0x7ff88136ffff
monitored = 0
entry_point = 0x7ff8813656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1246
start_va = 0x7ff881370000
end_va = 0x7ff8813b2fff
monitored = 0
entry_point = 0x7ff881384b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1247
start_va = 0x7ff8813c0000
end_va = 0x7ff881445fff
monitored = 0
entry_point = 0x7ff8813cd8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 1248
start_va = 0x7ff881450000
end_va = 0x7ff881616fff
monitored = 0
entry_point = 0x7ff8814adb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1249
start_va = 0x7ff881620000
end_va = 0x7ff881c63fff
monitored = 0
entry_point = 0x7ff8817e64b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 1250
start_va = 0x7ff881c70000
end_va = 0x7ff881d24fff
monitored = 0
entry_point = 0x7ff881cb22e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 1251
start_va = 0x7ff881d30000
end_va = 0x7ff881d46fff
monitored = 0
entry_point = 0x7ff881d31390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1252
start_va = 0x7ff881d50000
end_va = 0x7ff881db9fff
monitored = 0
entry_point = 0x7ff881d86d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1253
start_va = 0x7ff881e70000
end_va = 0x7ff881ec4fff
monitored = 0
entry_point = 0x7ff881e87970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 1254
start_va = 0x7ff881ed0000
end_va = 0x7ff8820b7fff
monitored = 0
entry_point = 0x7ff881efba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1255
start_va = 0x7ff8820c0000
end_va = 0x7ff882215fff
monitored = 0
entry_point = 0x7ff8820ca8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1256
start_va = 0x7ff882220000
end_va = 0x7ff8822bcfff
monitored = 0
entry_point = 0x7ff8822278a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1257
start_va = 0x7ff8822c0000
end_va = 0x7ff88253cfff
monitored = 0
entry_point = 0x7ff882394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1258
start_va = 0x7ff882550000
end_va = 0x7ff8825aafff
monitored = 0
entry_point = 0x7ff8825638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1259
start_va = 0x7ff8825b0000
end_va = 0x7ff883b0efff
monitored = 0
entry_point = 0x7ff8827111f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 1260
start_va = 0x7ff883b80000
end_va = 0x7ff883beafff
monitored = 0
entry_point = 0x7ff883b990c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1261
start_va = 0x7ff883bf0000
end_va = 0x7ff883d0bfff
monitored = 0
entry_point = 0x7ff883c302b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1262
start_va = 0x7ff884020000
end_va = 0x7ff88407bfff
monitored = 0
entry_point = 0x7ff88403b720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 1263
start_va = 0x7ff8841b0000
end_va = 0x7ff884256fff
monitored = 0
entry_point = 0x7ff8841bb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1264
start_va = 0x7ff8842c0000
end_va = 0x7ff884402fff
monitored = 0
entry_point = 0x7ff8842e8210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 1265
start_va = 0x7ff884410000
end_va = 0x7ff8844d0fff
monitored = 0
entry_point = 0x7ff884430da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1266
start_va = 0x7ff8844f0000
end_va = 0x7ff884918fff
monitored = 0
entry_point = 0x7ff884518740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 1267
start_va = 0x7ff884920000
end_va = 0x7ff8849c6fff
monitored = 0
entry_point = 0x7ff8849358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1268
start_va = 0x7ff884a10000
end_va = 0x7ff884b95fff
monitored = 0
entry_point = 0x7ff884a5ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1269
start_va = 0x7ff884ba0000
end_va = 0x7ff884ba7fff
monitored = 0
entry_point = 0x7ff884ba1ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 1270
start_va = 0x7ff884bb0000
end_va = 0x7ff884c01fff
monitored = 0
entry_point = 0x7ff884bbf530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 1271
start_va = 0x7ff884c10000
end_va = 0x7ff884cbcfff
monitored = 0
entry_point = 0x7ff884c281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1272
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1514
start_va = 0xa310000
end_va = 0xa40ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a310000"
filename = ""
Region:
id = 1515
start_va = 0xa410000
end_va = 0xa50ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a410000"
filename = ""
Region:
id = 1516
start_va = 0xa510000
end_va = 0xa60ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a510000"
filename = ""
Region:
id = 1517
start_va = 0xa610000
end_va = 0xa70ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a610000"
filename = ""
Region:
id = 1607
start_va = 0x420000
end_va = 0x421fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 1791
start_va = 0xa710000
end_va = 0xa80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a710000"
filename = ""
Region:
id = 2102
start_va = 0xa810000
end_va = 0xa90ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a810000"
filename = ""
Region:
id = 2103
start_va = 0xa910000
end_va = 0xaa0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000a910000"
filename = ""
Region:
id = 2104
start_va = 0xaa10000
end_va = 0xab0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000000aa10000"
filename = ""
Region:
id = 2105
start_va = 0x3090000
end_va = 0x310ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003090000"
filename = ""
Region:
id = 2106
start_va = 0x3180000
end_va = 0x31fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003180000"
filename = ""
Region:
id = 2107
start_va = 0x7ff87f280000
end_va = 0x7ff87f2d0fff
monitored = 0
entry_point = 0x7ff87f2825e0
region_type = mapped_file
name = "cscobj.dll"
filename = "\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")
Region:
id = 2108
start_va = 0x3400000
end_va = 0x34fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003400000"
filename = ""
Region:
id = 2109
start_va = 0x3500000
end_va = 0x35fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003500000"
filename = ""
Thread:
id = 25
os_tid = 0x64c
Thread:
id = 26
os_tid = 0x700
Thread:
id = 27
os_tid = 0x1254
Thread:
id = 28
os_tid = 0x1250
Thread:
id = 29
os_tid = 0x10c8
Thread:
id = 30
os_tid = 0x210
Thread:
id = 31
os_tid = 0xe28
Thread:
id = 32
os_tid = 0xfe0
Thread:
id = 33
os_tid = 0xa9c
Thread:
id = 34
os_tid = 0xee4
Thread:
id = 35
os_tid = 0xee0
Thread:
id = 36
os_tid = 0xfac
Thread:
id = 37
os_tid = 0xf94
Thread:
id = 38
os_tid = 0xf90
Thread:
id = 39
os_tid = 0xf84
Thread:
id = 40
os_tid = 0x8e8
Thread:
id = 41
os_tid = 0xec
Thread:
id = 42
os_tid = 0xe8
Thread:
id = 43
os_tid = 0x7d8
Thread:
id = 44
os_tid = 0x29c
Thread:
id = 45
os_tid = 0x27c
Thread:
id = 46
os_tid = 0x234
Thread:
id = 47
os_tid = 0x230
Thread:
id = 48
os_tid = 0x224
Thread:
id = 49
os_tid = 0x1e0
Thread:
id = 50
os_tid = 0x164
Thread:
id = 51
os_tid = 0xe38
Thread:
id = 52
os_tid = 0x2f8
Thread:
id = 53
os_tid = 0xbb4
Thread:
id = 54
os_tid = 0xc30
Thread:
id = 55
os_tid = 0xc18
Thread:
id = 56
os_tid = 0xb58
Thread:
id = 57
os_tid = 0xeac
Thread:
id = 58
os_tid = 0xeb0
Thread:
id = 59
os_tid = 0xebc
Thread:
id = 60
os_tid = 0xe88
Thread:
id = 61
os_tid = 0xe90
Thread:
id = 62
os_tid = 0xe44
Thread:
id = 63
os_tid = 0xe6c
Thread:
id = 64
os_tid = 0xe50
Thread:
id = 65
os_tid = 0xc98
Thread:
id = 66
os_tid = 0x578
Thread:
id = 67
os_tid = 0xdd4
Thread:
id = 68
os_tid = 0xdcc
Thread:
id = 69
os_tid = 0xd1c
Thread:
id = 70
os_tid = 0x714
Thread:
id = 71
os_tid = 0xa78
Thread:
id = 72
os_tid = 0xa74
Thread:
id = 73
os_tid = 0xa70
Thread:
id = 74
os_tid = 0xa68
Thread:
id = 75
os_tid = 0xa64
Thread:
id = 76
os_tid = 0xa60
Thread:
id = 77
os_tid = 0x96c
Thread:
id = 78
os_tid = 0x95c
Thread:
id = 79
os_tid = 0x94c
Thread:
id = 80
os_tid = 0x90c
Thread:
id = 81
os_tid = 0x8dc
Thread:
id = 82
os_tid = 0x8d8
Thread:
id = 83
os_tid = 0x8c8
Thread:
id = 84
os_tid = 0x8c4
Thread:
id = 85
os_tid = 0x884
Thread:
id = 86
os_tid = 0x85c
Thread:
id = 87
os_tid = 0x4bc
Thread:
id = 88
os_tid = 0x7cc
Thread:
id = 89
os_tid = 0x600
Thread:
id = 90
os_tid = 0x4d0
Thread:
id = 91
os_tid = 0x508
Thread:
id = 92
os_tid = 0x710
Thread:
id = 93
os_tid = 0x704
Thread:
id = 94
os_tid = 0x660
Thread:
id = 95
os_tid = 0x5ec
Thread:
id = 96
os_tid = 0x56c
Thread:
id = 97
os_tid = 0x568
Thread:
id = 98
os_tid = 0x504
Thread:
id = 99
os_tid = 0x4ac
Thread:
id = 100
os_tid = 0x49c
Thread:
id = 101
os_tid = 0x44c
Thread:
id = 102
os_tid = 0x420
Thread:
id = 103
os_tid = 0x40c
Thread:
id = 104
os_tid = 0x168
Thread:
id = 105
os_tid = 0x304
Thread:
id = 106
os_tid = 0x280
Thread:
id = 107
os_tid = 0x1b8
Thread:
id = 108
os_tid = 0x188
Thread:
id = 109
os_tid = 0x3f8
Thread:
id = 110
os_tid = 0x3ec
Thread:
id = 111
os_tid = 0x3d8
Thread:
id = 112
os_tid = 0x364
Thread:
id = 139
os_tid = 0x11f8
Thread:
id = 140
os_tid = 0x13c0
Thread:
id = 141
os_tid = 0x61c
Thread:
id = 142
os_tid = 0x750
Thread:
id = 146
os_tid = 0x390
Thread:
id = 149
os_tid = 0xfe8
Thread:
id = 150
os_tid = 0x860
Thread:
id = 151
os_tid = 0x1234
Thread:
id = 152
os_tid = 0xed4
Thread:
id = 153
os_tid = 0x308
Thread:
id = 154
os_tid = 0xf3c
Thread:
id = 155
os_tid = 0x658
Thread:
id = 156
os_tid = 0x680
Process:
id = "7"
image_name = "9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
filename = "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
page_root = "0x3018e000"
os_pid = "0x11a8"
os_integrity_level = "0x3000"
os_privileges = "0x60800000"
monitor_reason = "child_process"
parent_id = "1"
os_parent_pid = "0x704"
cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe\""
cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f600" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 1324
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 1325
start_va = 0x30000
end_va = 0x31fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1326
start_va = 0x40000
end_va = 0x54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000040000"
filename = ""
Region:
id = 1327
start_va = 0x60000
end_va = 0x9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000060000"
filename = ""
Region:
id = 1328
start_va = 0xa0000
end_va = 0x19ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000a0000"
filename = ""
Region:
id = 1329
start_va = 0x1a0000
end_va = 0x1a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001a0000"
filename = ""
Region:
id = 1330
start_va = 0x1b0000
end_va = 0x1b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001b0000"
filename = ""
Region:
id = 1331
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1332
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1333
start_va = 0x400000
end_va = 0x4b3fff
monitored = 1
entry_point = 0x49ac7a
region_type = mapped_file
name = "9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe")
Region:
id = 1334
start_va = 0x77460000
end_va = 0x775dafff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\SysWOW64\\ntdll.dll" (normalized: "c:\\windows\\syswow64\\ntdll.dll")
Region:
id = 1335
start_va = 0x7ffb0000
end_va = 0x7ffd2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007ffb0000"
filename = ""
Region:
id = 1336
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1337
start_va = 0x7fff0000
end_va = 0x7ff884cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fff0000"
filename = ""
Region:
id = 1338
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1339
start_va = 0x7ff884e81000
end_va = 0x7ffffffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00007ff884e81000"
filename = ""
Region:
id = 1340
start_va = 0x400000
end_va = 0x439fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 1341
start_va = 0x540000
end_va = 0x54ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 1342
start_va = 0x5f960000
end_va = 0x5f9affff
monitored = 0
entry_point = 0x5f978180
region_type = mapped_file
name = "wow64.dll"
filename = "\\Windows\\System32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")
Region:
id = 1343
start_va = 0x5f9b0000
end_va = 0x5fa29fff
monitored = 0
entry_point = 0x5f9c3290
region_type = mapped_file
name = "wow64win.dll"
filename = "\\Windows\\System32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")
Region:
id = 1344
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1345
start_va = 0x5fa30000
end_va = 0x5fa37fff
monitored = 0
entry_point = 0x5fa317c0
region_type = mapped_file
name = "wow64cpu.dll"
filename = "\\Windows\\System32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")
Region:
id = 1346
start_va = 0x550000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 1347
start_va = 0x6c800000
end_va = 0x6c858fff
monitored = 1
entry_point = 0x6c810780
region_type = mapped_file
name = "mscoree.dll"
filename = "\\Windows\\SysWOW64\\mscoree.dll" (normalized: "c:\\windows\\syswow64\\mscoree.dll")
Region:
id = 1348
start_va = 0x76410000
end_va = 0x764effff
monitored = 0
entry_point = 0x76423980
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\SysWOW64\\kernel32.dll" (normalized: "c:\\windows\\syswow64\\kernel32.dll")
Region:
id = 1349
start_va = 0x77270000
end_va = 0x773edfff
monitored = 0
entry_point = 0x77321b90
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\SysWOW64\\KernelBase.dll" (normalized: "c:\\windows\\syswow64\\kernelbase.dll")
Region:
id = 1350
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1351
start_va = 0x7feb0000
end_va = 0x7ffaffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x000000007feb0000"
filename = ""
Region:
id = 1352
start_va = 0x440000
end_va = 0x4fdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1353
start_va = 0x6b0000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1356
start_va = 0x20000
end_va = 0x23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1357
start_va = 0x76b70000
end_va = 0x76beafff
monitored = 0
entry_point = 0x76b8e970
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\SysWOW64\\advapi32.dll" (normalized: "c:\\windows\\syswow64\\advapi32.dll")
Region:
id = 1358
start_va = 0x76570000
end_va = 0x7662dfff
monitored = 0
entry_point = 0x765a5630
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\SysWOW64\\msvcrt.dll" (normalized: "c:\\windows\\syswow64\\msvcrt.dll")
Region:
id = 1359
start_va = 0x500000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000500000"
filename = ""
Region:
id = 1360
start_va = 0x6b0000
end_va = 0x7affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 1361
start_va = 0x820000
end_va = 0x82ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000820000"
filename = ""
Region:
id = 1362
start_va = 0x758e0000
end_va = 0x75923fff
monitored = 0
entry_point = 0x758f9d80
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\SysWOW64\\sechost.dll" (normalized: "c:\\windows\\syswow64\\sechost.dll")
Region:
id = 1363
start_va = 0x76630000
end_va = 0x766dcfff
monitored = 0
entry_point = 0x76644f00
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\SysWOW64\\rpcrt4.dll" (normalized: "c:\\windows\\syswow64\\rpcrt4.dll")
Region:
id = 1364
start_va = 0x74190000
end_va = 0x741adfff
monitored = 0
entry_point = 0x7419b640
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\SysWOW64\\sspicli.dll" (normalized: "c:\\windows\\syswow64\\sspicli.dll")
Region:
id = 1365
start_va = 0x74180000
end_va = 0x74189fff
monitored = 0
entry_point = 0x74182a00
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\SysWOW64\\cryptbase.dll" (normalized: "c:\\windows\\syswow64\\cryptbase.dll")
Region:
id = 1366
start_va = 0x75880000
end_va = 0x758d7fff
monitored = 0
entry_point = 0x758c25c0
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\SysWOW64\\bcryptprimitives.dll" (normalized: "c:\\windows\\syswow64\\bcryptprimitives.dll")
Region:
id = 1367
start_va = 0x830000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 1369
start_va = 0x6c750000
end_va = 0x6c7c8fff
monitored = 1
entry_point = 0x6c75f82a
region_type = mapped_file
name = "mscoreei.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll")
Region:
id = 1370
start_va = 0x76ed0000
end_va = 0x76f14fff
monitored = 0
entry_point = 0x76eede90
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\SysWOW64\\shlwapi.dll" (normalized: "c:\\windows\\syswow64\\shlwapi.dll")
Region:
id = 1371
start_va = 0x769b0000
end_va = 0x76b6cfff
monitored = 0
entry_point = 0x76a92a10
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\SysWOW64\\combase.dll" (normalized: "c:\\windows\\syswow64\\combase.dll")
Region:
id = 1372
start_va = 0x76d80000
end_va = 0x76ecefff
monitored = 0
entry_point = 0x76e36820
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\SysWOW64\\gdi32.dll" (normalized: "c:\\windows\\syswow64\\gdi32.dll")
Region:
id = 1373
start_va = 0x755e0000
end_va = 0x75726fff
monitored = 0
entry_point = 0x755f1cf0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\SysWOW64\\user32.dll" (normalized: "c:\\windows\\syswow64\\user32.dll")
Region:
id = 1374
start_va = 0x1d0000
end_va = 0x1f9fff
monitored = 0
entry_point = 0x1d5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1375
start_va = 0x940000
end_va = 0xac7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 1376
start_va = 0x764f0000
end_va = 0x7651afff
monitored = 0
entry_point = 0x764f5680
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\SysWOW64\\imm32.dll" (normalized: "c:\\windows\\syswow64\\imm32.dll")
Region:
id = 1377
start_va = 0x30000
end_va = 0x30fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000030000"
filename = ""
Region:
id = 1378
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1379
start_va = 0xad0000
end_va = 0xc50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ad0000"
filename = ""
Region:
id = 1380
start_va = 0xc60000
end_va = 0x205ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c60000"
filename = ""
Region:
id = 1381
start_va = 0x830000
end_va = 0x8defff
monitored = 1
entry_point = 0x8cac7a
region_type = mapped_file
name = "9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe"
filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe")
Region:
id = 1382
start_va = 0x930000
end_va = 0x93ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000930000"
filename = ""
Region:
id = 1383
start_va = 0x755d0000
end_va = 0x755dbfff
monitored = 0
entry_point = 0x755d3930
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\SysWOW64\\kernel.appcore.dll" (normalized: "c:\\windows\\syswow64\\kernel.appcore.dll")
Region:
id = 1384
start_va = 0x6c7f0000
end_va = 0x6c7f7fff
monitored = 0
entry_point = 0x6c7f17b0
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\SysWOW64\\version.dll" (normalized: "c:\\windows\\syswow64\\version.dll")
Region:
id = 1386
start_va = 0x6b390000
end_va = 0x6ba40fff
monitored = 1
entry_point = 0x6b3a5d20
region_type = mapped_file
name = "clr.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll")
Region:
id = 1387
start_va = 0x6b290000
end_va = 0x6b384fff
monitored = 0
entry_point = 0x6b2e4160
region_type = mapped_file
name = "msvcr120_clr0400.dll"
filename = "\\Windows\\SysWOW64\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\syswow64\\msvcr120_clr0400.dll")
Region:
id = 1389
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 1390
start_va = 0x1f0000
end_va = 0x1fffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1391
start_va = 0x550000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 1392
start_va = 0x5b0000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 1396
start_va = 0x560000
end_va = 0x56ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 1397
start_va = 0x570000
end_va = 0x57ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 1398
start_va = 0x580000
end_va = 0x58ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 1399
start_va = 0x590000
end_va = 0x59ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 1400
start_va = 0x5a0000
end_va = 0x5a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1401
start_va = 0x7b0000
end_va = 0x7b0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 1402
start_va = 0x2060000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002060000"
filename = ""
Region:
id = 1403
start_va = 0x2060000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002060000"
filename = ""
Region:
id = 1404
start_va = 0x2210000
end_va = 0x221ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002210000"
filename = ""
Region:
id = 1405
start_va = 0x7c0000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007c0000"
filename = ""
Region:
id = 1406
start_va = 0x830000
end_va = 0x92ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000830000"
filename = ""
Region:
id = 1407
start_va = 0x800000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1408
start_va = 0x2220000
end_va = 0x421ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002220000"
filename = ""
Region:
id = 1409
start_va = 0x2060000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002060000"
filename = ""
Region:
id = 1410
start_va = 0x2170000
end_va = 0x217ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002170000"
filename = ""
Region:
id = 1411
start_va = 0x2100000
end_va = 0x213ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 1412
start_va = 0x4220000
end_va = 0x431ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004220000"
filename = ""
Region:
id = 1413
start_va = 0x4320000
end_va = 0x4656fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1414
start_va = 0x6a060000
end_va = 0x6b287fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "mscorlib.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\8062d427acd64e37f4fded7b00f4a869\\mscorlib.ni.dll")
Region:
id = 1415
start_va = 0x767c0000
end_va = 0x768aafff
monitored = 0
entry_point = 0x767fd650
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\SysWOW64\\ole32.dll" (normalized: "c:\\windows\\syswow64\\ole32.dll")
Region:
id = 1416
start_va = 0x4660000
end_va = 0x46f0fff
monitored = 0
entry_point = 0x4698cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1417
start_va = 0x70240000
end_va = 0x702b4fff
monitored = 0
entry_point = 0x70279a60
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\SysWOW64\\uxtheme.dll" (normalized: "c:\\windows\\syswow64\\uxtheme.dll")
Region:
id = 1418
start_va = 0x2140000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 1419
start_va = 0x800000
end_va = 0x80ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 1420
start_va = 0x810000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 1421
start_va = 0x6c640000
end_va = 0x6c6bdfff
monitored = 1
entry_point = 0x6c641140
region_type = mapped_file
name = "clrjit.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll")
Region:
id = 1422
start_va = 0x76bf0000
end_va = 0x76c81fff
monitored = 0
entry_point = 0x76c28cf0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\SysWOW64\\oleaut32.dll" (normalized: "c:\\windows\\syswow64\\oleaut32.dll")
Region:
id = 1423
start_va = 0x2140000
end_va = 0x214ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002140000"
filename = ""
Region:
id = 1424
start_va = 0x2160000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002160000"
filename = ""
Region:
id = 1425
start_va = 0x69630000
end_va = 0x69fdbfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\cc4e5d110dd318e8b7d61a9ed184ab74\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\cc4e5d110dd318e8b7d61a9ed184ab74\\system.ni.dll")
Region:
id = 1426
start_va = 0x6bca0000
end_va = 0x6be2cfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.drawing.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\System.Drawing.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\9b645a48c9bcfc95aaadf6a069bb4ebe\\system.drawing.ni.dll")
Region:
id = 1427
start_va = 0x689d0000
end_va = 0x69628fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.windows.forms.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\8cd2187094ba6cade0ca0fab4f932654\\System.Windows.Forms.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\8cd2187094ba6cade0ca0fab4f932654\\system.windows.forms.ni.dll")
Region:
id = 1429
start_va = 0x6be30000
end_va = 0x6c541fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.core.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\abad45b9cc652ba7e38c4c837234c0ab\\System.Core.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\abad45b9cc652ba7e38c4c837234c0ab\\system.core.ni.dll")
Region:
id = 1430
start_va = 0x6c550000
end_va = 0x6c63efff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.configuration.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Configuration\\1b51e779650e38bb712f3e535efcf132\\System.Configuration.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.configuration\\1b51e779650e38bb712f3e535efcf132\\system.configuration.ni.dll")
Region:
id = 1431
start_va = 0x66740000
end_va = 0x66e55fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.xml.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Xml\\1f87b5140145c221b5201351fffc52d8\\System.Xml.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.xml\\1f87b5140145c221b5201351fffc52d8\\system.xml.ni.dll")
Region:
id = 1432
start_va = 0x4660000
end_va = 0x484ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004660000"
filename = ""
Region:
id = 1433
start_va = 0x5e430000
end_va = 0x5e4cbfff
monitored = 1
entry_point = 0x5e4be9b2
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1434
start_va = 0x4660000
end_va = 0x46fbfff
monitored = 1
entry_point = 0x46ee9b2
region_type = mapped_file
name = "microsoft.visualbasic.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\Microsoft.VisualBasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\Microsoft.VisualBasic.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_msil\\microsoft.visualbasic\\v4.0_10.0.0.0__b03f5f7f11d50a3a\\microsoft.visualbasic.dll")
Region:
id = 1435
start_va = 0x4840000
end_va = 0x484ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004840000"
filename = ""
Region:
id = 1436
start_va = 0x4700000
end_va = 0x47fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004700000"
filename = ""
Region:
id = 1437
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1438
start_va = 0x2180000
end_va = 0x218ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002180000"
filename = ""
Region:
id = 1439
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1440
start_va = 0x2190000
end_va = 0x219ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002190000"
filename = ""
Region:
id = 1441
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1442
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1443
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1444
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1445
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1446
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1447
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1448
start_va = 0x2150000
end_va = 0x215ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002150000"
filename = ""
Region:
id = 1449
start_va = 0x741b0000
end_va = 0x755aefff
monitored = 0
entry_point = 0x7436b990
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\SysWOW64\\shell32.dll" (normalized: "c:\\windows\\syswow64\\shell32.dll")
Region:
id = 1450
start_va = 0x75940000
end_va = 0x75976fff
monitored = 0
entry_point = 0x75943b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\SysWOW64\\cfgmgr32.dll" (normalized: "c:\\windows\\syswow64\\cfgmgr32.dll")
Region:
id = 1451
start_va = 0x75f10000
end_va = 0x76408fff
monitored = 0
entry_point = 0x76117610
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\SysWOW64\\windows.storage.dll" (normalized: "c:\\windows\\syswow64\\windows.storage.dll")
Region:
id = 1452
start_va = 0x76cf0000
end_va = 0x76d7cfff
monitored = 0
entry_point = 0x76d39b90
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\SysWOW64\\SHCore.dll" (normalized: "c:\\windows\\syswow64\\shcore.dll")
Region:
id = 1453
start_va = 0x766e0000
end_va = 0x76723fff
monitored = 0
entry_point = 0x766e7410
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\SysWOW64\\powrprof.dll" (normalized: "c:\\windows\\syswow64\\powrprof.dll")
Region:
id = 1454
start_va = 0x77450000
end_va = 0x7745efff
monitored = 0
entry_point = 0x77452e40
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\SysWOW64\\profapi.dll" (normalized: "c:\\windows\\syswow64\\profapi.dll")
Region:
id = 1455
start_va = 0x2150000
end_va = 0x2150fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002150000"
filename = ""
Region:
id = 1456
start_va = 0x73e30000
end_va = 0x73e4afff
monitored = 0
entry_point = 0x73e39050
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\SysWOW64\\bcrypt.dll" (normalized: "c:\\windows\\syswow64\\bcrypt.dll")
Region:
id = 1457
start_va = 0x70040000
end_va = 0x70052fff
monitored = 0
entry_point = 0x70049950
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\SysWOW64\\cryptsp.dll" (normalized: "c:\\windows\\syswow64\\cryptsp.dll")
Region:
id = 1458
start_va = 0x70010000
end_va = 0x7003efff
monitored = 0
entry_point = 0x700295e0
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\SysWOW64\\rsaenh.dll" (normalized: "c:\\windows\\syswow64\\rsaenh.dll")
Region:
id = 1459
start_va = 0x2190000
end_va = 0x21cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002190000"
filename = ""
Region:
id = 1460
start_va = 0x21d0000
end_va = 0x220ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000021d0000"
filename = ""
Region:
id = 1461
start_va = 0x4800000
end_va = 0x483ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004800000"
filename = ""
Region:
id = 1462
start_va = 0x4850000
end_va = 0x494ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004850000"
filename = ""
Region:
id = 1463
start_va = 0x4950000
end_va = 0x4a4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004950000"
filename = ""
Region:
id = 1464
start_va = 0x4a50000
end_va = 0x4b4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004a50000"
filename = ""
Region:
id = 1465
start_va = 0x4b50000
end_va = 0x4b50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b50000"
filename = ""
Region:
id = 1466
start_va = 0x76730000
end_va = 0x767b3fff
monitored = 0
entry_point = 0x76756220
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\SysWOW64\\clbcatq.dll" (normalized: "c:\\windows\\syswow64\\clbcatq.dll")
Region:
id = 1467
start_va = 0x4b60000
end_va = 0x4b60fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b60000"
filename = ""
Region:
id = 1468
start_va = 0x6bc50000
end_va = 0x6bc91fff
monitored = 1
entry_point = 0x6bc5f380
region_type = mapped_file
name = "wbemdisp.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.dll")
Region:
id = 1471
start_va = 0x6bbe0000
end_va = 0x6bc46fff
monitored = 0
entry_point = 0x6bbfb610
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\SysWOW64\\wbemcomn.dll" (normalized: "c:\\windows\\syswow64\\wbemcomn.dll")
Region:
id = 1472
start_va = 0x76c90000
end_va = 0x76ceefff
monitored = 0
entry_point = 0x76c94af0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\SysWOW64\\ws2_32.dll" (normalized: "c:\\windows\\syswow64\\ws2_32.dll")
Region:
id = 1473
start_va = 0x6c740000
end_va = 0x6c74cfff
monitored = 0
entry_point = 0x6c743520
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemprox.dll")
Region:
id = 1474
start_va = 0x6c720000
end_va = 0x6c73bfff
monitored = 0
entry_point = 0x6c72aa90
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wmiutils.dll")
Region:
id = 1478
start_va = 0x6bbc0000
end_va = 0x6bbd0fff
monitored = 0
entry_point = 0x6bbc8fa0
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\syswow64\\wbem\\wbemsvc.dll")
Region:
id = 1481
start_va = 0x6bb00000
end_va = 0x6bbbefff
monitored = 0
entry_point = 0x6bb31e80
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\SysWOW64\\wbem\\fastprox.dll" (normalized: "c:\\windows\\syswow64\\wbem\\fastprox.dll")
Region:
id = 1482
start_va = 0x6ba70000
end_va = 0x6baf0fff
monitored = 0
entry_point = 0x6ba8b260
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\SysWOW64\\sxs.dll" (normalized: "c:\\windows\\syswow64\\sxs.dll")
Region:
id = 1483
start_va = 0x4b70000
end_va = 0x4b7efff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "wbemdisp.tlb"
filename = "\\Windows\\SysWOW64\\wbem\\wbemdisp.tlb" (normalized: "c:\\windows\\syswow64\\wbem\\wbemdisp.tlb")
Region:
id = 1484
start_va = 0x4b80000
end_va = 0x4b81fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b80000"
filename = ""
Region:
id = 1485
start_va = 0x4b90000
end_va = 0x4b90fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004b90000"
filename = ""
Region:
id = 1486
start_va = 0x4ba0000
end_va = 0x4c7ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui")
Region:
id = 1487
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1488
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1489
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1490
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1491
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1492
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1493
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1495
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1496
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1497
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1498
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1499
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1500
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1501
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1502
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1503
start_va = 0x4c90000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 1504
start_va = 0x4c90000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 1505
start_va = 0x4c90000
end_va = 0x4c9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c90000"
filename = ""
Region:
id = 1507
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1508
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1509
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1510
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1511
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1512
start_va = 0x4c80000
end_va = 0x4c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004c80000"
filename = ""
Region:
id = 1606
start_va = 0x6ba50000
end_va = 0x6ba67fff
monitored = 1
entry_point = 0x6ba55480
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1608
start_va = 0x4c80000
end_va = 0x4c97fff
monitored = 1
entry_point = 0x4c85480
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1609
start_va = 0x4ca0000
end_va = 0x4caffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ca0000"
filename = ""
Region:
id = 1610
start_va = 0x6ba50000
end_va = 0x6ba67fff
monitored = 1
entry_point = 0x6ba55480
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1611
start_va = 0x4cb0000
end_va = 0x4cc7fff
monitored = 1
entry_point = 0x4cb5480
region_type = mapped_file
name = "custommarshalers.dll"
filename = "\\Windows\\Microsoft.NET\\assembly\\GAC_32\\CustomMarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\CustomMarshalers.dll" (normalized: "c:\\windows\\microsoft.net\\assembly\\gac_32\\custommarshalers\\v4.0_4.0.0.0__b03f5f7f11d50a3a\\custommarshalers.dll")
Region:
id = 1612
start_va = 0x4cb0000
end_va = 0x4cbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cb0000"
filename = ""
Region:
id = 1613
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1614
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1617
start_va = 0x4cc0000
end_va = 0x4ccffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cc0000"
filename = ""
Region:
id = 1620
start_va = 0x4cc0000
end_va = 0x4cc4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\SysWOW64\\stdole2.tlb" (normalized: "c:\\windows\\syswow64\\stdole2.tlb")
Region:
id = 1621
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1622
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1623
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1624
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1625
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1626
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1627
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1628
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1630
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1631
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1632
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1633
start_va = 0x4cd0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1634
start_va = 0x4ce0000
end_va = 0x4ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ce0000"
filename = ""
Region:
id = 1635
start_va = 0x4ce0000
end_va = 0x4ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ce0000"
filename = ""
Region:
id = 1636
start_va = 0x4ce0000
end_va = 0x4ceffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ce0000"
filename = ""
Region:
id = 1637
start_va = 0x66620000
end_va = 0x6673bfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "system.management.ni.dll"
filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Management\\d2f554a0c84513cd793fdcd77a86dab1\\System.Management.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.management\\d2f554a0c84513cd793fdcd77a86dab1\\system.management.ni.dll")
Region:
id = 1638
start_va = 0x4cd0000
end_va = 0x4d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004cd0000"
filename = ""
Region:
id = 1639
start_va = 0x4d10000
end_va = 0x4e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d10000"
filename = ""
Region:
id = 1640
start_va = 0x7fe60000
end_va = 0x7feaffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe60000"
filename = ""
Region:
id = 1641
start_va = 0x7fe50000
end_va = 0x7fe5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007fe50000"
filename = ""
Region:
id = 1642
start_va = 0x4e10000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 1643
start_va = 0x4e50000
end_va = 0x4f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e50000"
filename = ""
Region:
id = 1645
start_va = 0x6c710000
end_va = 0x6c719fff
monitored = 1
entry_point = 0x6c7139f9
region_type = mapped_file
name = "wminet_utils.dll"
filename = "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\WMINet_Utils.dll" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\wminet_utils.dll")
Region:
id = 1714
start_va = 0x4f50000
end_va = 0x4f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f50000"
filename = ""
Region:
id = 1716
start_va = 0x4f50000
end_va = 0x4f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f50000"
filename = ""
Region:
id = 1717
start_va = 0x4f50000
end_va = 0x4f5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004f50000"
filename = ""
Region:
id = 1718
start_va = 0x4e10000
end_va = 0x4e4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e10000"
filename = ""
Region:
id = 1719
start_va = 0x4e50000
end_va = 0x4f4ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004e50000"
filename = ""
Region:
id = 1721
start_va = 0x4f50000
end_va = 0x4f54fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004f50000"
filename = ""
Thread:
id = 115
os_tid = 0x11b4
[0202.306] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0
[0202.396] RoInitialize () returned 0x1
[0202.396] RoUninitialize () returned 0x0
[0203.378] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x248
[0203.379] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x24c
[0203.442] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20019, phkResult=0x19e60c | out: phkResult=0x19e60c*=0x25c) returned 0x0
[0203.443] RegQueryValueExW (in: hKey=0x25c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e62c, lpData=0x0, lpcbData=0x19e628*=0x0 | out: lpType=0x19e62c*=0x1, lpData=0x0, lpcbData=0x19e628*=0xe) returned 0x0
[0203.443] RegQueryValueExW (in: hKey=0x25c, lpValueName="InstallationType", lpReserved=0x0, lpType=0x19e62c, lpData=0x2224858, lpcbData=0x19e628*=0xe | out: lpType=0x19e62c*=0x1, lpData="Client", lpcbData=0x19e628*=0xe) returned 0x0
[0203.444] RegCloseKey (hKey=0x25c) returned 0x0
[0203.757] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", nBufferLength=0x105, lpBuffer=0x19dfc8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", lpFilePart=0x0) returned 0x69
[0203.759] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", nBufferLength=0x105, lpBuffer=0x19df70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", lpFilePart=0x0) returned 0x69
[0204.243] GetCurrentProcess () returned 0xffffffff
[0204.244] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e328 | out: TokenHandle=0x19e328*=0x25c) returned 1
[0204.249] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x19de04, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0204.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e328 | out: lpFileInformation=0x19e328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0204.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ddd0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0204.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19e328 | out: lpFileInformation=0x19e328*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0204.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x19dd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43
[0204.257] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19e254) returned 1
[0204.258] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x260
[0204.258] GetFileType (hFile=0x260) returned 0x1
[0204.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19e250) returned 1
[0204.258] GetFileType (hFile=0x260) returned 0x1
[0204.341] GetFileSize (in: hFile=0x260, lpFileSizeHigh=0x19e31c | out: lpFileSizeHigh=0x19e31c*=0x0) returned 0x8c8f
[0204.341] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e2d8, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e2d8*=0x1000, lpOverlapped=0x0) returned 1
[0204.355] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e174, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e174*=0x1000, lpOverlapped=0x0) returned 1
[0204.360] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e028, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e028*=0x1000, lpOverlapped=0x0) returned 1
[0204.361] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e028, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e028*=0x1000, lpOverlapped=0x0) returned 1
[0204.361] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e028, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e028*=0x1000, lpOverlapped=0x0) returned 1
[0204.362] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19df60, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19df60*=0x1000, lpOverlapped=0x0) returned 1
[0204.367] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0dc, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e0dc*=0x1000, lpOverlapped=0x0) returned 1
[0204.370] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff0, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19dff0*=0x1000, lpOverlapped=0x0) returned 1
[0204.370] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19dff0, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19dff0*=0xc8f, lpOverlapped=0x0) returned 1
[0204.370] ReadFile (in: hFile=0x260, lpBuffer=0x2228650, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x19e0b0, lpOverlapped=0x0 | out: lpBuffer=0x2228650*, lpNumberOfBytesRead=0x19e0b0*=0x0, lpOverlapped=0x0) returned 1
[0204.370] CloseHandle (hObject=0x260) returned 1
[0204.372] GetCurrentProcess () returned 0xffffffff
[0204.372] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e450 | out: TokenHandle=0x19e450*=0x260) returned 1
[0204.372] GetCurrentProcess () returned 0xffffffff
[0204.372] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e450 | out: TokenHandle=0x19e450*=0x264) returned 1
[0204.373] GetCurrentProcess () returned 0xffffffff
[0204.373] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e328 | out: TokenHandle=0x19e328*=0x268) returned 1
[0204.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e328 | out: lpFileInformation=0x19e328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0204.373] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", nBufferLength=0x105, lpBuffer=0x19ddd0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config", lpFilePart=0x0) returned 0x69
[0204.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9eeac4773d7f0e7f4303baed25c04f0b138e55f9fa7e7c718e3e6599a2e41513.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x19e328 | out: lpFileInformation=0x19e328*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0
[0204.374] GetCurrentProcess () returned 0xffffffff
[0204.374] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e450 | out: TokenHandle=0x19e450*=0x26c) returned 1
[0204.411] GetCurrentProcess () returned 0xffffffff
[0204.411] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e450 | out: TokenHandle=0x19e450*=0x270) returned 1
[0204.426] GetCurrentProcess () returned 0xffffffff
[0204.426] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e214 | out: TokenHandle=0x19e214*=0x274) returned 1
[0204.532] GetCurrentProcess () returned 0xffffffff
[0204.532] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x19e228 | out: TokenHandle=0x19e228*=0x278) returned 1
[0204.557] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\AppContext", ulOptions=0x0, samDesired=0x20019, phkResult=0x19def0 | out: phkResult=0x19def0*=0x0) returned 0x2
[0204.601] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319", ulOptions=0x0, samDesired=0x20019, phkResult=0x19f408 | out: phkResult=0x19f408*=0x27c) returned 0x0
[0204.601] RegQueryValueExW (in: hKey=0x27c, lpValueName="SchUseStrongCrypto", lpReserved=0x0, lpType=0x19f424, lpData=0x0, lpcbData=0x19f420*=0x0 | out: lpType=0x19f424*=0x0, lpData=0x0, lpcbData=0x19f420*=0x0) returned 0x2
[0204.602] RegCloseKey (hKey=0x27c) returned 0x0
[0204.792] GetCurrentProcessId () returned 0x11a8
[0204.793] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x19ed74 | out: lpLuid=0x19ed74*(LowPart=0x14, HighPart=0)) returned 1
[0204.796] GetCurrentProcess () returned 0xffffffff
[0204.796] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x19ed70 | out: TokenHandle=0x19ed70*=0x28c) returned 1
[0204.797] AdjustTokenPrivileges (in: TokenHandle=0x28c, DisableAllPrivileges=0, NewState=0x2245020*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1
[0204.797] CloseHandle (hObject=0x28c) returned 1
[0204.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32294b0, Length=0x20000, ResultLength=0x19f454 | out: SystemInformation=0x32294b0, ResultLength=0x19f454*=0x18118) returned 0x0
[0204.880] GetCurrentProcessId () returned 0x11a8
[0204.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32294b0, Length=0x20000, ResultLength=0x19f444 | out: SystemInformation=0x32294b0, ResultLength=0x19f444*=0x18118) returned 0x0
[0205.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee2c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0205.183] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", nBufferLength=0x105, lpBuffer=0x19ee94, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config", lpFilePart=0x0) returned 0x43
[0205.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x19f2f4) returned 1
[0205.183] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x19f370 | out: lpFileInformation=0x19f370*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x56a29ff, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0x97df7583, ftLastAccessTime.dwHighDateTime=0x1d112e3, ftLastWriteTime.dwLowDateTime=0x97df7583, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1
[0205.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x19f2f0) returned 1
[0205.373] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x19f07c | out: pfEnabled=0x19f07c) returned 0x0
[0205.512] CreateBindCtx (in: reserved=0x0, ppbc=0x19f420 | out: ppbc=0x19f420*=0x602440) returned 0x0
[0205.513] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eedc | out: ppvObject=0x19eedc*=0x602440) returned 0x0
[0205.513] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee98 | out: ppvObject=0x19ee98*=0x0) returned 0x80004002
[0205.513] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b4dfb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecb4 | out: ppvObject=0x19ecb4*=0x0) returned 0x80004002
[0205.513] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea8c | out: ppvObject=0x19ea8c*=0x0) returned 0x80004002
[0205.513] IUnknown:AddRef (This=0x602440) returned 0x3
[0205.514] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7f4 | out: ppvObject=0x19e7f4*=0x0) returned 0x80004002
[0205.514] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7a4 | out: ppvObject=0x19e7a4*=0x0) returned 0x80004002
[0205.514] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7b0 | out: ppvObject=0x19e7b0*=0x0) returned 0x80004002
[0205.514] CoGetContextToken (in: pToken=0x19e810 | out: pToken=0x19e810) returned 0x0
[0205.514] CObjectContext::QueryInterface () returned 0x0
[0205.514] CObjectContext::GetCurrentApartmentType () returned 0x0
[0205.514] Release () returned 0x0
[0205.514] CoGetObjectContext (in: riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x626c94 | out: ppv=0x626c94*=0x5f20a0) returned 0x0
[0205.645] CoGetContextToken (in: pToken=0x19ec18 | out: pToken=0x19ec18) returned 0x0
[0205.645] IUnknown:QueryInterface (in: This=0x602440, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eca8 | out: ppvObject=0x19eca8*=0x0) returned 0x80004002
[0205.646] IUnknown:Release (This=0x602440) returned 0x2
[0205.646] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0
[0205.647] CoGetContextToken (in: pToken=0x19f150 | out: pToken=0x19f150) returned 0x0
[0205.647] IUnknown:QueryInterface (in: This=0x602440, riid=0x19f220*(Data1=0xe, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f21c | out: ppvObject=0x19f21c*=0x602440) returned 0x0
[0205.647] IUnknown:AddRef (This=0x602440) returned 0x4
[0205.647] IUnknown:Release (This=0x602440) returned 0x3
[0205.647] IUnknown:Release (This=0x602440) returned 0x2
[0205.648] CoGetContextToken (in: pToken=0x19f268 | out: pToken=0x19f268) returned 0x0
[0205.648] IUnknown:AddRef (This=0x602440) returned 0x3
[0205.648] MkParseDisplayName (in: pbc=0x602440, szUserName="WinMgmts:", pchEaten=0x19f454, ppmk=0x19f40c | out: pchEaten=0x19f454, ppmk=0x19f40c*=0x632d68) returned 0x0
[0206.619] malloc (_Size=0x80) returned 0x932c60
[0206.620] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62df00
[0206.620] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0206.621] DllGetClassObject (in: rclsid=0x637204*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x769c7590*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f1f8 | out: ppv=0x19f1f8*=0x62de10) returned 0x0
[0206.621] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62de10
[0206.621] WinMGMTS:IClassFactory:CreateInstance (in: This=0x62de10, pUnkOuter=0x0, riid=0x767c6800*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1a0 | out: ppvObject=0x19f1a0*=0x62cd78) returned 0x0
[0206.623] GetVersionExW (in: lpVersionInformation=0x19ef58*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x19efb8, dwMinorVersion=0x7642234f, dwBuildNumber=0xc0150008, dwPlatformId=0x0, szCSDVersion="\≶) | out: lpVersionInformation=0x19ef58*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x2, dwBuildNumber=0x23f0, dwPlatformId=0x2, szCSDVersion="")) returned 1
[0206.623] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19ef50 | out: phkResult=0x19ef50*=0x37c) returned 0x0
[0206.623] RegQueryValueExW (in: hKey=0x37c, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x19ef48, lpcbData=0x19ef54*=0x4 | out: lpType=0x0, lpData=0x19ef48*=0x3, lpcbData=0x19ef54*=0x4) returned 0x0
[0206.623] RegCloseKey (hKey=0x37c) returned 0x0
[0206.623] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x638b78
[0206.623] GetSystemDirectoryW (in: lpBuffer=0x638b78, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13
[0206.623] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x76b70000
[0206.624] GetProcAddress (hModule=0x76b70000, lpProcName="DuplicateTokenEx") returned 0x76b90ad0
[0206.624] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0206.624] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x632b88
[0206.624] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62cd78
[0206.624] WinMGMTS:IUnknown:Release (This=0x62de10) returned 0x0
[0206.624] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0206.625] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x62cd78, pbc=0x602440, pszDisplayName="WinMgmts:", pchEaten=0x19f3b0, ppmkOut=0x19f3ac | out: pchEaten=0x19f3b0*=0x9, ppmkOut=0x19f3ac*=0x632d68) returned 0x0
[0206.625] ApiSetQueryApiSetPresence () returned 0x0
[0206.625] _wcsnicmp (_String1="WinMgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0
[0206.625] IBindCtx:GetObjectParam (in: This=0x602440, pszKey=0x6bc53e5c, ppunk=0x19f258 | out: ppunk=0x19f258*=0x0) returned 0x80004005
[0206.625] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c4d88
[0206.625] _wcsnicmp (_String1="", _String2="{", _MaxCount=0x1) returned -123
[0206.625] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x604650
[0206.625] ResolveDelayLoadedAPI () returned 0x76a30060
[0206.626] CoCreateInstance (in: rclsid=0x6bc51c58*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6bc51c48*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x604668 | out: ppv=0x604668*=0x62cc58) returned 0x0
[0206.800] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6049f8
[0206.800] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6040c8
[0206.800] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c5068
[0206.800] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0206.801] GetCurrentThreadId () returned 0x11b4
[0206.801] _wcsnicmp (_String1="", _String2="[", _MaxCount=0x1) returned -91
[0206.801] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0206.801] GetCurrentThreadId () returned 0x11b4
[0206.802] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x19f0cc | out: phkResult=0x19f0cc*=0x388) returned 0x0
[0206.802] RegQueryValueExW (in: hKey=0x388, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x19f0d0*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x19f0d0*=0x16) returned 0x0
[0206.802] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c4e88
[0206.802] RegQueryValueExW (in: hKey=0x388, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x5c4e88, lpcbData=0x19f0d0*=0x16 | out: lpType=0x0, lpData=0x5c4e88*=0x72, lpcbData=0x19f0d0*=0x16) returned 0x0
[0206.802] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5c5108
[0206.803] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0206.803] RegCloseKey (hKey=0x388) returned 0x0
[0206.803] CoCreateInstance (in: rclsid=0x6bc521a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6bc521b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f104 | out: ppv=0x19f104*=0x61c488) returned 0x0
[0207.063] SysStringLen (param_1=".") returned 0x1
[0207.063] WbemDefPath:IWbemPath:SetServer (This=0x61c488, Name=".") returned 0x0
[0207.063] CoCreateInstance (in: rclsid=0x6bc521a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6bc521b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f0b0 | out: ppv=0x19f0b0*=0x6017f8) returned 0x0
[0207.063] CoCreateInstance (in: rclsid=0x6bc521a8*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6bc521b8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x19f04c | out: ppv=0x19f04c*=0x5faad8) returned 0x0
[0207.063] WbemDefPath:IWbemPath:SetText (This=0x5faad8, uMode=0x4, pszPath="root\\cimv2") returned 0x0
[0207.063] WbemDefPath:IUnknown:Release (This=0x5faad8) returned 0x0
[0207.063] SysStringLen (param_1="root\\cimv2") returned 0xa
[0207.064] WbemDefPath:IWbemPath:SetText (This=0x6017f8, uMode=0xc, pszPath="root\\cimv2") returned 0x0
[0207.064] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x6017f8, puCount=0x19f0c8 | out: puCount=0x19f0c8*=0x2) returned 0x0
[0207.064] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x61c488) returned 0x0
[0207.064] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6017f8, uIndex=0x0, puNameBufLength=0x19f084*=0x0, pName=0x0 | out: puNameBufLength=0x19f084*=0x5, pName=0x0) returned 0x0
[0207.064] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62e098
[0207.064] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6017f8, uIndex=0x0, puNameBufLength=0x19f084*=0x5, pName="root" | out: puNameBufLength=0x19f084*=0x5, pName="root") returned 0x0
[0207.064] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0207.064] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x61c488, uIndex=0x0, pszName="root") returned 0x0
[0207.064] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6017f8, uIndex=0x1, puNameBufLength=0x19f084*=0x0, pName=0x0 | out: puNameBufLength=0x19f084*=0x6, pName=0x0) returned 0x0
[0207.064] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x639c48
[0207.064] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x6017f8, uIndex=0x1, puNameBufLength=0x19f084*=0x6, pName="" | out: puNameBufLength=0x19f084*=0x6, pName="cimv2") returned 0x0
[0207.064] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0207.064] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x61c488, uIndex=0x1, pszName="cimv2") returned 0x0
[0207.064] WbemDefPath:IUnknown:Release (This=0x6017f8) returned 0x0
[0207.064] WbemDefPath:IWbemPath:GetText (in: This=0x61c488, lFlags=4, puBuffLength=0x19f0cc*=0x0, pszText=0x0 | out: puBuffLength=0x19f0cc*=0xf, pszText=0x0) returned 0x0
[0207.065] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x632ae8
[0207.065] WbemDefPath:IWbemPath:GetText (in: This=0x61c488, lFlags=4, puBuffLength=0x19f0cc*=0xf, pszText="cimv2" | out: puBuffLength=0x19f0cc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0207.065] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0207.065] WbemDefPath:IUnknown:Release (This=0x61c488) returned 0x0
[0207.065] WbemLocator:IWbemLocator:ConnectServer (in: This=0x62cc58, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x19f14c | out: ppNamespace=0x19f14c*=0x63f790) returned 0x0
[0208.265] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x5faad8
[0208.265] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x604308
[0208.265] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62f038
[0208.266] WbemLocator:IUnknown:QueryInterface (in: This=0x63f790, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f13c | out: ppvObject=0x19f13c*=0x63c344) returned 0x0
[0208.266] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x63c344, pProxy=0x63f790, pAuthnSvc=0x19f118, pAuthzSvc=0x19f11c, pServerPrincName=0x0, pAuthnLevel=0x19f18c, pImpLevel=0x19f194, pAuthInfo=0x0, pCapabilites=0x19f120 | out: pAuthnSvc=0x19f118*=0xa, pAuthzSvc=0x19f11c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f18c*=0x6, pImpLevel=0x19f194*=0x2, pAuthInfo=0x0, pCapabilites=0x19f120*=0x1) returned 0x0
[0208.266] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x1
[0208.266] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0208.266] GetCurrentThreadId () returned 0x11b4
[0208.266] WbemLocator:IUnknown:QueryInterface (in: This=0x63f790, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1b4 | out: ppvObject=0x19f1b4*=0x63c344) returned 0x0
[0208.267] WbemLocator:IClientSecurity:CopyProxy (in: This=0x63c344, pProxy=0x63f790, ppCopy=0x19f1d8 | out: ppCopy=0x19f1d8*=0x63f100) returned 0x0
[0208.267] WbemLocator:IUnknown:QueryInterface (in: This=0x63f100, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f050 | out: ppvObject=0x19f050*=0x63c344) returned 0x0
[0208.267] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x63c344, pProxy=0x63f100, pAuthnSvc=0x19f080, pAuthzSvc=0x19f07c, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19f080*=0xa, pAuthzSvc=0x19f07c*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0208.267] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x3
[0208.267] WbemLocator:IUnknown:QueryInterface (in: This=0x63f100, riid=0x6bc51f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f034 | out: ppvObject=0x19f034*=0x63c368) returned 0x0
[0208.267] WbemLocator:IUnknown:QueryInterface (in: This=0x63f100, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f038 | out: ppvObject=0x19f038*=0x63c344) returned 0x0
[0208.267] WbemLocator:IClientSecurity:SetBlanket (This=0x63c344, pProxy=0x63f100, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0208.268] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x4
[0208.268] WbemLocator:IUnknown:Release (This=0x63c368) returned 0x3
[0208.268] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x2
[0208.268] WbemLocator:IUnknown:AddRef (This=0x63f100) returned 0x3
[0208.268] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603dc8
[0208.268] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x639bd0
[0208.268] WbemLocator:IUnknown:Release (This=0x63f790) returned 0x2
[0208.269] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0208.269] GetCurrentThreadId () returned 0x11b4
[0208.269] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0208.269] GetCurrentThreadId () returned 0x11b4
[0208.269] WbemLocator:IUnknown:QueryInterface (in: This=0x63f100, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f1dc | out: ppvObject=0x19f1dc*=0x63c344) returned 0x0
[0208.269] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x63c344, pProxy=0x63f100, pAuthnSvc=0x19f1c8, pAuthzSvc=0x19f1cc, pServerPrincName=0x0, pAuthnLevel=0x19f1d8, pImpLevel=0x19f1d4, pAuthInfo=0x0, pCapabilites=0x19f1d0 | out: pAuthnSvc=0x19f1c8*=0xa, pAuthzSvc=0x19f1cc*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f1d8*=0x6, pImpLevel=0x19f1d4*=0x3, pAuthInfo=0x0, pCapabilites=0x19f1d0*=0x20) returned 0x0
[0208.269] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x2
[0208.269] ResolveDelayLoadedAPI () returned 0x767f2060
[0208.270] CreatePointerMoniker (in: punk=0x5faad8, ppmk=0x19f3ac | out: ppmk=0x19f3ac*=0x632d68) returned 0x0
[0208.270] IUnknown:AddRef (This=0x5faad8) returned 0x2
[0208.273] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0208.273] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0208.273] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0208.273] WbemLocator:IUnknown:Release (This=0x62cc58) returned 0x0
[0208.273] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0208.274] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0208.275] WinMGMTS:IUnknown:Release (This=0x62cd78) returned 0x0
[0208.275] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0208.283] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eed0 | out: ppvObject=0x19eed0*=0x632d68) returned 0x0
[0208.285] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee8c | out: ppvObject=0x19ee8c*=0x0) returned 0x80004002
[0208.285] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b4dfb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ecac | out: ppvObject=0x19ecac*=0x0) returned 0x80004002
[0208.285] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea84 | out: ppvObject=0x19ea84*=0x0) returned 0x80004002
[0208.285] IUnknown:AddRef (This=0x632d68) returned 0x3
[0208.285] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7ec | out: ppvObject=0x19e7ec*=0x0) returned 0x80004002
[0208.285] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e79c | out: ppvObject=0x19e79c*=0x0) returned 0x80004002
[0208.285] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e7a8 | out: ppvObject=0x19e7a8*=0x632d7c) returned 0x0
[0208.286] IMarshal:GetUnmarshalClass (in: This=0x632d7c, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e7b0 | out: pCid=0x19e7b0*(Data1=0x306, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0208.286] IUnknown:Release (This=0x632d7c) returned 0x3
[0208.286] CoGetContextToken (in: pToken=0x19e808 | out: pToken=0x19e808) returned 0x0
[0208.286] CoGetContextToken (in: pToken=0x19ec10 | out: pToken=0x19ec10) returned 0x0
[0208.286] IUnknown:QueryInterface (in: This=0x632d68, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eca0 | out: ppvObject=0x19eca0*=0x0) returned 0x80004002
[0208.287] IUnknown:Release (This=0x632d68) returned 0x2
[0208.287] CoGetContextToken (in: pToken=0x19f1e0 | out: pToken=0x19f1e0) returned 0x0
[0208.287] CoGetContextToken (in: pToken=0x19f140 | out: pToken=0x19f140) returned 0x0
[0208.287] IUnknown:QueryInterface (in: This=0x632d68, riid=0x19f210*(Data1=0xf, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f20c | out: ppvObject=0x19f20c*=0x632d68) returned 0x0
[0208.287] IUnknown:AddRef (This=0x632d68) returned 0x4
[0208.287] IUnknown:Release (This=0x632d68) returned 0x3
[0208.287] IUnknown:Release (This=0x602440) returned 0x2
[0208.287] IUnknown:Release (This=0x632d68) returned 0x2
[0208.291] CoGetContextToken (in: pToken=0x19f270 | out: pToken=0x19f270) returned 0x0
[0208.291] IUnknown:AddRef (This=0x632d68) returned 0x3
[0208.292] BindMoniker (in: pmk=0x632d68, grfOpt=0x0, iidResult=0x22c12dc*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x19f410 | out: ppvResult=0x19f410*=0x5faad8) returned 0x0
[0208.292] IUnknown:QueryInterface (in: This=0x5faad8, riid=0x22c12dc*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f410 | out: ppvObject=0x19f410*=0x5faad8) returned 0x0
[0208.293] LoadRegTypeLib (in: rguid=0x6bc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19ec6c*=0x0 | out: pptlib=0x19ec6c*=0x643c60) returned 0x0
[0208.541] ITypeLib:GetTypeInfoOfGuid (in: This=0x643c60, GUID=0x5fab1c*(Data1=0x62e522dc, Data2=0x8cf3, Data3=0x40a8, Data4=([0]=0x8b, [1]=0x2e, [2]=0x37, [3]=0xd5, [4]=0x95, [5]=0x65, [6]=0x1e, [7]=0x40)), ppTInfo=0x5fab04 | out: ppTInfo=0x5fab04*=0x6456b4) returned 0x0
[0208.543] IUnknown:Release (This=0x643c60) returned 0x1
[0208.614] CoGetContextToken (in: pToken=0x19e808 | out: pToken=0x19e808) returned 0x0
[0208.614] CoGetContextToken (in: pToken=0x19ec10 | out: pToken=0x19ec10) returned 0x0
[0208.614] IUnknown:Release (This=0x632d68) returned 0x2
[0209.132] CoGetContextToken (in: pToken=0x19eef0 | out: pToken=0x19eef0) returned 0x0
[0209.132] LoadRegTypeLib (in: rguid=0x6bc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eed8*=0x0 | out: pptlib=0x19eed8*=0x643c60) returned 0x0
[0209.134] ITypeLib:GetTypeInfoOfGuid (in: This=0x643c60, GUID=0x5fab0c*(Data1=0xd2f68443, Data2=0x85dc, Data3=0x427e, Data4=([0]=0x91, [1]=0xd8, [2]=0x36, [3]=0x65, [4]=0x54, [5]=0xcc, [6]=0x75, [7]=0x4c)), ppTInfo=0x5fab00 | out: ppTInfo=0x5fab00*=0x6456e0) returned 0x0
[0209.135] IUnknown:Release (This=0x643c60) returned 0x2
[0209.135] IUnknown:AddRef (This=0x6456e0) returned 0x2
[0209.135] DispGetIDsOfNames (in: ptinfo=0x6456e0, rgszNames=0x19ef60*="InstancesOf", cNames=0x1, rgdispid=0x19ef50 | out: rgdispid=0x19ef50*=5) returned 0x0
[0209.137] IUnknown:Release (This=0x6456e0) returned 0x1
[0209.138] IUnknown:AddRef (This=0x6456e0) returned 0x2
[0209.138] ITypeInfo:LocalInvoke (This=0x6456e0) returned 0x0
[0209.139] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0209.139] GetCurrentThreadId () returned 0x11b4
[0209.140] WbemLocator:IUnknown:AddRef (This=0x63f100) returned 0x3
[0209.140] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0209.140] GetCurrentThreadId () returned 0x11b4
[0209.140] IWbemServices:CreateInstanceEnum (in: This=0x63f100, strFilter="Win32_BaseBoard", lFlags=16, pCtx=0x0, ppEnum=0x19e764 | out: ppEnum=0x19e764*=0x63bd90) returned 0x0
[0209.237] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x603fa8
[0209.237] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x604008
[0209.237] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6040c8
[0209.237] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x639bb0
[0209.237] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62eec8
[0209.237] IUnknown:QueryInterface (in: This=0x63bd90, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e60c | out: ppvObject=0x19e60c*=0x63bd94) returned 0x0
[0209.238] IClientSecurity:QueryBlanket (in: This=0x63bd94, pProxy=0x63bd90, pAuthnSvc=0x19e5f8, pAuthzSvc=0x19e600, pServerPrincName=0x0, pAuthnLevel=0x19e634, pImpLevel=0x19e638, pAuthInfo=0x0, pCapabilites=0x19e5fc | out: pAuthnSvc=0x19e5f8*=0xa, pAuthzSvc=0x19e600*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e634*=0x6, pImpLevel=0x19e638*=0x2, pAuthInfo=0x0, pCapabilites=0x19e5fc*=0x1) returned 0x0
[0209.238] IUnknown:Release (This=0x63bd94) returned 0x1
[0209.238] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0209.238] GetCurrentThreadId () returned 0x11b4
[0209.238] WbemLocator:IUnknown:QueryInterface (in: This=0x63f100, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5fc | out: ppvObject=0x19e5fc*=0x63c344) returned 0x0
[0209.238] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x63c344, pProxy=0x63f100, pAuthnSvc=0x19e5e4, pAuthzSvc=0x19e5e8, pServerPrincName=0x0, pAuthnLevel=0x19e5f4, pImpLevel=0x19e5f8, pAuthInfo=0x0, pCapabilites=0x19e5ec | out: pAuthnSvc=0x19e5e4*=0xa, pAuthzSvc=0x19e5e8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5f4*=0x6, pImpLevel=0x19e5f8*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5ec*=0x20) returned 0x0
[0209.239] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x3
[0209.239] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0209.239] GetCurrentThreadId () returned 0x11b4
[0209.239] WbemLocator:IUnknown:QueryInterface (in: This=0x63f100, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e5fc | out: ppvObject=0x19e5fc*=0x63c344) returned 0x0
[0209.239] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x63c344, pProxy=0x63f100, pAuthnSvc=0x19e5e4, pAuthzSvc=0x19e5e8, pServerPrincName=0x0, pAuthnLevel=0x19e5f8, pImpLevel=0x19e5f4, pAuthInfo=0x0, pCapabilites=0x19e5ec | out: pAuthnSvc=0x19e5e4*=0xa, pAuthzSvc=0x19e5e8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e5f8*=0x6, pImpLevel=0x19e5f4*=0x3, pAuthInfo=0x0, pCapabilites=0x19e5ec*=0x20) returned 0x0
[0209.239] WbemLocator:IUnknown:Release (This=0x63c344) returned 0x3
[0209.239] IUnknown:QueryInterface (in: This=0x63bd90, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e62c | out: ppvObject=0x19e62c*=0x63bd94) returned 0x0
[0209.311] IClientSecurity:CopyProxy (in: This=0x63bd94, pProxy=0x63bd90, ppCopy=0x19e630 | out: ppCopy=0x19e630*=0x646cb0) returned 0x0
[0209.311] IUnknown:QueryInterface (in: This=0x646cb0, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e584 | out: ppvObject=0x19e584*=0x646cb4) returned 0x0
[0209.311] IClientSecurity:QueryBlanket (in: This=0x646cb4, pProxy=0x646cb0, pAuthnSvc=0x19e5b4, pAuthzSvc=0x19e5b0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e5b4*=0xa, pAuthzSvc=0x19e5b0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0209.311] IUnknown:Release (This=0x646cb4) returned 0x3
[0209.311] IUnknown:QueryInterface (in: This=0x646cb0, riid=0x6bc51f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e568 | out: ppvObject=0x19e568*=0x63c9c8) returned 0x0
[0209.312] IUnknown:QueryInterface (in: This=0x646cb0, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e56c | out: ppvObject=0x19e56c*=0x646cb4) returned 0x0
[0209.312] IClientSecurity:SetBlanket (This=0x646cb4, pProxy=0x646cb0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0209.686] IUnknown:Release (This=0x646cb4) returned 0x4
[0209.686] WbemLocator:IUnknown:Release (This=0x63c9c8) returned 0x3
[0209.686] IUnknown:Release (This=0x63bd94) returned 0x2
[0209.686] IUnknown:AddRef (This=0x646cb0) returned 0x3
[0209.686] IUnknown:Release (This=0x63bd90) returned 0x2
[0209.686] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19e720 | out: pperrinfo=0x19e720*=0x0) returned 0x1
[0209.686] WbemLocator:IUnknown:Release (This=0x63f100) returned 0x2
[0209.686] IUnknown:Release (This=0x6456e0) returned 0x1
[0209.687] LoadRegTypeLib (in: rguid=0x6bc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19e734*=0x0 | out: pptlib=0x19e734*=0x643c60) returned 0x0
[0209.688] ITypeLib:GetTypeInfoOfGuid (in: This=0x643c60, GUID=0x603fe0*(Data1=0x4b83d61, Data2=0x21ae, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x33, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x603fc8 | out: ppTInfo=0x603fc8*=0x6457e8) returned 0x0
[0209.689] IUnknown:Release (This=0x643c60) returned 0x3
[0209.689] IUnknown:AddRef (This=0x6457e8) returned 0x2
[0209.689] ITypeInfo:RemoteGetTypeAttr (in: This=0x6457e8, ppTypeAttr=0x19e770, pDummy=0xb77467cc | out: ppTypeAttr=0x19e770, pDummy=0xb77467cc) returned 0x0
[0209.775] ITypeInfo:LocalReleaseTypeAttr (This=0x6457e8) returned 0x0
[0209.775] IUnknown:Release (This=0x6457e8) returned 0x1
[0209.775] CoGetContextToken (in: pToken=0x19e2d0 | out: pToken=0x19e2d0) returned 0x0
[0209.776] CoGetContextToken (in: pToken=0x19e6d8 | out: pToken=0x19e6d8) returned 0x0
[0209.776] CoGetContextToken (in: pToken=0x19f2b0 | out: pToken=0x19f2b0) returned 0x0
[0209.776] CoGetContextToken (in: pToken=0x19f210 | out: pToken=0x19f210) returned 0x0
[0209.777] CoGetContextToken (in: pToken=0x19f230 | out: pToken=0x19f230) returned 0x0
[0209.777] LoadRegTypeLib (in: rguid=0x6bc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x400, pptlib=0x19f220*=0x0 | out: pptlib=0x19f220*=0x643c60) returned 0x0
[0209.779] ITypeLib:GetTypeInfoOfGuid (in: This=0x643c60, GUID=0x603fd0*(Data1=0x76a6415f, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), ppTInfo=0x603fc4 | out: ppTInfo=0x603fc4*=0x645790) returned 0x0
[0209.779] IUnknown:Release (This=0x643c60) returned 0x4
[0209.779] IUnknown:AddRef (This=0x645790) returned 0x2
[0209.779] ITypeInfo:LocalInvoke (This=0x645790) returned 0x0
[0209.779] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0209.779] GetCurrentThreadId () returned 0x11b4
[0209.779] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x646578
[0209.779] IUnknown:Release (This=0x645790) returned 0x1
[0209.779] ?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z () returned 0x1
[0210.336] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5ff5a8
[0210.344] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x5ff740
[0210.485] CoGetContextToken (in: pToken=0x19ef60 | out: pToken=0x19ef60) returned 0x0
[0210.594] CoGetContextToken (in: pToken=0x19ea60 | out: pToken=0x19ea60) returned 0x0
[0210.594] IUnknown:AddRef (This=0x645790) returned 0x2
[0210.595] ITypeInfo:LocalInvoke (This=0x645790) returned 0x0
[0210.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.595] GetCurrentThreadId () returned 0x11b4
[0210.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.595] GetCurrentThreadId () returned 0x11b4
[0210.595] IUnknown:AddRef (This=0x646cb0) returned 0x3
[0210.595] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.595] GetCurrentThreadId () returned 0x11b4
[0210.595] IEnumWbemClassObject:Clone (in: This=0x646cb0, ppEnum=0x19ea90 | out: ppEnum=0x19ea90*=0x64d558) returned 0x0
[0210.728] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x651e40
[0210.728] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x651720
[0210.728] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x652080
[0210.728] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x6399b0
[0210.728] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x62ea78
[0210.728] IUnknown:QueryInterface (in: This=0x64d558, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e93c | out: ppvObject=0x19e93c*=0x64d55c) returned 0x0
[0210.729] IClientSecurity:QueryBlanket (in: This=0x64d55c, pProxy=0x64d558, pAuthnSvc=0x19e928, pAuthzSvc=0x19e930, pServerPrincName=0x0, pAuthnLevel=0x19e964, pImpLevel=0x19e968, pAuthInfo=0x0, pCapabilites=0x19e92c | out: pAuthnSvc=0x19e928*=0xa, pAuthzSvc=0x19e930*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e964*=0x6, pImpLevel=0x19e968*=0x2, pAuthInfo=0x0, pCapabilites=0x19e92c*=0x1) returned 0x0
[0210.729] IUnknown:Release (This=0x64d55c) returned 0x1
[0210.729] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.729] GetCurrentThreadId () returned 0x11b4
[0210.729] IUnknown:QueryInterface (in: This=0x646cb0, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x646cb4) returned 0x0
[0210.729] IClientSecurity:QueryBlanket (in: This=0x646cb4, pProxy=0x646cb0, pAuthnSvc=0x19e914, pAuthzSvc=0x19e918, pServerPrincName=0x0, pAuthnLevel=0x19e924, pImpLevel=0x19e928, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e914*=0xa, pAuthzSvc=0x19e918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e924*=0x6, pImpLevel=0x19e928*=0x3, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x20) returned 0x0
[0210.729] IUnknown:Release (This=0x646cb4) returned 0x3
[0210.729] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.729] GetCurrentThreadId () returned 0x11b4
[0210.729] IUnknown:QueryInterface (in: This=0x646cb0, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e92c | out: ppvObject=0x19e92c*=0x646cb4) returned 0x0
[0210.729] IClientSecurity:QueryBlanket (in: This=0x646cb4, pProxy=0x646cb0, pAuthnSvc=0x19e914, pAuthzSvc=0x19e918, pServerPrincName=0x0, pAuthnLevel=0x19e928, pImpLevel=0x19e924, pAuthInfo=0x0, pCapabilites=0x19e91c | out: pAuthnSvc=0x19e914*=0xa, pAuthzSvc=0x19e918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19e928*=0x6, pImpLevel=0x19e924*=0x3, pAuthInfo=0x0, pCapabilites=0x19e91c*=0x20) returned 0x0
[0210.729] IUnknown:Release (This=0x646cb4) returned 0x3
[0210.729] IUnknown:QueryInterface (in: This=0x64d558, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e95c | out: ppvObject=0x19e95c*=0x64d55c) returned 0x0
[0210.729] IClientSecurity:CopyProxy (in: This=0x64d55c, pProxy=0x64d558, ppCopy=0x19e960 | out: ppCopy=0x19e960*=0x6525c8) returned 0x0
[0210.729] IUnknown:QueryInterface (in: This=0x6525c8, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e8b4 | out: ppvObject=0x19e8b4*=0x6525cc) returned 0x0
[0210.730] IClientSecurity:QueryBlanket (in: This=0x6525cc, pProxy=0x6525c8, pAuthnSvc=0x19e8e4, pAuthzSvc=0x19e8e0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x19e8e4*=0xa, pAuthzSvc=0x19e8e0*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0
[0210.730] IUnknown:Release (This=0x6525cc) returned 0x3
[0210.730] IUnknown:QueryInterface (in: This=0x6525c8, riid=0x6bc51f08*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e898 | out: ppvObject=0x19e898*=0x647968) returned 0x0
[0210.730] IUnknown:QueryInterface (in: This=0x6525c8, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e89c | out: ppvObject=0x19e89c*=0x6525cc) returned 0x0
[0210.730] IClientSecurity:SetBlanket (This=0x6525cc, pProxy=0x6525c8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0210.801] IUnknown:Release (This=0x6525cc) returned 0x4
[0210.801] WbemLocator:IUnknown:Release (This=0x647968) returned 0x3
[0210.801] IUnknown:Release (This=0x64d55c) returned 0x2
[0210.802] IUnknown:AddRef (This=0x6525c8) returned 0x3
[0210.802] IUnknown:Release (This=0x64d558) returned 0x2
[0210.802] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19ea50 | out: pperrinfo=0x19ea50*=0x0) returned 0x1
[0210.802] IUnknown:Release (This=0x646cb0) returned 0x2
[0210.802] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.802] GetCurrentThreadId () returned 0x11b4
[0210.802] IUnknown:AddRef (This=0x6525c8) returned 0x3
[0210.802] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.802] GetCurrentThreadId () returned 0x11b4
[0210.802] IEnumWbemClassObject:Reset (This=0x6525c8) returned 0x0
[0210.838] IUnknown:Release (This=0x6525c8) returned 0x2
[0210.838] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x646548
[0210.838] IUnknown:Release (This=0x645790) returned 0x1
[0210.897] CoGetContextToken (in: pToken=0x19e248 | out: pToken=0x19e248) returned 0x0
[0210.897] CoGetContextToken (in: pToken=0x19e650 | out: pToken=0x19e650) returned 0x0
[0210.966] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0
[0210.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.967] GetCurrentThreadId () returned 0x11b4
[0210.967] IUnknown:AddRef (This=0x6525c8) returned 0x3
[0210.967] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0210.967] GetCurrentThreadId () returned 0x11b4
[0210.967] IEnumWbemClassObject:Next (in: This=0x6525c8, lTimeout=-1, uCount=0x1, apObjects=0x19f3bc, puReturned=0x19f39c | out: apObjects=0x19f3bc*=0x62bd68, puReturned=0x19f39c*=0x1) returned 0x0
[0211.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x63e570
[0211.106] IUnknown:AddRef (This=0x62bd68) returned 0x2
[0211.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x64d598
[0211.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x651f60
[0211.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x651fc0
[0211.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x639ad0
[0211.106] WbemLocator:IUnknown:AddRef (This=0x63f100) returned 0x3
[0211.106] IUnknown:AddRef (This=0x6525c8) returned 0x4
[0211.106] IUnknown:QueryInterface (in: This=0x6525c8, riid=0x6bc51f48*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f3e8 | out: ppvObject=0x19f3e8*=0x6525cc) returned 0x0
[0211.106] IClientSecurity:QueryBlanket (in: This=0x6525cc, pProxy=0x6525c8, pAuthnSvc=0x19f36c, pAuthzSvc=0x19f374, pServerPrincName=0x0, pAuthnLevel=0x19f398, pImpLevel=0x19f3a4, pAuthInfo=0x0, pCapabilites=0x19f368 | out: pAuthnSvc=0x19f36c*=0xa, pAuthzSvc=0x19f374*=0x0, pServerPrincName=0x0, pAuthnLevel=0x19f398*=0x6, pImpLevel=0x19f3a4*=0x3, pAuthInfo=0x0, pCapabilites=0x19f368*=0x20) returned 0x0
[0211.106] IUnknown:Release (This=0x6525cc) returned 0x4
[0211.106] WbemLocator:IUnknown:Release (This=0x63f100) returned 0x2
[0211.107] WbemLocator:IUnknown:AddRef (This=0x63f100) returned 0x3
[0211.107] IUnknown:Release (This=0x6525c8) returned 0x3
[0211.107] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe
[0211.107] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x649a20
[0211.107] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x639c10
[0211.107] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x632958
[0211.107] IUnknown:AddRef (This=0x62bd68) returned 0x3
[0211.107] IUnknown:Release (This=0x62bd68) returned 0x2
[0211.107] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f334 | out: pperrinfo=0x19f334*=0x0) returned 0x1
[0211.107] IUnknown:Release (This=0x6525c8) returned 0x2
[0211.107] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3ec | out: pperrinfo=0x19f3ec*=0x0) returned 0x1
[0211.108] LoadRegTypeLib (in: rguid=0x6bc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x0, pptlib=0x19eb94*=0x0 | out: pptlib=0x19eb94*=0x643c60) returned 0x0
[0211.110] ITypeLib:GetTypeInfoOfGuid (in: This=0x643c60, GUID=0x6bc54c08*(Data1=0xd6bdafb2, Data2=0x9435, Data3=0x491f, Data4=([0]=0xbb, [1]=0x87, [2]=0x6a, [3]=0xa0, [4]=0xf0, [5]=0xbc, [6]=0x31, [7]=0xa2)), ppTInfo=0x649a3c | out: ppTInfo=0x649a3c*=0x645814) returned 0x0
[0211.110] IUnknown:Release (This=0x643c60) returned 0x5
[0211.110] IUnknown:AddRef (This=0x645814) returned 0x2
[0211.110] ITypeInfo:RemoteGetTypeAttr (in: This=0x645814, ppTypeAttr=0x19ebd0, pDummy=0xb7746bac | out: ppTypeAttr=0x19ebd0, pDummy=0xb7746bac) returned 0x0
[0211.111] ITypeInfo:LocalReleaseTypeAttr (This=0x645814) returned 0x0
[0211.111] IUnknown:Release (This=0x645814) returned 0x1
[0211.112] CoGetContextToken (in: pToken=0x19e730 | out: pToken=0x19e730) returned 0x0
[0211.112] CoGetContextToken (in: pToken=0x19eb38 | out: pToken=0x19eb38) returned 0x0
[0211.130] CoGetContextToken (in: pToken=0x19ef00 | out: pToken=0x19ef00) returned 0x0
[0211.131] LoadRegTypeLib (in: rguid=0x6bc52198*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x19eee8*=0x0 | out: pptlib=0x19eee8*=0x643c60) returned 0x0
[0211.134] ITypeLib:GetTypeInfoOfGuid (in: This=0x643c60, GUID=0x6bc51e68*(Data1=0x269ad56a, Data2=0x8a67, Data3=0x4129, Data4=([0]=0xbc, [1]=0x8c, [2]=0x5, [3]=0x6, [4]=0xdc, [5]=0xfe, [6]=0x98, [7]=0x80)), ppTInfo=0x649a38 | out: ppTInfo=0x649a38*=0x645840) returned 0x0
[0211.134] IUnknown:Release (This=0x643c60) returned 0x6
[0211.134] IUnknown:AddRef (This=0x645840) returned 0x2
[0211.134] DispGetIDsOfNames (in: ptinfo=0x645840, rgszNames=0x19ef70*="SerialNumber", cNames=0x1, rgdispid=0x19ef60 | out: rgdispid=0x19ef60*=-1) returned 0x80020006
[0211.192] IUnknown:AddRef (This=0x62bd68) returned 0x3
[0211.192] IWbemClassObject:Get (in: This=0x62bd68, wszName="SerialNumber", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x19eeb8*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x19eeb8*=0) returned 0x0
[0211.192] IUnknown:Release (This=0x62bd68) returned 0x2
[0211.192] SysStringLen (param_1="SerialNumber") returned 0xc
[0211.192] ?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z () returned 0x632a48
[0211.192] SysStringLen (param_1="SerialNumber") returned 0xc
[0211.193] IUnknown:Release (This=0x645840) returned 0x1
[0211.193] IUnknown:AddRef (This=0x645840) returned 0x2
[0211.193] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0211.193] GetCurrentThreadId () returned 0x11b4
[0211.193] SysStringLen (param_1="SerialNumber") returned 0xc
[0211.194] IWbemClassObject:Get (in: This=0x62bd68, wszName="SerialNumber", lFlags=0, pVal=0x19ed00*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19ecf8*=0, plFlavor=0x0 | out: pVal=0x19ed00*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="..XXXXXXXXXXXXX.", varVal2=0x0), pType=0x19ecf8*=8, plFlavor=0x0) returned 0x0
[0211.195] IUnknown:Release (This=0x645840) returned 0x1
[0211.195] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20
[0211.195] SysStringByteLen (bstr="..XXXXXXXXXXXXX.") returned 0x20
[0211.341] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0
[0211.342] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0211.342] GetCurrentThreadId () returned 0x11b4
[0211.342] IUnknown:AddRef (This=0x6525c8) returned 0x3
[0211.342] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0
[0211.342] GetCurrentThreadId () returned 0x11b4
[0211.342] IEnumWbemClassObject:Next (in: This=0x6525c8, lTimeout=-1, uCount=0x1, apObjects=0x19f3bc, puReturned=0x19f39c | out: apObjects=0x19f3bc*=0x0, puReturned=0x19f39c*=0x0) returned 0x1
[0211.381] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f334 | out: pperrinfo=0x19f334*=0x0) returned 0x1
[0211.382] IUnknown:Release (This=0x6525c8) returned 0x2
[0211.382] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x19f3ec | out: pperrinfo=0x19f3ec*=0x0) returned 0x1
[0211.654] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8
[0211.655] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c8
[0211.794] SetEvent (hEvent=0x3c8) returned 1
[0211.799] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f3c4*=0x3b8, lpdwindex=0x19f1e4 | out: lpdwindex=0x19f1e4) returned 0x0
[0211.879] CoGetContextToken (in: pToken=0x19f290 | out: pToken=0x19f290) returned 0x0
[0211.879] CoGetContextToken (in: pToken=0x19f1f0 | out: pToken=0x19f1f0) returned 0x0
[0211.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x19f2c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f2bc | out: ppvObject=0x19f2bc*=0x64d6f8) returned 0x0
[0211.879] WbemDefPath:IUnknown:AddRef (This=0x64d6f8) returned 0x3
[0211.880] WbemDefPath:IUnknown:Release (This=0x64d6f8) returned 0x2
[0211.886] WbemDefPath:IWbemPath:SetText (This=0x64d6f8, uMode=0x4, pszPath="win32_processor") returned 0x0
[0211.888] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64d6f8, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0
[0211.888] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f440*=0x0, pszText=0x0 | out: puBuffLength=0x19f440*=0x10, pszText=0x0) returned 0x0
[0211.888] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f440*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f440*=0x10, pszText="win32_processor") returned 0x0
[0211.889] WbemDefPath:IWbemPath:GetInfo (in: This=0x64d6f8, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0
[0211.889] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64d6f8, puCount=0x19f444 | out: puCount=0x19f444*=0x0) returned 0x0
[0211.889] WbemDefPath:IWbemPath:GetInfo (in: This=0x64d6f8, uRequestedInfo=0x0, puResponse=0x19f44c | out: puResponse=0x19f44c*=0xc15) returned 0x0
[0211.890] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64d6f8, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0
[0211.890] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x10, pszText=0x0) returned 0x0
[0211.890] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f430*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f430*=0x10, pszText="win32_processor") returned 0x0
[0211.890] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64d6f8, puCount=0x19f434 | out: puCount=0x19f434*=0x0) returned 0x0
[0211.890] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f430*=0x0, pszText=0x0 | out: puBuffLength=0x19f430*=0x10, pszText=0x0) returned 0x0
[0211.890] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f430*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f430*=0x10, pszText="win32_processor") returned 0x0
[0211.891] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x64d6f8, puCount=0x19f3c4 | out: puCount=0x19f3c4*=0x0) returned 0x0
[0211.892] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f0
[0211.892] SetEvent (hEvent=0x3c8) returned 1
[0211.892] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19ec24*=0x3f0, lpdwindex=0x19ea44 | out: lpdwindex=0x19ea44) returned 0x0
[0211.898] CoGetContextToken (in: pToken=0x19eaf0 | out: pToken=0x19eaf0) returned 0x0
[0211.898] CoGetContextToken (in: pToken=0x19ea50 | out: pToken=0x19ea50) returned 0x0
[0211.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x19eb20*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19eb1c | out: ppvObject=0x19eb1c*=0x62f310) returned 0x0
[0211.898] WbemDefPath:IUnknown:AddRef (This=0x62f310) returned 0x3
[0211.898] WbemDefPath:IUnknown:Release (This=0x62f310) returned 0x2
[0211.898] WbemDefPath:IWbemPath:SetText (This=0x62f310, uMode=0x4, pszPath="//./root/cimv2") returned 0x0
[0211.899] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62f310, puCount=0x19f3b0 | out: puCount=0x19f3b0*=0x2) returned 0x0
[0211.899] WbemDefPath:IWbemPath:GetText (in: This=0x62f310, lFlags=4, puBuffLength=0x19f3ac*=0x0, pszText=0x0 | out: puBuffLength=0x19f3ac*=0xf, pszText=0x0) returned 0x0
[0211.899] WbemDefPath:IWbemPath:GetText (in: This=0x62f310, lFlags=4, puBuffLength=0x19f3ac*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3ac*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0211.899] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3f4
[0211.899] SetEvent (hEvent=0x3c8) returned 1
[0211.899] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f30c*=0x3f4, lpdwindex=0x19f12c | out: lpdwindex=0x19f12c) returned 0x0
[0211.902] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0
[0211.902] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0
[0211.902] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x62d428) returned 0x0
[0211.902] WbemDefPath:IUnknown:AddRef (This=0x62d428) returned 0x3
[0211.902] WbemDefPath:IUnknown:Release (This=0x62d428) returned 0x2
[0211.902] WbemDefPath:IWbemPath:SetText (This=0x62d428, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0
[0211.902] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62d428, puCount=0x19f388 | out: puCount=0x19f388*=0x2) returned 0x0
[0211.902] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=4, puBuffLength=0x19f384*=0x0, pszText=0x0 | out: puBuffLength=0x19f384*=0xf, pszText=0x0) returned 0x0
[0211.902] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=4, puBuffLength=0x19f384*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f384*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0211.988] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f2a8*=0x40c, lpdwindex=0x19f15c | out: lpdwindex=0x19f15c) returned 0x0
[0214.791] CoGetContextToken (in: pToken=0x19f0a0 | out: pToken=0x19f0a0) returned 0x0
[0214.791] CoGetContextToken (in: pToken=0x19f048 | out: pToken=0x19f048) returned 0x0
[0214.791] IUnknown:QueryInterface (in: This=0x5f2158, riid=0x6b458724*(Data1=0x1da, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f028 | out: ppvObject=0x19f028*=0x5f2168) returned 0x0
[0214.792] CObjectContext::ContextCallback () returned 0x0
[0214.802] IUnknown:Release (This=0x5f2168) returned 0x1
[0214.802] CoUnmarshalInterface (in: pStm=0x639c30, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f090 | out: ppv=0x19f090*=0x648368) returned 0x0
[0214.803] CoMarshalInterface (pStm=0x639c30, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x648368, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0214.803] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ef34 | out: ppvObject=0x19ef34*=0x648368) returned 0x0
[0214.804] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19eef0 | out: ppvObject=0x19eef0*=0x0) returned 0x80004002
[0214.804] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b4dfb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ed0c | out: ppvObject=0x19ed0c*=0x0) returned 0x80004002
[0214.810] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19eae4 | out: ppvObject=0x19eae4*=0x0) returned 0x80004002
[0214.845] WbemLocator:IUnknown:AddRef (This=0x648368) returned 0x3
[0214.845] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e84c | out: ppvObject=0x19e84c*=0x0) returned 0x80004002
[0214.846] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e7fc | out: ppvObject=0x19e7fc*=0x0) returned 0x80004002
[0214.846] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e808 | out: ppvObject=0x19e808*=0x6482c4) returned 0x0
[0214.846] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6482c4, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e810 | out: pCid=0x19e810*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0214.846] WbemLocator:IUnknown:Release (This=0x6482c4) returned 0x3
[0214.846] CoGetContextToken (in: pToken=0x19e868 | out: pToken=0x19e868) returned 0x0
[0214.846] CoGetContextToken (in: pToken=0x19ec70 | out: pToken=0x19ec70) returned 0x0
[0214.846] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ed00 | out: ppvObject=0x19ed00*=0x64834c) returned 0x0
[0214.846] WbemLocator:IRpcOptions:Query (in: This=0x64834c, pPrx=0x648368, dwProperty=2, pdwValue=0x19ed28 | out: pdwValue=0x19ed28) returned 0x0
[0214.846] WbemLocator:IUnknown:Release (This=0x64834c) returned 0x3
[0214.846] WbemLocator:IUnknown:Release (This=0x648368) returned 0x2
[0214.847] WbemLocator:IUnknown:Release (This=0x648368) returned 0x1
[0214.847] CoGetContextToken (in: pToken=0x19efe0 | out: pToken=0x19efe0) returned 0x0
[0214.847] WbemLocator:IUnknown:AddRef (This=0x648368) returned 0x2
[0214.847] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x648344) returned 0x0
[0214.848] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x648344, pProxy=0x648368, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0
[0214.848] WbemLocator:IUnknown:Release (This=0x648344) returned 0x2
[0214.848] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x648368) returned 0x0
[0214.848] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x648344) returned 0x0
[0214.848] WbemLocator:IClientSecurity:SetBlanket (This=0x648344, pProxy=0x648368, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0214.848] WbemLocator:IUnknown:Release (This=0x648344) returned 0x3
[0214.848] WbemLocator:IUnknown:Release (This=0x648368) returned 0x2
[0214.848] CoTaskMemFree (pv=0x6604e0)
[0214.848] WbemLocator:IUnknown:Release (This=0x648368) returned 0x1
[0214.848] SysStringLen (param_1=0x0) returned 0x0
[0214.849] CoGetContextToken (in: pToken=0x19f258 | out: pToken=0x19f258) returned 0x0
[0214.849] CoGetContextToken (in: pToken=0x19f1b8 | out: pToken=0x19f1b8) returned 0x0
[0214.849] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x19f288*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x19f284 | out: ppvObject=0x19f284*=0x63f470) returned 0x0
[0214.849] WbemLocator:IUnknown:AddRef (This=0x63f470) returned 0x3
[0214.850] WbemLocator:IUnknown:Release (This=0x63f470) returned 0x2
[0214.850] CoGetContextToken (in: pToken=0x19f218 | out: pToken=0x19f218) returned 0x0
[0214.850] WbemLocator:IUnknown:AddRef (This=0x63f470) returned 0x3
[0214.850] WbemLocator:IUnknown:QueryInterface (in: This=0x63f470, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f29c | out: ppvObject=0x19f29c*=0x648344) returned 0x0
[0214.850] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x648344, pProxy=0x63f470, pAuthnSvc=0x19f2ec, pAuthzSvc=0x19f2e8, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4, pImpLevel=0x19f2d4, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc | out: pAuthnSvc=0x19f2ec*=0xa, pAuthzSvc=0x19f2e8*=0x0, pServerPrincName=0x19f2e0, pAuthnLevel=0x19f2e4*=0x6, pImpLevel=0x19f2d4*=0x2, pAuthInfo=0x19f2d8, pCapabilites=0x19f2dc*=0x1) returned 0x0
[0214.850] WbemLocator:IUnknown:Release (This=0x648344) returned 0x3
[0214.850] WbemLocator:IUnknown:QueryInterface (in: This=0x63f470, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f290 | out: ppvObject=0x19f290*=0x648368) returned 0x0
[0214.850] WbemLocator:IUnknown:QueryInterface (in: This=0x63f470, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f28c | out: ppvObject=0x19f28c*=0x648344) returned 0x0
[0214.850] WbemLocator:IClientSecurity:SetBlanket (This=0x648344, pProxy=0x63f470, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0214.851] WbemLocator:IUnknown:Release (This=0x648344) returned 0x4
[0214.851] WbemLocator:IUnknown:Release (This=0x648368) returned 0x3
[0214.851] CoTaskMemFree (pv=0x6602a0)
[0214.851] WbemLocator:IUnknown:Release (This=0x63f470) returned 0x2
[0214.851] SysStringLen (param_1=0x0) returned 0x0
[0214.851] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62d428, puCount=0x19f3ac | out: puCount=0x19f3ac*=0x2) returned 0x0
[0214.851] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=4, puBuffLength=0x19f3a8*=0x0, pszText=0x0 | out: puBuffLength=0x19f3a8*=0xf, pszText=0x0) returned 0x0
[0214.851] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=4, puBuffLength=0x19f3a8*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3a8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0214.851] CoGetContextToken (in: pToken=0x19f018 | out: pToken=0x19f018) returned 0x0
[0214.852] CoUnmarshalInterface (in: pStm=0x639c30, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x19f008 | out: ppv=0x19f008*=0x648368) returned 0x0
[0214.852] CoMarshalInterface (pStm=0x639c30, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x648368, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
[0214.852] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19eeac | out: ppvObject=0x19eeac*=0x648368) returned 0x0
[0214.852] WbemLocator:IUnknown:Release (This=0x648368) returned 0x3
[0214.853] WbemLocator:IUnknown:Release (This=0x648368) returned 0x2
[0214.853] CoGetContextToken (in: pToken=0x19ef58 | out: pToken=0x19ef58) returned 0x0
[0214.853] WbemLocator:IUnknown:AddRef (This=0x648368) returned 0x3
[0214.853] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f214 | out: ppvObject=0x19f214*=0x648344) returned 0x0
[0214.853] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x648344, pProxy=0x648368, pAuthnSvc=0x19f264, pAuthzSvc=0x19f260, pServerPrincName=0x19f258, pAuthnLevel=0x19f25c, pImpLevel=0x19f24c, pAuthInfo=0x19f250, pCapabilites=0x19f254 | out: pAuthnSvc=0x19f264*=0xa, pAuthzSvc=0x19f260*=0x0, pServerPrincName=0x19f258, pAuthnLevel=0x19f25c*=0x6, pImpLevel=0x19f24c*=0x3, pAuthInfo=0x19f250, pCapabilites=0x19f254*=0x20) returned 0x0
[0214.853] WbemLocator:IUnknown:Release (This=0x648344) returned 0x3
[0214.853] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f208 | out: ppvObject=0x19f208*=0x648368) returned 0x0
[0214.853] WbemLocator:IUnknown:QueryInterface (in: This=0x648368, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x648344) returned 0x0
[0214.853] WbemLocator:IClientSecurity:SetBlanket (This=0x648344, pProxy=0x648368, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0214.853] WbemLocator:IUnknown:Release (This=0x648344) returned 0x4
[0214.854] WbemLocator:IUnknown:Release (This=0x648368) returned 0x3
[0214.854] WbemLocator:IUnknown:Release (This=0x648368) returned 0x2
[0214.854] SysStringLen (param_1=0x0) returned 0x0
[0214.854] CoGetContextToken (in: pToken=0x19f1d0 | out: pToken=0x19f1d0) returned 0x0
[0214.854] WbemLocator:IUnknown:AddRef (This=0x63f470) returned 0x3
[0214.854] WbemLocator:IUnknown:Release (This=0x63f470) returned 0x2
[0214.854] CoGetContextToken (in: pToken=0x19f190 | out: pToken=0x19f190) returned 0x0
[0214.854] WbemLocator:IUnknown:AddRef (This=0x63f470) returned 0x3
[0214.854] WbemLocator:IUnknown:QueryInterface (in: This=0x63f470, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f214 | out: ppvObject=0x19f214*=0x648344) returned 0x0
[0214.854] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x648344, pProxy=0x63f470, pAuthnSvc=0x19f264, pAuthzSvc=0x19f260, pServerPrincName=0x19f258, pAuthnLevel=0x19f25c, pImpLevel=0x19f24c, pAuthInfo=0x19f250, pCapabilites=0x19f254 | out: pAuthnSvc=0x19f264*=0xa, pAuthzSvc=0x19f260*=0x0, pServerPrincName=0x19f258, pAuthnLevel=0x19f25c*=0x6, pImpLevel=0x19f24c*=0x3, pAuthInfo=0x19f250, pCapabilites=0x19f254*=0x20) returned 0x0
[0214.854] WbemLocator:IUnknown:Release (This=0x648344) returned 0x3
[0214.854] WbemLocator:IUnknown:QueryInterface (in: This=0x63f470, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f208 | out: ppvObject=0x19f208*=0x648368) returned 0x0
[0214.855] WbemLocator:IUnknown:QueryInterface (in: This=0x63f470, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x648344) returned 0x0
[0214.855] WbemLocator:IClientSecurity:SetBlanket (This=0x648344, pProxy=0x63f470, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0214.855] WbemLocator:IUnknown:Release (This=0x648344) returned 0x4
[0214.855] WbemLocator:IUnknown:Release (This=0x648368) returned 0x3
[0214.855] WbemLocator:IUnknown:Release (This=0x63f470) returned 0x2
[0214.855] SysStringLen (param_1=0x0) returned 0x0
[0214.855] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f3b0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3b0*=0x10, pszText=0x0) returned 0x0
[0214.855] WbemDefPath:IWbemPath:GetText (in: This=0x64d6f8, lFlags=2, puBuffLength=0x19f3b0*=0x10, pszText="000000000000000" | out: puBuffLength=0x19f3b0*=0x10, pszText="win32_processor") returned 0x0
[0214.871] IWbemServices:GetObject (in: This=0x63f470, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x19f364*=0x0, ppCallResult=0x0 | out: ppObject=0x19f364*=0x5eaa80, ppCallResult=0x0) returned 0x0
[0214.909] IWbemClassObject:Get (in: This=0x5eaa80, wszName="__PATH", lFlags=0, pVal=0x19f34c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f3f4*=0, plFlavor=0x19f3f0*=0 | out: pVal=0x19f34c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x19f3f4*=8, plFlavor=0x19f3f0*=64) returned 0x0
[0214.923] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46
[0214.923] SysStringByteLen (bstr="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x46
[0214.924] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x444
[0214.924] SetEvent (hEvent=0x3c8) returned 1
[0214.924] CoWaitForMultipleHandles (in: dwFlags=0x2, dwTimeout=0xffffffff, cHandles=0x1, pHandles=0x19f308*=0x444, lpdwindex=0x19f124 | out: lpdwindex=0x19f124) returned 0x0
[0214.950] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0
[0214.950] CoGetContextToken (in: pToken=0x19f138 | out: pToken=0x19f138) returned 0x0
[0214.950] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x19f208*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x19f204 | out: ppvObject=0x19f204*=0x66bc40) returned 0x0
[0214.950] WbemDefPath:IUnknown:AddRef (This=0x66bc40) returned 0x3
[0214.950] WbemDefPath:IUnknown:Release (This=0x66bc40) returned 0x2
[0214.950] WbemDefPath:IWbemPath:SetText (This=0x66bc40, uMode=0x4, pszPath="\\\\XC64ZB\\ROOT\\cimv2:Win32_Processor") returned 0x0
[0214.951] IWbemClassObject:Get (in: This=0x5eaa80, wszName="__CLASS", lFlags=0, pVal=0x19f3bc*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x19f43c*=0, plFlavor=0x19f438*=0 | out: pVal=0x19f3bc*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x19f43c*=8, plFlavor=0x19f438*=64) returned 0x0
[0214.951] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0214.951] SysStringByteLen (bstr="Win32_Processor") returned 0x1e
[0214.951] CoGetContextToken (in: pToken=0x19f1d8 | out: pToken=0x19f1d8) returned 0x0
[0214.951] WbemLocator:IUnknown:AddRef (This=0x63f470) returned 0x3
[0214.951] IWbemServices:CreateInstanceEnum (in: This=0x63f470, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x19f3b8 | out: ppEnum=0x19f3b8*=0x652b40) returned 0x0
[0215.042] IUnknown:QueryInterface (in: This=0x652b40, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f24c | out: ppvObject=0x19f24c*=0x652b44) returned 0x0
[0215.042] IClientSecurity:QueryBlanket (in: This=0x652b44, pProxy=0x652b40, pAuthnSvc=0x19f29c, pAuthzSvc=0x19f298, pServerPrincName=0x19f290, pAuthnLevel=0x19f294, pImpLevel=0x19f284, pAuthInfo=0x19f288, pCapabilites=0x19f28c | out: pAuthnSvc=0x19f29c*=0xa, pAuthzSvc=0x19f298*=0x0, pServerPrincName=0x19f290, pAuthnLevel=0x19f294*=0x6, pImpLevel=0x19f284*=0x2, pAuthInfo=0x19f288, pCapabilites=0x19f28c*=0x1) returned 0x0
[0215.043] IUnknown:Release (This=0x652b44) returned 0x1
[0215.043] IUnknown:QueryInterface (in: This=0x652b40, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f240 | out: ppvObject=0x19f240*=0x647568) returned 0x0
[0215.043] IUnknown:QueryInterface (in: This=0x652b40, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f23c | out: ppvObject=0x19f23c*=0x652b44) returned 0x0
[0215.043] IClientSecurity:SetBlanket (This=0x652b44, pProxy=0x652b40, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0215.170] IUnknown:Release (This=0x652b44) returned 0x2
[0215.170] WbemLocator:IUnknown:Release (This=0x647568) returned 0x1
[0215.170] CoTaskMemFree (pv=0x660660)
[0215.171] IUnknown:QueryInterface (in: This=0x652b40, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee34 | out: ppvObject=0x19ee34*=0x647568) returned 0x0
[0215.171] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19edf0 | out: ppvObject=0x19edf0*=0x0) returned 0x80004002
[0215.251] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x6b4dfb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec0c | out: ppvObject=0x19ec0c*=0x0) returned 0x80004002
[0215.415] IUnknown:QueryInterface (in: This=0x652b40, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19e9e4 | out: ppvObject=0x19e9e4*=0x0) returned 0x80004002
[0215.628] WbemLocator:IUnknown:AddRef (This=0x647568) returned 0x3
[0215.628] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e74c | out: ppvObject=0x19e74c*=0x0) returned 0x80004002
[0215.628] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e6fc | out: ppvObject=0x19e6fc*=0x0) returned 0x80004002
[0215.628] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e708 | out: ppvObject=0x19e708*=0x6474c4) returned 0x0
[0215.629] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x6474c4, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e710 | out: pCid=0x19e710*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0215.629] WbemLocator:IUnknown:Release (This=0x6474c4) returned 0x3
[0215.629] CoGetContextToken (in: pToken=0x19e768 | out: pToken=0x19e768) returned 0x0
[0215.629] CoGetContextToken (in: pToken=0x19eb70 | out: pToken=0x19eb70) returned 0x0
[0215.629] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec00 | out: ppvObject=0x19ec00*=0x64754c) returned 0x0
[0215.629] WbemLocator:IRpcOptions:Query (in: This=0x64754c, pPrx=0x647568, dwProperty=2, pdwValue=0x19ec28 | out: pdwValue=0x19ec28) returned 0x80004002
[0215.629] WbemLocator:IUnknown:Release (This=0x64754c) returned 0x3
[0215.629] WbemLocator:IUnknown:Release (This=0x647568) returned 0x2
[0215.629] CoGetContextToken (in: pToken=0x19f148 | out: pToken=0x19f148) returned 0x0
[0215.629] CoGetContextToken (in: pToken=0x19f0a8 | out: pToken=0x19f0a8) returned 0x0
[0215.629] WbemLocator:IUnknown:QueryInterface (in: This=0x647568, riid=0x19f178*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f174 | out: ppvObject=0x19f174*=0x652b40) returned 0x0
[0215.629] IUnknown:AddRef (This=0x652b40) returned 0x4
[0215.629] IUnknown:Release (This=0x652b40) returned 0x3
[0215.629] IUnknown:Release (This=0x652b40) returned 0x2
[0215.629] WbemLocator:IUnknown:Release (This=0x63f470) returned 0x2
[0215.629] SysStringLen (param_1=0x0) returned 0x0
[0215.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62d428, puCount=0x19f3f4 | out: puCount=0x19f3f4*=0x2) returned 0x0
[0215.630] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=4, puBuffLength=0x19f3f0*=0x0, pszText=0x0 | out: puBuffLength=0x19f3f0*=0xf, pszText=0x0) returned 0x0
[0215.630] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=4, puBuffLength=0x19f3f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x19f3f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0215.630] CoGetContextToken (in: pToken=0x19f238 | out: pToken=0x19f238) returned 0x0
[0215.630] IUnknown:AddRef (This=0x652b40) returned 0x3
[0215.630] IEnumWbemClassObject:Clone (in: This=0x652b40, ppEnum=0x19f3f4 | out: ppEnum=0x19f3f4*=0x652f28) returned 0x0
[0216.123] IUnknown:QueryInterface (in: This=0x652f28, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2b8 | out: ppvObject=0x19f2b8*=0x652f2c) returned 0x0
[0216.123] IClientSecurity:QueryBlanket (in: This=0x652f2c, pProxy=0x652f28, pAuthnSvc=0x19f308, pAuthzSvc=0x19f304, pServerPrincName=0x19f2fc, pAuthnLevel=0x19f300, pImpLevel=0x19f2f0, pAuthInfo=0x19f2f4, pCapabilites=0x19f2f8 | out: pAuthnSvc=0x19f308*=0xa, pAuthzSvc=0x19f304*=0x0, pServerPrincName=0x19f2fc, pAuthnLevel=0x19f300*=0x6, pImpLevel=0x19f2f0*=0x2, pAuthInfo=0x19f2f4, pCapabilites=0x19f2f8*=0x1) returned 0x0
[0216.123] IUnknown:Release (This=0x652f2c) returned 0x1
[0216.123] IUnknown:QueryInterface (in: This=0x652f28, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2ac | out: ppvObject=0x19f2ac*=0x648d68) returned 0x0
[0216.123] IUnknown:QueryInterface (in: This=0x652f28, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19f2a8 | out: ppvObject=0x19f2a8*=0x652f2c) returned 0x0
[0216.123] IClientSecurity:SetBlanket (This=0x652f2c, pProxy=0x652f28, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0216.251] IUnknown:Release (This=0x652f2c) returned 0x2
[0216.251] WbemLocator:IUnknown:Release (This=0x648d68) returned 0x1
[0216.251] CoTaskMemFree (pv=0x660780)
[0216.251] IUnknown:QueryInterface (in: This=0x652f28, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ee94 | out: ppvObject=0x19ee94*=0x648d68) returned 0x0
[0216.251] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x19ee50 | out: ppvObject=0x19ee50*=0x0) returned 0x80004002
[0216.769] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x6b4dfb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x19ec6c | out: ppvObject=0x19ec6c*=0x0) returned 0x80004002
[0217.573] IUnknown:QueryInterface (in: This=0x652f28, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x19ea44 | out: ppvObject=0x19ea44*=0x0) returned 0x80004002
[0217.641] WbemLocator:IUnknown:AddRef (This=0x648d68) returned 0x3
[0217.641] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x19e7ac | out: ppvObject=0x19e7ac*=0x0) returned 0x80004002
[0217.641] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x19e75c | out: ppvObject=0x19e75c*=0x0) returned 0x80004002
[0217.641] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19e768 | out: ppvObject=0x19e768*=0x648cc4) returned 0x0
[0217.641] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x648cc4, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x19e770 | out: pCid=0x19e770*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0217.641] WbemLocator:IUnknown:Release (This=0x648cc4) returned 0x3
[0217.641] CoGetContextToken (in: pToken=0x19e7c8 | out: pToken=0x19e7c8) returned 0x0
[0217.642] CoGetContextToken (in: pToken=0x19ebd0 | out: pToken=0x19ebd0) returned 0x0
[0217.642] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x19ec60 | out: ppvObject=0x19ec60*=0x648d4c) returned 0x0
[0217.642] WbemLocator:IRpcOptions:Query (in: This=0x648d4c, pPrx=0x648d68, dwProperty=2, pdwValue=0x19ec88 | out: pdwValue=0x19ec88) returned 0x80004002
[0217.642] WbemLocator:IUnknown:Release (This=0x648d4c) returned 0x3
[0217.642] WbemLocator:IUnknown:Release (This=0x648d68) returned 0x2
[0217.642] CoGetContextToken (in: pToken=0x19f1a8 | out: pToken=0x19f1a8) returned 0x0
[0217.642] CoGetContextToken (in: pToken=0x19f108 | out: pToken=0x19f108) returned 0x0
[0217.642] WbemLocator:IUnknown:QueryInterface (in: This=0x648d68, riid=0x19f1d8*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x19f1d4 | out: ppvObject=0x19f1d4*=0x652f28) returned 0x0
[0217.642] IUnknown:AddRef (This=0x652f28) returned 0x4
[0217.642] IUnknown:Release (This=0x652f28) returned 0x3
[0217.642] IUnknown:Release (This=0x652f28) returned 0x2
[0217.642] IUnknown:Release (This=0x652b40) returned 0x2
[0217.642] SysStringLen (param_1=0x0) returned 0x0
[0217.643] IEnumWbemClassObject:Reset (This=0x652f28) returned 0x0
[0217.843] CoTaskMemAlloc (cb=0x4) returned 0x6592d8
[0217.844] IEnumWbemClassObject:Next (This=0x652f28, lTimeout=-1, uCount=0x1, apObjects=0x6592d8, puReturned=0x22c7364)
Thread:
id = 117
os_tid = 0xce8
Thread:
id = 118
os_tid = 0x318
Thread:
id = 119
os_tid = 0x1200
[0202.397] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0202.397] RoInitialize () returned 0x1
[0202.397] RoUninitialize () returned 0x0
Thread:
id = 120
os_tid = 0x50c
Thread:
id = 121
os_tid = 0x6f8
Thread:
id = 122
os_tid = 0x1c4
Thread:
id = 143
os_tid = 0xae0
[0211.793] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0211.793] RoInitialize () returned 0x1
[0211.793] RoUninitialize () returned 0x0
[0211.833] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x4e0f5b4 | out: lpiid=0x4e0f5b4) returned 0x0
[0211.874] CoGetClassObject (in: rclsid=0x64993c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b4554e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x6592c8) returned 0x0
[0211.875] WbemDefPath:IUnknown:QueryInterface (in: This=0x6592c8, riid=0x6b4095e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e0 | out: ppvObject=0x4e0f4e0*=0x0) returned 0x80004002
[0211.875] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6592c8, pUnkOuter=0x0, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f4 | out: ppvObject=0x4e0f4f4*=0x64d6f8) returned 0x0
[0211.876] WbemDefPath:IUnknown:Release (This=0x6592c8) returned 0x0
[0211.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x64d6f8) returned 0x0
[0211.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002
[0211.876] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002
[0211.877] WbemDefPath:IUnknown:AddRef (This=0x64d6f8) returned 0x3
[0211.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea2c | out: ppvObject=0x4e0ea2c*=0x0) returned 0x80004002
[0211.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9dc | out: ppvObject=0x4e0e9dc*=0x0) returned 0x80004002
[0211.877] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e8 | out: ppvObject=0x4e0e9e8*=0x657d48) returned 0x0
[0211.877] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x657d48, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9f0 | out: pCid=0x4e0e9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0211.877] WbemDefPath:IUnknown:Release (This=0x657d48) returned 0x3
[0211.877] CoGetContextToken (in: pToken=0x4e0ea48 | out: pToken=0x4e0ea48) returned 0x0
[0211.879] CoGetContextToken (in: pToken=0x4e0ee50 | out: pToken=0x4e0ee50) returned 0x0
[0211.879] WbemDefPath:IUnknown:QueryInterface (in: This=0x64d6f8, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eee0 | out: ppvObject=0x4e0eee0*=0x0) returned 0x80004002
[0211.879] WbemDefPath:IUnknown:Release (This=0x64d6f8) returned 0x2
[0211.879] WbemDefPath:IUnknown:Release (This=0x64d6f8) returned 0x1
[0211.879] SetEvent (hEvent=0x3b8) returned 1
[0211.896] CoGetClassObject (in: rclsid=0x64993c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b4554e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x659278) returned 0x0
[0211.896] WbemDefPath:IUnknown:QueryInterface (in: This=0x659278, riid=0x6b4095e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e0 | out: ppvObject=0x4e0f4e0*=0x0) returned 0x80004002
[0211.896] WbemDefPath:IClassFactory:CreateInstance (in: This=0x659278, pUnkOuter=0x0, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f4 | out: ppvObject=0x4e0f4f4*=0x62f310) returned 0x0
[0211.897] WbemDefPath:IUnknown:Release (This=0x659278) returned 0x0
[0211.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x62f310) returned 0x0
[0211.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002
[0211.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002
[0211.897] WbemDefPath:IUnknown:AddRef (This=0x62f310) returned 0x3
[0211.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea2c | out: ppvObject=0x4e0ea2c*=0x0) returned 0x80004002
[0211.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9dc | out: ppvObject=0x4e0e9dc*=0x0) returned 0x80004002
[0211.897] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e8 | out: ppvObject=0x4e0e9e8*=0x657e98) returned 0x0
[0211.897] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x657e98, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9f0 | out: pCid=0x4e0e9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0211.897] WbemDefPath:IUnknown:Release (This=0x657e98) returned 0x3
[0211.897] CoGetContextToken (in: pToken=0x4e0ea48 | out: pToken=0x4e0ea48) returned 0x0
[0211.898] CoGetContextToken (in: pToken=0x4e0ee50 | out: pToken=0x4e0ee50) returned 0x0
[0211.898] WbemDefPath:IUnknown:QueryInterface (in: This=0x62f310, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eee0 | out: ppvObject=0x4e0eee0*=0x0) returned 0x80004002
[0211.898] WbemDefPath:IUnknown:Release (This=0x62f310) returned 0x2
[0211.898] WbemDefPath:IUnknown:Release (This=0x62f310) returned 0x1
[0211.898] SetEvent (hEvent=0x3f0) returned 1
[0211.900] CoGetClassObject (in: rclsid=0x64993c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b4554e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x6591b8) returned 0x0
[0211.900] WbemDefPath:IUnknown:QueryInterface (in: This=0x6591b8, riid=0x6b4095e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e0 | out: ppvObject=0x4e0f4e0*=0x0) returned 0x80004002
[0211.900] WbemDefPath:IClassFactory:CreateInstance (in: This=0x6591b8, pUnkOuter=0x0, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f4 | out: ppvObject=0x4e0f4f4*=0x62d428) returned 0x0
[0211.900] WbemDefPath:IUnknown:Release (This=0x6591b8) returned 0x0
[0211.900] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x62d428) returned 0x0
[0211.901] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002
[0211.901] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002
[0211.901] WbemDefPath:IUnknown:AddRef (This=0x62d428) returned 0x3
[0211.901] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea2c | out: ppvObject=0x4e0ea2c*=0x0) returned 0x80004002
[0211.901] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9dc | out: ppvObject=0x4e0e9dc*=0x0) returned 0x80004002
[0211.901] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e8 | out: ppvObject=0x4e0e9e8*=0x657e38) returned 0x0
[0211.901] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x657e38, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9f0 | out: pCid=0x4e0e9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0211.901] WbemDefPath:IUnknown:Release (This=0x657e38) returned 0x3
[0211.901] CoGetContextToken (in: pToken=0x4e0ea48 | out: pToken=0x4e0ea48) returned 0x0
[0211.901] CoGetContextToken (in: pToken=0x4e0ee50 | out: pToken=0x4e0ee50) returned 0x0
[0211.901] WbemDefPath:IUnknown:QueryInterface (in: This=0x62d428, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eee0 | out: ppvObject=0x4e0eee0*=0x0) returned 0x80004002
[0211.901] WbemDefPath:IUnknown:Release (This=0x62d428) returned 0x2
[0211.901] WbemDefPath:IUnknown:Release (This=0x62d428) returned 0x1
[0211.902] SetEvent (hEvent=0x3f4) returned 1
[0214.928] CoGetClassObject (in: rclsid=0x64993c*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b4554e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4e0f2c8 | out: ppv=0x4e0f2c8*=0x659278) returned 0x0
[0214.929] WbemDefPath:IUnknown:QueryInterface (in: This=0x659278, riid=0x6b4095e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4e0f4e0 | out: ppvObject=0x4e0f4e0*=0x0) returned 0x80004002
[0214.929] WbemDefPath:IClassFactory:CreateInstance (in: This=0x659278, pUnkOuter=0x0, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f4f4 | out: ppvObject=0x4e0f4f4*=0x66bc40) returned 0x0
[0214.929] WbemDefPath:IUnknown:Release (This=0x659278) returned 0x0
[0214.929] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0f114 | out: ppvObject=0x4e0f114*=0x66bc40) returned 0x0
[0214.929] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4e0f0d0 | out: ppvObject=0x4e0f0d0*=0x0) returned 0x80004002
[0214.929] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4e0ecc4 | out: ppvObject=0x4e0ecc4*=0x0) returned 0x80004002
[0214.929] WbemDefPath:IUnknown:AddRef (This=0x66bc40) returned 0x3
[0214.929] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4e0ea2c | out: ppvObject=0x4e0ea2c*=0x0) returned 0x80004002
[0214.930] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4e0e9dc | out: ppvObject=0x4e0e9dc*=0x0) returned 0x80004002
[0214.930] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0e9e8 | out: ppvObject=0x4e0e9e8*=0x657fb8) returned 0x0
[0214.930] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x657fb8, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4e0e9f0 | out: pCid=0x4e0e9f0*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0214.930] WbemDefPath:IUnknown:Release (This=0x657fb8) returned 0x3
[0214.930] CoGetContextToken (in: pToken=0x4e0ea48 | out: pToken=0x4e0ea48) returned 0x0
[0214.930] CoGetContextToken (in: pToken=0x4e0ee50 | out: pToken=0x4e0ee50) returned 0x0
[0214.930] WbemDefPath:IUnknown:QueryInterface (in: This=0x66bc40, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4e0eee0 | out: ppvObject=0x4e0eee0*=0x0) returned 0x80004002
[0214.930] WbemDefPath:IUnknown:Release (This=0x66bc40) returned 0x2
[0214.930] WbemDefPath:IUnknown:Release (This=0x66bc40) returned 0x1
[0214.930] SetEvent (hEvent=0x444) returned 1
Thread:
id = 144
os_tid = 0x290
[0211.954] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0
[0211.954] RoInitialize () returned 0x1
[0211.954] RoUninitialize () returned 0x0
[0211.955] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x4f4f7fc | out: lpiid=0x4f4f7fc) returned 0x0
[0211.957] CoGetClassObject (in: rclsid=0x64987c*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x6b4554e0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x4f4f510 | out: ppv=0x4f4f510*=0x657f40) returned 0x0
[0211.958] WbemLocator:IUnknown:QueryInterface (in: This=0x657f40, riid=0x6b4095e0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4f4f728 | out: ppvObject=0x4f4f728*=0x0) returned 0x80004002
[0211.958] WbemLocator:IClassFactory:CreateInstance (in: This=0x657f40, pUnkOuter=0x0, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f73c | out: ppvObject=0x4f4f73c*=0x659268) returned 0x0
[0211.958] WbemLocator:IUnknown:Release (This=0x657f40) returned 0x0
[0211.958] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f35c | out: ppvObject=0x4f4f35c*=0x659268) returned 0x0
[0211.959] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4f4f318 | out: ppvObject=0x4f4f318*=0x0) returned 0x80004002
[0211.959] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4f4ef0c | out: ppvObject=0x4f4ef0c*=0x0) returned 0x80004002
[0211.959] WbemLocator:IUnknown:AddRef (This=0x659268) returned 0x3
[0211.959] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4f4ec74 | out: ppvObject=0x4f4ec74*=0x0) returned 0x80004002
[0211.959] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4f4ec24 | out: ppvObject=0x4f4ec24*=0x0) returned 0x80004002
[0211.959] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4ec30 | out: ppvObject=0x4f4ec30*=0x0) returned 0x80004002
[0211.959] CoGetContextToken (in: pToken=0x4f4ec90 | out: pToken=0x4f4ec90) returned 0x0
[0211.960] CoGetObjectContext (in: riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x658214 | out: ppv=0x658214*=0x5f2158) returned 0x0
[0211.962] CoGetContextToken (in: pToken=0x4f4f098 | out: pToken=0x4f4f098) returned 0x0
[0211.962] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f128 | out: ppvObject=0x4f4f128*=0x0) returned 0x80004002
[0211.962] WbemLocator:IUnknown:Release (This=0x659268) returned 0x2
[0211.962] WbemLocator:IUnknown:Release (This=0x659268) returned 0x1
[0211.963] CoGetContextToken (in: pToken=0x4f4f708 | out: pToken=0x4f4f708) returned 0x0
[0211.963] CoGetContextToken (in: pToken=0x4f4f668 | out: pToken=0x4f4f668) returned 0x0
[0211.963] WbemLocator:IUnknown:QueryInterface (in: This=0x659268, riid=0x4f4f738*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x4f4f734 | out: ppvObject=0x4f4f734*=0x659268) returned 0x0
[0211.963] WbemLocator:IUnknown:AddRef (This=0x659268) returned 0x3
[0211.963] WbemLocator:IUnknown:Release (This=0x659268) returned 0x2
[0211.967] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x62d428, puCount=0x4f4f8cc | out: puCount=0x4f4f8cc*=0x2) returned 0x0
[0211.967] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=8, puBuffLength=0x4f4f8c8*=0x0, pszText=0x0 | out: puBuffLength=0x4f4f8c8*=0xf, pszText=0x0) returned 0x0
[0211.967] WbemDefPath:IWbemPath:GetText (in: This=0x62d428, lFlags=8, puBuffLength=0x4f4f8c8*=0xf, pszText="00000000000000" | out: puBuffLength=0x4f4f8c8*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0
[0211.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x4f4eb4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e
[0211.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll", cchWideChar=63, lpMultiByteStr=0x4f4f050, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll\x02ò\x18nfµW\x8c¶ «9kHóô\x04È\x87e", lpUsedDefaultChar=0x0) returned 63
[0211.985] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x6c710000
[0212.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x4f4f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1anfµW\x8c¶ «9kHóô\x04È\x87e", lpUsedDefaultChar=0x0) returned 13
[0212.641] GetProcAddress (hModule=0x6c710000, lpProcName="ResetSecurity") returned 0x6c7126fe
[0212.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x4f4f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 11
[0212.654] GetProcAddress (hModule=0x6c710000, lpProcName="SetSecurity") returned 0x6c712740
[0212.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x4f4f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesnfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 18
[0212.667] GetProcAddress (hModule=0x6c710000, lpProcName="BlessIWbemServices") returned 0x6c711e89
[0212.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x4f4f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 24
[0212.757] GetProcAddress (hModule=0x6c710000, lpProcName="BlessIWbemServicesObject") returned 0x6c711edb
[0212.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x4f4f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 17
[0212.846] GetProcAddress (hModule=0x6c710000, lpProcName="GetPropertyHandle") returned 0x6c7123d4
[0212.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x4f4f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValuenfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 18
[0212.917] GetProcAddress (hModule=0x6c710000, lpProcName="WritePropertyValue") returned 0x6c712837
[0212.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x4f4f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 5
[0212.933] GetProcAddress (hModule=0x6c710000, lpProcName="Clone") returned 0x6c711f2d
[0212.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x4f4f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 15
[0212.949] GetProcAddress (hModule=0x6c710000, lpProcName="VerifyClientKey") returned 0x6c7127d4
[0213.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x4f4f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 15
[0213.012] GetProcAddress (hModule=0x6c710000, lpProcName="GetQualifierSet") returned 0x6c712435
[0213.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x4f4f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 3
[0213.014] GetProcAddress (hModule=0x6c710000, lpProcName="Get") returned 0x6c7122f4
[0213.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x4f4f08c, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 3
[0213.039] GetProcAddress (hModule=0x6c710000, lpProcName="Put") returned 0x6c7124de
[0213.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x4f4f08c, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeletenfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 6
[0213.309] GetProcAddress (hModule=0x6c710000, lpProcName="Delete") returned 0x6c712151
[0213.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x4f4f088, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 8
[0213.319] GetProcAddress (hModule=0x6c710000, lpProcName="GetNames") returned 0x6c7123a2
[0213.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x4f4f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 16
[0213.401] GetProcAddress (hModule=0x6c710000, lpProcName="BeginEnumeration") returned 0x6c711e63
[0213.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x4f4f08c, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 4
[0213.410] GetProcAddress (hModule=0x6c710000, lpProcName="Next") returned 0x6c7124a3
[0213.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x4f4f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumerationnfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 14
[0213.426] GetProcAddress (hModule=0x6c710000, lpProcName="EndEnumeration") returned 0x6c7121e2
[0213.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x4f4f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 23
[0213.468] GetProcAddress (hModule=0x6c710000, lpProcName="GetPropertyQualifierSet") returned 0x6c71241f
[0213.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x4f4f08c, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 5
[0213.481] GetProcAddress (hModule=0x6c710000, lpProcName="Clone") returned 0x6c711f2d
[0213.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x4f4f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 13
[0213.482] GetProcAddress (hModule=0x6c710000, lpProcName="GetObjectText") returned 0x6c7123be
[0213.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x4f4f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 17
[0213.493] GetProcAddress (hModule=0x6c710000, lpProcName="SpawnDerivedClass") returned 0x6c712786
[0213.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x4f4f084, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 13
[0213.591] GetProcAddress (hModule=0x6c710000, lpProcName="SpawnInstance") returned 0x6c71279c
[0213.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x4f4f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 9
[0213.593] GetProcAddress (hModule=0x6c710000, lpProcName="CompareTo") returned 0x6c711fad
[0213.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x4f4f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 17
[0213.604] GetProcAddress (hModule=0x6c710000, lpProcName="GetPropertyOrigin") returned 0x6c712409
[0213.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="InheritsFrom", cchWideChar=12, lpMultiByteStr=0x4f4f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="InheritsFromD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 12
[0213.657] GetProcAddress (hModule=0x6c710000, lpProcName="InheritsFrom") returned 0x6c712448
[0213.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethod", cchWideChar=9, lpMultiByteStr=0x4f4f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethod\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 9
[0213.659] GetProcAddress (hModule=0x6c710000, lpProcName="GetMethod") returned 0x6c71235a
[0213.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutMethod", cchWideChar=9, lpMultiByteStr=0x4f4f088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutMethod\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 9
[0213.675] GetProcAddress (hModule=0x6c710000, lpProcName="PutMethod") returned 0x6c7125fa
[0213.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="DeleteMethod", cchWideChar=12, lpMultiByteStr=0x4f4f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeleteMethodD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 12
[0213.691] GetProcAddress (hModule=0x6c710000, lpProcName="DeleteMethod") returned 0x6c712164
[0213.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginMethodEnumeration", cchWideChar=22, lpMultiByteStr=0x4f4f07c, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginMethodEnumerationnfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 22
[0213.730] GetProcAddress (hModule=0x6c710000, lpProcName="BeginMethodEnumeration") returned 0x6c711e76
[0213.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NextMethod", cchWideChar=10, lpMultiByteStr=0x4f4f088, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextMethodnfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 10
[0213.731] GetProcAddress (hModule=0x6c710000, lpProcName="NextMethod") returned 0x6c7124c2
[0213.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndMethodEnumeration", cchWideChar=20, lpMultiByteStr=0x4f4f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndMethodEnumerationD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 20
[0213.748] GetProcAddress (hModule=0x6c710000, lpProcName="EndMethodEnumeration") returned 0x6c7121f2
[0213.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodQualifierSet", cchWideChar=21, lpMultiByteStr=0x4f4f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodQualifierSet\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 21
[0213.750] GetProcAddress (hModule=0x6c710000, lpProcName="GetMethodQualifierSet") returned 0x6c71238c
[0213.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetMethodOrigin", cchWideChar=15, lpMultiByteStr=0x4f4f080, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetMethodOrigin\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 15
[0213.753] GetProcAddress (hModule=0x6c710000, lpProcName="GetMethodOrigin") returned 0x6c712376
[0213.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Get", cchWideChar=16, lpMultiByteStr=0x4f4f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 16
[0213.755] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_Get") returned 0x6c71264c
[0213.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Put", cchWideChar=16, lpMultiByteStr=0x4f4f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_PutD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 16
[0213.810] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_Put") returned 0x6c71269a
[0213.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Delete", cchWideChar=19, lpMultiByteStr=0x4f4f07c, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Delete\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 19
[0213.830] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_Delete") returned 0x6c712629
[0213.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_GetNames", cchWideChar=21, lpMultiByteStr=0x4f4f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_GetNames\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 21
[0213.831] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_GetNames") returned 0x6c712668
[0213.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_BeginEnumeration", cchWideChar=29, lpMultiByteStr=0x4f4f074, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_BeginEnumeration\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 29
[0213.887] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_BeginEnumeration") returned 0x6c712616
[0213.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_Next", cchWideChar=17, lpMultiByteStr=0x4f4f080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_Next\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 17
[0213.889] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_Next") returned 0x6c71267e
[0213.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="QualifierSet_EndEnumeration", cchWideChar=27, lpMultiByteStr=0x4f4f074, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="QualifierSet_EndEnumeration\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 27
[0213.941] GetProcAddress (hModule=0x6c710000, lpProcName="QualifierSet_EndEnumeration") returned 0x6c71263c
[0213.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetCurrentApartmentType", cchWideChar=23, lpMultiByteStr=0x4f4f078, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetCurrentApartmentType\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 23
[0213.943] GetProcAddress (hModule=0x6c710000, lpProcName="GetCurrentApartmentType") returned 0x6c712435
[0213.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetDemultiplexedStub", cchWideChar=20, lpMultiByteStr=0x4f4f07c, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetDemultiplexedStubD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 20
[0213.952] GetProcAddress (hModule=0x6c710000, lpProcName="GetDemultiplexedStub") returned 0x6c712313
[0213.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateInstanceEnumWmi", cchWideChar=21, lpMultiByteStr=0x4f4f07c, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateInstanceEnumWmi\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 21
[0213.968] GetProcAddress (hModule=0x6c710000, lpProcName="CreateInstanceEnumWmi") returned 0x6c7120db
[0214.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CreateClassEnumWmi", cchWideChar=18, lpMultiByteStr=0x4f4f080, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CreateClassEnumWminfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 18
[0214.038] GetProcAddress (hModule=0x6c710000, lpProcName="CreateClassEnumWmi") returned 0x6c712065
[0214.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecQueryWmi", cchWideChar=12, lpMultiByteStr=0x4f4f084, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecQueryWmiD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 12
[0214.040] GetProcAddress (hModule=0x6c710000, lpProcName="ExecQueryWmi") returned 0x6c71227b
[0214.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ExecNotificationQueryWmi", cchWideChar=24, lpMultiByteStr=0x4f4f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ExecNotificationQueryWmiD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 24
[0214.232] GetProcAddress (hModule=0x6c710000, lpProcName="ExecNotificationQueryWmi") returned 0x6c712202
[0214.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutInstanceWmi", cchWideChar=14, lpMultiByteStr=0x4f4f084, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutInstanceWminfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 14
[0214.234] GetProcAddress (hModule=0x6c710000, lpProcName="PutInstanceWmi") returned 0x6c71257a
[0214.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PutClassWmi", cchWideChar=11, lpMultiByteStr=0x4f4f084, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PutClassWmi\x02D\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 11
[0214.299] GetProcAddress (hModule=0x6c710000, lpProcName="PutClassWmi") returned 0x6c7124fa
[0214.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CloneEnumWbemClassObject", cchWideChar=24, lpMultiByteStr=0x4f4f078, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CloneEnumWbemClassObjectD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 24
[0214.301] GetProcAddress (hModule=0x6c710000, lpProcName="CloneEnumWbemClassObject") returned 0x6c711f40
[0214.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ConnectServerWmi", cchWideChar=16, lpMultiByteStr=0x4f4f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ConnectServerWmiD\x1anfµW\x8c¶ «9kHóô\x04", lpUsedDefaultChar=0x0) returned 16
[0214.329] GetProcAddress (hModule=0x6c710000, lpProcName="ConnectServerWmi") returned 0x6c711fc3
[0214.456] CoCreateInstance (in: rclsid=0x6c711284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x6c7112e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x4f4f7a4 | out: ppv=0x4f4f7a4*=0x6591b8) returned 0x0
[0214.456] WbemLocator:IWbemLocator:ConnectServer (in: This=0x6591b8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x4f4f838 | out: ppNamespace=0x4f4f838*=0x63f5b0) returned 0x0
[0214.671] WbemLocator:IUnknown:QueryInterface (in: This=0x63f5b0, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f6d4 | out: ppvObject=0x4f4f6d4*=0x647b44) returned 0x0
[0214.671] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x647b44, pProxy=0x63f5b0, pAuthnSvc=0x4f4f724, pAuthzSvc=0x4f4f720, pServerPrincName=0x4f4f718, pAuthnLevel=0x4f4f71c, pImpLevel=0x4f4f70c, pAuthInfo=0x4f4f710, pCapabilites=0x4f4f714 | out: pAuthnSvc=0x4f4f724*=0xa, pAuthzSvc=0x4f4f720*=0x0, pServerPrincName=0x4f4f718, pAuthnLevel=0x4f4f71c*=0x6, pImpLevel=0x4f4f70c*=0x2, pAuthInfo=0x4f4f710, pCapabilites=0x4f4f714*=0x1) returned 0x0
[0214.671] WbemLocator:IUnknown:Release (This=0x647b44) returned 0x1
[0214.671] WbemLocator:IUnknown:QueryInterface (in: This=0x63f5b0, riid=0x6c7110f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f6c8 | out: ppvObject=0x4f4f6c8*=0x647b68) returned 0x0
[0214.671] WbemLocator:IUnknown:QueryInterface (in: This=0x63f5b0, riid=0x6c711104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f6c4 | out: ppvObject=0x4f4f6c4*=0x647b44) returned 0x0
[0214.672] WbemLocator:IClientSecurity:SetBlanket (This=0x647b44, pProxy=0x63f5b0, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0
[0214.672] WbemLocator:IUnknown:Release (This=0x647b44) returned 0x2
[0214.672] WbemLocator:IUnknown:Release (This=0x647b68) returned 0x1
[0214.672] CoTaskMemFree (pv=0x6605d0)
[0214.672] WbemLocator:IUnknown:Release (This=0x6591b8) returned 0x0
[0214.672] WbemLocator:IUnknown:QueryInterface (in: This=0x63f5b0, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f2c4 | out: ppvObject=0x4f4f2c4*=0x647b68) returned 0x0
[0214.672] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x6b4dfdcc*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x4f4f280 | out: ppvObject=0x4f4f280*=0x0) returned 0x80004002
[0214.686] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x6b4dfb20*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x4f4f09c | out: ppvObject=0x4f4f09c*=0x0) returned 0x80004002
[0214.722] WbemLocator:IUnknown:QueryInterface (in: This=0x63f5b0, riid=0x6b4e056c*(Data1=0xaf86e2e0, Data2=0xb12d, Data3=0x4c6a, Data4=([0]=0x9c, [1]=0x5a, [2]=0xd7, [3]=0xaa, [4]=0x65, [5]=0x10, [6]=0x1e, [7]=0x90)), ppvObject=0x4f4ee74 | out: ppvObject=0x4f4ee74*=0x0) returned 0x80004002
[0214.740] WbemLocator:IUnknown:AddRef (This=0x647b68) returned 0x3
[0214.740] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x6b4e0208*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x4f4ebdc | out: ppvObject=0x4f4ebdc*=0x0) returned 0x80004002
[0214.740] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x6b4e015c*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x4f4eb8c | out: ppvObject=0x4f4eb8c*=0x0) returned 0x80004002
[0214.740] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x6b3b40e8*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4eb98 | out: ppvObject=0x4f4eb98*=0x647ac4) returned 0x0
[0214.741] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x647ac4, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x4f4eba0 | out: pCid=0x4f4eba0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0
[0214.741] WbemLocator:IUnknown:Release (This=0x647ac4) returned 0x3
[0214.741] CoGetContextToken (in: pToken=0x4f4ebf8 | out: pToken=0x4f4ebf8) returned 0x0
[0214.741] CoGetContextToken (in: pToken=0x4f4f000 | out: pToken=0x4f4f000) returned 0x0
[0214.741] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x6b4e0448*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x4f4f090 | out: ppvObject=0x4f4f090*=0x647b4c) returned 0x0
[0214.741] WbemLocator:IRpcOptions:Query (in: This=0x647b4c, pPrx=0x647b68, dwProperty=2, pdwValue=0x4f4f0b8 | out: pdwValue=0x4f4f0b8) returned 0x80004002
[0214.741] WbemLocator:IUnknown:Release (This=0x647b4c) returned 0x3
[0214.741] WbemLocator:IUnknown:Release (This=0x647b68) returned 0x2
[0214.741] CoGetContextToken (in: pToken=0x4f4f5d8 | out: pToken=0x4f4f5d8) returned 0x0
[0214.742] CoGetContextToken (in: pToken=0x4f4f538 | out: pToken=0x4f4f538) returned 0x0
[0214.742] WbemLocator:IUnknown:QueryInterface (in: This=0x647b68, riid=0x4f4f608*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x4f4f604 | out: ppvObject=0x4f4f604*=0x63f5b0) returned 0x0
[0214.762] WbemLocator:IUnknown:AddRef (This=0x63f5b0) returned 0x4
[0214.762] WbemLocator:IUnknown:Release (This=0x63f5b0) returned 0x3
[0214.762] WbemLocator:IUnknown:Release (This=0x63f5b0) returned 0x2
[0214.767] SysStringLen (param_1=0x0) returned 0x0
[0214.768] CoUninitialize ()
Thread:
id = 145
os_tid = 0x3a0
[0214.799] CoGetContextToken (in: pToken=0x4f4f26c | out: pToken=0x4f4f26c) returned 0x0
[0214.799] CoGetContextToken (in: pToken=0x4f4f25c | out: pToken=0x4f4f25c) returned 0x0
[0214.799] CoGetMarshalSizeMax (in: pulSize=0x4f4f218, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x647b68, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0 | out: pulSize=0x4f4f218) returned 0x0
[0214.800] CoMarshalInterface (pStm=0x639c30, riid=0x6b3a6c6c*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnk=0x647b68, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0) returned 0x0
Process:
id = "8"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x370aa000"
os_pid = "0x994"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x274"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xe], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xe], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac2c" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 1647
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1648
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1649
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1650
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1651
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1652
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1653
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1654
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1655
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1656
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1657
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1658
start_va = 0x1f0000
end_va = 0x1f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1659
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1660
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 1661
start_va = 0x410000
end_va = 0x414fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1662
start_va = 0x420000
end_va = 0x420fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000420000"
filename = ""
Region:
id = 1663
start_va = 0x430000
end_va = 0x430fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000430000"
filename = ""
Region:
id = 1664
start_va = 0x440000
end_va = 0x440fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000440000"
filename = ""
Region:
id = 1665
start_va = 0x450000
end_va = 0x45ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000450000"
filename = ""
Region:
id = 1666
start_va = 0x460000
end_va = 0x55ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000460000"
filename = ""
Region:
id = 1667
start_va = 0x5e0000
end_va = 0x916fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1668
start_va = 0x920000
end_va = 0xaa7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000920000"
filename = ""
Region:
id = 1669
start_va = 0xab0000
end_va = 0xc30fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000ab0000"
filename = ""
Region:
id = 1670
start_va = 0xc40000
end_va = 0xcfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000c40000"
filename = ""
Region:
id = 1671
start_va = 0xd00000
end_va = 0xd7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d00000"
filename = ""
Region:
id = 1672
start_va = 0xd80000
end_va = 0xe7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000d80000"
filename = ""
Region:
id = 1673
start_va = 0xe80000
end_va = 0xefffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 1674
start_va = 0xf00000
end_va = 0xf7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f00000"
filename = ""
Region:
id = 1675
start_va = 0xf80000
end_va = 0xffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000f80000"
filename = ""
Region:
id = 1676
start_va = 0x1000000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1677
start_va = 0x1080000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001080000"
filename = ""
Region:
id = 1678
start_va = 0x1100000
end_va = 0x117ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001100000"
filename = ""
Region:
id = 1679
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1680
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1681
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1682
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1683
start_va = 0x7ff748430000
end_va = 0x7ff7484affff
monitored = 0
entry_point = 0x7ff748445f50
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1684
start_va = 0x7ff865f80000
end_va = 0x7ff865fccfff
monitored = 0
entry_point = 0x7ff865f8b470
region_type = mapped_file
name = "pdh.dll"
filename = "\\Windows\\System32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")
Region:
id = 1685
start_va = 0x7ff869420000
end_va = 0x7ff869444fff
monitored = 1
entry_point = 0x7ff869435dc0
region_type = mapped_file
name = "wmiperfclass.dll"
filename = "\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")
Region:
id = 1686
start_va = 0x7ff86e7c0000
end_va = 0x7ff86e7fcfff
monitored = 1
entry_point = 0x7ff86e7cb760
region_type = mapped_file
name = "wmiprov.dll"
filename = "\\Windows\\System32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")
Region:
id = 1687
start_va = 0x7ff8702c0000
end_va = 0x7ff8702d5fff
monitored = 0
entry_point = 0x7ff8702c55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1688
start_va = 0x7ff870430000
end_va = 0x7ff870454fff
monitored = 0
entry_point = 0x7ff870439900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1689
start_va = 0x7ff870460000
end_va = 0x7ff870473fff
monitored = 0
entry_point = 0x7ff870461800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1690
start_va = 0x7ff870480000
end_va = 0x7ff870575fff
monitored = 0
entry_point = 0x7ff8704b9590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1691
start_va = 0x7ff870890000
end_va = 0x7ff8708a0fff
monitored = 0
entry_point = 0x7ff870892fc0
region_type = mapped_file
name = "wbemprox.dll"
filename = "\\Windows\\System32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")
Region:
id = 1692
start_va = 0x7ff872310000
end_va = 0x7ff87238efff
monitored = 1
entry_point = 0x7ff872327110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1693
start_va = 0x7ff87b6f0000
end_va = 0x7ff87b700fff
monitored = 0
entry_point = 0x7ff87b6f3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 1694
start_va = 0x7ff87d7f0000
end_va = 0x7ff87d853fff
monitored = 0
entry_point = 0x7ff87d805ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 1695
start_va = 0x7ff8807d0000
end_va = 0x7ff880800fff
monitored = 0
entry_point = 0x7ff8807d7d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 1696
start_va = 0x7ff881170000
end_va = 0x7ff881198fff
monitored = 0
entry_point = 0x7ff881184530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1697
start_va = 0x7ff881330000
end_va = 0x7ff88133efff
monitored = 0
entry_point = 0x7ff881333210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1698
start_va = 0x7ff881d50000
end_va = 0x7ff881db9fff
monitored = 0
entry_point = 0x7ff881d86d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1699
start_va = 0x7ff881ed0000
end_va = 0x7ff8820b7fff
monitored = 0
entry_point = 0x7ff881efba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1700
start_va = 0x7ff8820c0000
end_va = 0x7ff882215fff
monitored = 0
entry_point = 0x7ff8820ca8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1701
start_va = 0x7ff882220000
end_va = 0x7ff8822bcfff
monitored = 0
entry_point = 0x7ff8822278a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1702
start_va = 0x7ff8822c0000
end_va = 0x7ff88253cfff
monitored = 0
entry_point = 0x7ff882394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1703
start_va = 0x7ff882550000
end_va = 0x7ff8825aafff
monitored = 0
entry_point = 0x7ff8825638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1704
start_va = 0x7ff883b80000
end_va = 0x7ff883beafff
monitored = 0
entry_point = 0x7ff883b990c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1705
start_va = 0x7ff883bf0000
end_va = 0x7ff883d0bfff
monitored = 0
entry_point = 0x7ff883c302b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1706
start_va = 0x7ff8841b0000
end_va = 0x7ff884256fff
monitored = 0
entry_point = 0x7ff8841bb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1707
start_va = 0x7ff884410000
end_va = 0x7ff8844d0fff
monitored = 0
entry_point = 0x7ff884430da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1708
start_va = 0x7ff884920000
end_va = 0x7ff8849c6fff
monitored = 0
entry_point = 0x7ff8849358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1709
start_va = 0x7ff884a10000
end_va = 0x7ff884b95fff
monitored = 0
entry_point = 0x7ff884a5ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1710
start_va = 0x7ff884c10000
end_va = 0x7ff884cbcfff
monitored = 0
entry_point = 0x7ff884c281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1711
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Thread:
id = 123
os_tid = 0xfdc
Thread:
id = 124
os_tid = 0xfa4
Thread:
id = 125
os_tid = 0xf80
Thread:
id = 126
os_tid = 0x754
Thread:
id = 127
os_tid = 0x7d4
Thread:
id = 128
os_tid = 0x5b0
Thread:
id = 129
os_tid = 0x57c
Thread:
id = 130
os_tid = 0x584
Thread:
id = 157
os_tid = 0x1038
Process:
id = "9"
image_name = "wmiprvse.exe"
filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe"
page_root = "0x1c71000"
os_pid = "0xef4"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "6"
os_parent_pid = "0x274"
cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Network Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0003b01b" [0xc000000f]
Region:
id = 1521
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 1522
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 1523
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 1524
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 1525
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 1526
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 1527
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 1528
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 1529
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 1530
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 1531
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 1532
start_va = 0x1f0000
end_va = 0x1f1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 1533
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 1534
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 1535
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 1536
start_va = 0x550000
end_va = 0x554fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "user32.dll.mui"
filename = "\\Windows\\System32\\en-US\\user32.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\user32.dll.mui")
Region:
id = 1537
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 1538
start_va = 0x570000
end_va = 0x570fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000570000"
filename = ""
Region:
id = 1539
start_va = 0x580000
end_va = 0x580fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000580000"
filename = ""
Region:
id = 1540
start_va = 0x590000
end_va = 0x592fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "cimwin32.dll.mui"
filename = "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui" (normalized: "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui")
Region:
id = 1541
start_va = 0x5a0000
end_va = 0x69ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 1542
start_va = 0x6a0000
end_va = 0x79ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006a0000"
filename = ""
Region:
id = 1543
start_va = 0x810000
end_va = 0x81ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 1544
start_va = 0x820000
end_va = 0xb56fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 1545
start_va = 0xb60000
end_va = 0xce7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b60000"
filename = ""
Region:
id = 1546
start_va = 0xcf0000
end_va = 0xe70fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000cf0000"
filename = ""
Region:
id = 1547
start_va = 0xe80000
end_va = 0xf7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000e80000"
filename = ""
Region:
id = 1548
start_va = 0x1000000
end_va = 0x107ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001000000"
filename = ""
Region:
id = 1549
start_va = 0x1080000
end_va = 0x10fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001080000"
filename = ""
Region:
id = 1550
start_va = 0x1180000
end_va = 0x11fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001180000"
filename = ""
Region:
id = 1551
start_va = 0x1300000
end_va = 0x137ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 1552
start_va = 0x1380000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001380000"
filename = ""
Region:
id = 1553
start_va = 0x1400000
end_va = 0x147ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 1554
start_va = 0x1500000
end_va = 0x157ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 1555
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 1556
start_va = 0x180000000
end_va = 0x180002fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "security.dll"
filename = "\\Windows\\System32\\security.dll" (normalized: "c:\\windows\\system32\\security.dll")
Region:
id = 1557
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 1558
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 1559
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 1560
start_va = 0x7ff748430000
end_va = 0x7ff7484affff
monitored = 0
entry_point = 0x7ff748445f50
region_type = mapped_file
name = "wmiprvse.exe"
filename = "\\Windows\\System32\\wbem\\WmiPrvSE.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")
Region:
id = 1561
start_va = 0x7ff868ff0000
end_va = 0x7ff8691befff
monitored = 1
entry_point = 0x7ff869017df0
region_type = mapped_file
name = "cimwin32.dll"
filename = "\\Windows\\System32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")
Region:
id = 1562
start_va = 0x7ff8702c0000
end_va = 0x7ff8702d5fff
monitored = 0
entry_point = 0x7ff8702c55e0
region_type = mapped_file
name = "ncobjapi.dll"
filename = "\\Windows\\System32\\ncobjapi.dll" (normalized: "c:\\windows\\system32\\ncobjapi.dll")
Region:
id = 1563
start_va = 0x7ff870430000
end_va = 0x7ff870454fff
monitored = 0
entry_point = 0x7ff870439900
region_type = mapped_file
name = "wmiutils.dll"
filename = "\\Windows\\System32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")
Region:
id = 1564
start_va = 0x7ff870460000
end_va = 0x7ff870473fff
monitored = 0
entry_point = 0x7ff870461800
region_type = mapped_file
name = "wbemsvc.dll"
filename = "\\Windows\\System32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")
Region:
id = 1565
start_va = 0x7ff870480000
end_va = 0x7ff870575fff
monitored = 0
entry_point = 0x7ff8704b9590
region_type = mapped_file
name = "fastprox.dll"
filename = "\\Windows\\System32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")
Region:
id = 1566
start_va = 0x7ff8715e0000
end_va = 0x7ff8715edfff
monitored = 0
entry_point = 0x7ff8715e1da0
region_type = mapped_file
name = "winbrand.dll"
filename = "\\Windows\\System32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")
Region:
id = 1567
start_va = 0x7ff872310000
end_va = 0x7ff87238efff
monitored = 1
entry_point = 0x7ff872327110
region_type = mapped_file
name = "wbemcomn.dll"
filename = "\\Windows\\System32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")
Region:
id = 1568
start_va = 0x7ff872470000
end_va = 0x7ff87247bfff
monitored = 0
entry_point = 0x7ff8724735c0
region_type = mapped_file
name = "secur32.dll"
filename = "\\Windows\\System32\\secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")
Region:
id = 1569
start_va = 0x7ff874750000
end_va = 0x7ff874775fff
monitored = 0
entry_point = 0x7ff874751cf0
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 1570
start_va = 0x7ff876980000
end_va = 0x7ff876993fff
monitored = 0
entry_point = 0x7ff876981310
region_type = mapped_file
name = "browcli.dll"
filename = "\\Windows\\System32\\browcli.dll" (normalized: "c:\\windows\\system32\\browcli.dll")
Region:
id = 1571
start_va = 0x7ff879720000
end_va = 0x7ff879731fff
monitored = 0
entry_point = 0x7ff879723580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 1572
start_va = 0x7ff879a50000
end_va = 0x7ff879a5afff
monitored = 0
entry_point = 0x7ff879a512b0
region_type = mapped_file
name = "schedcli.dll"
filename = "\\Windows\\System32\\schedcli.dll" (normalized: "c:\\windows\\system32\\schedcli.dll")
Region:
id = 1573
start_va = 0x7ff87aa90000
end_va = 0x7ff87aaa5fff
monitored = 0
entry_point = 0x7ff87aa91b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 1574
start_va = 0x7ff87abd0000
end_va = 0x7ff87ac1dfff
monitored = 0
entry_point = 0x7ff87abe1ce0
region_type = mapped_file
name = "framedynos.dll"
filename = "\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")
Region:
id = 1575
start_va = 0x7ff87b160000
end_va = 0x7ff87b178fff
monitored = 0
entry_point = 0x7ff87b164520
region_type = mapped_file
name = "samcli.dll"
filename = "\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")
Region:
id = 1576
start_va = 0x7ff87d720000
end_va = 0x7ff87d75dfff
monitored = 0
entry_point = 0x7ff87d72a050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 1577
start_va = 0x7ff87e420000
end_va = 0x7ff87e429fff
monitored = 0
entry_point = 0x7ff87e421660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 1578
start_va = 0x7ff87fad0000
end_va = 0x7ff87fae2fff
monitored = 0
entry_point = 0x7ff87fad2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 1579
start_va = 0x7ff87fd00000
end_va = 0x7ff87fd26fff
monitored = 0
entry_point = 0x7ff87fd07940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 1580
start_va = 0x7ff8806f0000
end_va = 0x7ff8806fbfff
monitored = 0
entry_point = 0x7ff8806f27e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 1581
start_va = 0x7ff880830000
end_va = 0x7ff8808a9fff
monitored = 0
entry_point = 0x7ff880851a50
region_type = mapped_file
name = "schannel.dll"
filename = "\\Windows\\System32\\schannel.dll" (normalized: "c:\\windows\\system32\\schannel.dll")
Region:
id = 1582
start_va = 0x7ff880f60000
end_va = 0x7ff880f8cfff
monitored = 0
entry_point = 0x7ff880f79d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 1583
start_va = 0x7ff8810f0000
end_va = 0x7ff881145fff
monitored = 0
entry_point = 0x7ff881100bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 1584
start_va = 0x7ff881170000
end_va = 0x7ff881198fff
monitored = 0
entry_point = 0x7ff881184530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 1585
start_va = 0x7ff8812e0000
end_va = 0x7ff88132afff
monitored = 0
entry_point = 0x7ff8812e35f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 1586
start_va = 0x7ff881330000
end_va = 0x7ff88133efff
monitored = 0
entry_point = 0x7ff881333210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 1587
start_va = 0x7ff881360000
end_va = 0x7ff88136ffff
monitored = 0
entry_point = 0x7ff8813656e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 1588
start_va = 0x7ff881370000
end_va = 0x7ff8813b2fff
monitored = 0
entry_point = 0x7ff881384b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 1589
start_va = 0x7ff881450000
end_va = 0x7ff881616fff
monitored = 0
entry_point = 0x7ff8814adb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 1590
start_va = 0x7ff881d30000
end_va = 0x7ff881d46fff
monitored = 0
entry_point = 0x7ff881d31390
region_type = mapped_file
name = "netapi32.dll"
filename = "\\Windows\\System32\\netapi32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")
Region:
id = 1591
start_va = 0x7ff881d50000
end_va = 0x7ff881db9fff
monitored = 0
entry_point = 0x7ff881d86d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 1592
start_va = 0x7ff881ed0000
end_va = 0x7ff8820b7fff
monitored = 0
entry_point = 0x7ff881efba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 1593
start_va = 0x7ff8820c0000
end_va = 0x7ff882215fff
monitored = 0
entry_point = 0x7ff8820ca8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 1594
start_va = 0x7ff882220000
end_va = 0x7ff8822bcfff
monitored = 0
entry_point = 0x7ff8822278a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 1595
start_va = 0x7ff8822c0000
end_va = 0x7ff88253cfff
monitored = 0
entry_point = 0x7ff882394970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 1596
start_va = 0x7ff882550000
end_va = 0x7ff8825aafff
monitored = 0
entry_point = 0x7ff8825638b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 1597
start_va = 0x7ff883b80000
end_va = 0x7ff883beafff
monitored = 0
entry_point = 0x7ff883b990c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 1598
start_va = 0x7ff883bf0000
end_va = 0x7ff883d0bfff
monitored = 0
entry_point = 0x7ff883c302b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 1599
start_va = 0x7ff8841b0000
end_va = 0x7ff884256fff
monitored = 0
entry_point = 0x7ff8841bb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 1600
start_va = 0x7ff884410000
end_va = 0x7ff8844d0fff
monitored = 0
entry_point = 0x7ff884430da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 1601
start_va = 0x7ff884920000
end_va = 0x7ff8849c6fff
monitored = 0
entry_point = 0x7ff8849358d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 1602
start_va = 0x7ff884a10000
end_va = 0x7ff884b95fff
monitored = 0
entry_point = 0x7ff884a5ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 1603
start_va = 0x7ff884c10000
end_va = 0x7ff884cbcfff
monitored = 0
entry_point = 0x7ff884c281a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 1604
start_va = 0x7ff884cc0000
end_va = 0x7ff884e80fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 1723
start_va = 0x400000
end_va = 0x401fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000400000"
filename = ""
Region:
id = 1724
start_va = 0x410000
end_va = 0x414fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000410000"
filename = ""
Region:
id = 1725
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 1728
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1729
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1730
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1731
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1732
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1733
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1734
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1735
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1736
start_va = 0x410000
end_va = 0x429fff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1737
start_va = 0x430000
end_va = 0x435fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1738
start_va = 0x410000
end_va = 0x429fff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1739
start_va = 0x430000
end_va = 0x435fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1740
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1741
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1742
start_va = 0x1640000
end_va = 0x1a3afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001640000"
filename = ""
Region:
id = 1743
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1744
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1745
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1746
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1747
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1748
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1749
start_va = 0x410000
end_va = 0x438fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1750
start_va = 0x1a40000
end_va = 0x1b23fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1751
start_va = 0x410000
end_va = 0x438fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1752
start_va = 0x1a40000
end_va = 0x1b23fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1753
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "afd.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui")
Region:
id = 1754
start_va = 0x1580000
end_va = 0x1612fff
monitored = 0
entry_point = 0x15f9000
region_type = mapped_file
name = "afd.sys"
filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys")
Region:
id = 1757
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "afd.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui")
Region:
id = 1758
start_va = 0x1580000
end_va = 0x1612fff
monitored = 0
entry_point = 0x15f9000
region_type = mapped_file
name = "afd.sys"
filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys")
Region:
id = 1759
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fvevol.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui")
Region:
id = 1760
start_va = 0x1580000
end_va = 0x1620fff
monitored = 0
entry_point = 0x1613000
region_type = mapped_file
name = "fvevol.sys"
filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys")
Region:
id = 1761
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fvevol.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui")
Region:
id = 1762
start_va = 0x1580000
end_va = 0x1620fff
monitored = 0
entry_point = 0x1613000
region_type = mapped_file
name = "fvevol.sys"
filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys")
Region:
id = 1763
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1764
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1765
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1766
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1767
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1768
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1769
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1770
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1771
start_va = 0x410000
end_va = 0x41efff
monitored = 0
entry_point = 0x4136e0
region_type = mapped_file
name = "dmvsc.sys"
filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys")
Region:
id = 1772
start_va = 0x420000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dmvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui")
Region:
id = 1773
start_va = 0x410000
end_va = 0x41efff
monitored = 0
entry_point = 0x4136e0
region_type = mapped_file
name = "dmvsc.sys"
filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys")
Region:
id = 1774
start_va = 0x420000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dmvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui")
Region:
id = 1775
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1776
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1777
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1778
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1779
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1780
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1781
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1782
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1783
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1784
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1785
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1786
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1787
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1788
start_va = 0x1a40000
end_va = 0x1b4efff
monitored = 0
entry_point = 0x1a7c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1789
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1790
start_va = 0x1a40000
end_va = 0x1b4efff
monitored = 0
entry_point = 0x1a7c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1792
start_va = 0x410000
end_va = 0x426fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcpip.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui")
Region:
id = 1793
start_va = 0x1a40000
end_va = 0x1c96fff
monitored = 0
entry_point = 0x1c4ce10
region_type = mapped_file
name = "tcpip.sys"
filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys")
Region:
id = 1794
start_va = 0x410000
end_va = 0x426fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcpip.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui")
Region:
id = 1795
start_va = 0x1a40000
end_va = 0x1c96fff
monitored = 0
entry_point = 0x1c4ce10
region_type = mapped_file
name = "tcpip.sys"
filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys")
Region:
id = 1796
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1797
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1798
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1799
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1800
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1801
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1802
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1803
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1804
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1805
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1806
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1807
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1808
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 1809
start_va = 0x420000
end_va = 0x42dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 1810
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 1811
start_va = 0x420000
end_va = 0x42dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 1812
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 1813
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 1814
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 1815
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 1816
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 1817
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 1818
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 1819
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 1820
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 1821
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 1822
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 1823
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 1824
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 1825
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 1826
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 1827
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 1828
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 1829
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 1830
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 1831
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 1832
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 1833
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 1834
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 1835
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 1836
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1837
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1838
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1839
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1840
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1841
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1842
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1843
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1844
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1845
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1846
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1847
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1848
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1849
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1850
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1851
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1852
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1853
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1854
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1855
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1856
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1857
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1858
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1859
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1860
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1861
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1862
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1863
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1864
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1865
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1866
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1867
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1868
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1869
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1870
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 1871
start_va = 0x1a40000
end_va = 0x1b5ffff
monitored = 0
entry_point = 0x1b3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 1872
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1873
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1874
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1875
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1876
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1877
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1878
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1879
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1880
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1881
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1882
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1883
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1884
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1885
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1886
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1887
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1888
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1889
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1890
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1891
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1892
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1893
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1895
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1896
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1897
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1898
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1899
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 1900
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 1901
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mrxsmb.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui")
Region:
id = 1902
start_va = 0xf80000
end_va = 0xff1fff
monitored = 0
entry_point = 0xfd7000
region_type = mapped_file
name = "mrxsmb.sys"
filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys")
Region:
id = 1903
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mrxsmb.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui")
Region:
id = 1904
start_va = 0xf80000
end_va = 0xff1fff
monitored = 0
entry_point = 0xfd7000
region_type = mapped_file
name = "mrxsmb.sys"
filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys")
Region:
id = 1905
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1906
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1907
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1908
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1909
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1910
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1911
start_va = 0x410000
end_va = 0x425fff
monitored = 0
entry_point = 0x420420
region_type = mapped_file
name = "synth3dvsc.sys"
filename = "\\Windows\\System32\\drivers\\Synth3dVsc.sys" (normalized: "c:\\windows\\system32\\drivers\\synth3dvsc.sys")
Region:
id = 1912
start_va = 0x430000
end_va = 0x432fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "synth3dvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\synth3dvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\synth3dvsc.sys.mui")
Region:
id = 1913
start_va = 0x410000
end_va = 0x429fff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1914
start_va = 0x430000
end_va = 0x435fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1915
start_va = 0x410000
end_va = 0x429fff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\WorkflowServiceHostPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\workflowservicehostperformancecounters.dll")
Region:
id = 1916
start_va = 0x430000
end_va = 0x435fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "workflowservicehostperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\WorkflowServiceHostPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\workflowservicehostperformancecounters.dll.mui")
Region:
id = 1917
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1918
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1919
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1920
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1921
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1922
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1923
start_va = 0x410000
end_va = 0x43afff
monitored = 0
entry_point = 0x42d000
region_type = mapped_file
name = "pacer.sys"
filename = "\\Windows\\System32\\drivers\\pacer.sys" (normalized: "c:\\windows\\system32\\drivers\\pacer.sys")
Region:
id = 1924
start_va = 0x440000
end_va = 0x444fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "pacer.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\pacer.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\pacer.sys.mui")
Region:
id = 1931
start_va = 0x410000
end_va = 0x438fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1932
start_va = 0x1a40000
end_va = 0x1b23fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1933
start_va = 0x410000
end_va = 0x438fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll.mui"
filename = "\\Windows\\System32\\en-US\\FXSRESM.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\fxsresm.dll.mui")
Region:
id = 1934
start_va = 0x1a40000
end_va = 0x1b23fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fxsresm.dll"
filename = "\\Windows\\System32\\FXSRESM.dll" (normalized: "c:\\windows\\system32\\fxsresm.dll")
Region:
id = 1935
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "afd.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui")
Region:
id = 1936
start_va = 0x1580000
end_va = 0x1612fff
monitored = 0
entry_point = 0x15f9000
region_type = mapped_file
name = "afd.sys"
filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys")
Region:
id = 1937
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "afd.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\afd.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\afd.sys.mui")
Region:
id = 1938
start_va = 0x1580000
end_va = 0x1612fff
monitored = 0
entry_point = 0x15f9000
region_type = mapped_file
name = "afd.sys"
filename = "\\Windows\\System32\\drivers\\afd.sys" (normalized: "c:\\windows\\system32\\drivers\\afd.sys")
Region:
id = 1939
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fvevol.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui")
Region:
id = 1940
start_va = 0x1580000
end_va = 0x1620fff
monitored = 0
entry_point = 0x1613000
region_type = mapped_file
name = "fvevol.sys"
filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys")
Region:
id = 1942
start_va = 0x410000
end_va = 0x415fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "fvevol.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\fvevol.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\fvevol.sys.mui")
Region:
id = 1943
start_va = 0x1580000
end_va = 0x1620fff
monitored = 0
entry_point = 0x1613000
region_type = mapped_file
name = "fvevol.sys"
filename = "\\Windows\\System32\\drivers\\fvevol.sys" (normalized: "c:\\windows\\system32\\drivers\\fvevol.sys")
Region:
id = 1944
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1945
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1946
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1947
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1948
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1949
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1950
start_va = 0x410000
end_va = 0x41afff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "spaceport.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\spaceport.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\spaceport.sys.mui")
Region:
id = 1951
start_va = 0x1580000
end_va = 0x1605fff
monitored = 0
entry_point = 0x15f1000
region_type = mapped_file
name = "spaceport.sys"
filename = "\\Windows\\System32\\drivers\\spaceport.sys" (normalized: "c:\\windows\\system32\\drivers\\spaceport.sys")
Region:
id = 1954
start_va = 0x410000
end_va = 0x41efff
monitored = 0
entry_point = 0x4136e0
region_type = mapped_file
name = "dmvsc.sys"
filename = "\\Windows\\System32\\drivers\\dmvsc.sys" (normalized: "c:\\windows\\system32\\drivers\\dmvsc.sys")
Region:
id = 1955
start_va = 0x420000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dmvsc.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\dmvsc.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\dmvsc.sys.mui")
Region:
id = 1956
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1957
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1958
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1959
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1960
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1961
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1962
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1963
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1964
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1965
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1970
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1971
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1972
start_va = 0x410000
end_va = 0x42afff
monitored = 1
entry_point = 0x411190
region_type = mapped_file
name = "servicemodelperformancecounters.dll"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\ServiceModelPerformanceCounters.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\servicemodelperformancecounters.dll")
Region:
id = 1973
start_va = 0x430000
end_va = 0x43bfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "servicemodelperformancecounters.dll.mui"
filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\en-US\\ServiceModelPerformanceCounters.dll.mui" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\en-us\\servicemodelperformancecounters.dll.mui")
Region:
id = 1974
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1975
start_va = 0x1a40000
end_va = 0x1b4efff
monitored = 0
entry_point = 0x1a7c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1976
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "dosvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\dosvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\dosvc.dll.mui")
Region:
id = 1977
start_va = 0x1a40000
end_va = 0x1b4efff
monitored = 0
entry_point = 0x1a7c010
region_type = mapped_file
name = "dosvc.dll"
filename = "\\Windows\\System32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")
Region:
id = 1978
start_va = 0x410000
end_va = 0x426fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcpip.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui")
Region:
id = 1979
start_va = 0x1a40000
end_va = 0x1c96fff
monitored = 0
entry_point = 0x1c4ce10
region_type = mapped_file
name = "tcpip.sys"
filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys")
Region:
id = 1980
start_va = 0x410000
end_va = 0x426fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "tcpip.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\tcpip.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\tcpip.sys.mui")
Region:
id = 1981
start_va = 0x1a40000
end_va = 0x1c96fff
monitored = 0
entry_point = 0x1c4ce10
region_type = mapped_file
name = "tcpip.sys"
filename = "\\Windows\\System32\\drivers\\tcpip.sys" (normalized: "c:\\windows\\system32\\drivers\\tcpip.sys")
Region:
id = 1982
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1983
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1984
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1985
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1986
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1987
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1988
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1989
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1990
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1991
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1992
start_va = 0x410000
end_va = 0x419fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "http.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\http.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\http.sys.mui")
Region:
id = 1993
start_va = 0x1a40000
end_va = 0x1b50fff
monitored = 0
entry_point = 0x1b31bf0
region_type = mapped_file
name = "http.sys"
filename = "\\Windows\\System32\\drivers\\http.sys" (normalized: "c:\\windows\\system32\\drivers\\http.sys")
Region:
id = 1994
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 1995
start_va = 0x420000
end_va = 0x42dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 1996
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 1997
start_va = 0x420000
end_va = 0x42dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 1998
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\PSEvents.dll" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\psevents.dll")
Region:
id = 1999
start_va = 0x420000
end_va = 0x42dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "psevents.dll.mui"
filename = "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\PSEvents.dll.mui" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\psevents.dll.mui")
Region:
id = 2000
start_va = 0x1a40000
end_va = 0x1c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a40000"
filename = ""
Region:
id = 2001
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 2002
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 2003
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 2004
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 2005
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 2006
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 2007
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 2008
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 2009
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 2010
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 2011
start_va = 0x410000
end_va = 0x421fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "srv2.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\srv2.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\srv2.sys.mui")
Region:
id = 2012
start_va = 0x1580000
end_va = 0x162efff
monitored = 0
entry_point = 0x15f7000
region_type = mapped_file
name = "srv2.sys"
filename = "\\Windows\\System32\\drivers\\srv2.sys" (normalized: "c:\\windows\\system32\\drivers\\srv2.sys")
Region:
id = 2013
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 2014
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 2015
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 2016
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 2017
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 2018
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 2019
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 2020
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 2021
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 2022
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 2023
start_va = 0x410000
end_va = 0x470fff
monitored = 0
entry_point = 0x420770
region_type = mapped_file
name = "usbxhci.sys"
filename = "\\Windows\\System32\\drivers\\USBXHCI.SYS" (normalized: "c:\\windows\\system32\\drivers\\usbxhci.sys")
Region:
id = 2024
start_va = 0x7a0000
end_va = 0x7a3fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "usbxhci.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\USBXHCI.SYS.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\usbxhci.sys.mui")
Region:
id = 2025
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2026
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2027
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2028
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2029
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2030
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2031
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2032
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2033
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2034
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2039
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2040
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2041
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2042
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2043
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2044
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2045
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2046
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2047
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2048
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2049
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2050
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2051
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2052
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2053
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2054
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2055
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2056
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2057
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2058
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2059
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2060
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2061
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2062
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2063
start_va = 0x410000
end_va = 0x420fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ndis.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\ndis.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\ndis.sys.mui")
Region:
id = 2064
start_va = 0x1c40000
end_va = 0x1d5ffff
monitored = 0
entry_point = 0x1d3c040
region_type = mapped_file
name = "ndis.sys"
filename = "\\Windows\\System32\\drivers\\ndis.sys" (normalized: "c:\\windows\\system32\\drivers\\ndis.sys")
Region:
id = 2065
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2066
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2067
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2068
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2069
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2070
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2071
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2072
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2073
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2074
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2075
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2076
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2077
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2078
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2079
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2080
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2081
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2082
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2083
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2084
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2085
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2086
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2087
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2088
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2089
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2090
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2091
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2092
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2093
start_va = 0x410000
end_va = 0x412fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll"
filename = "\\Windows\\System32\\advapi32res.dll" (normalized: "c:\\windows\\system32\\advapi32res.dll")
Region:
id = 2094
start_va = 0x420000
end_va = 0x430fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "advapi32res.dll.mui"
filename = "\\Windows\\System32\\en-US\\advapi32res.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\advapi32res.dll.mui")
Region:
id = 2095
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mrxsmb.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui")
Region:
id = 2096
start_va = 0xf80000
end_va = 0xff1fff
monitored = 0
entry_point = 0xfd7000
region_type = mapped_file
name = "mrxsmb.sys"
filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys")
Region:
id = 2097
start_va = 0x410000
end_va = 0x41ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "mrxsmb.sys.mui"
filename = "\\Windows\\System32\\drivers\\en-US\\mrxsmb.sys.mui" (normalized: "c:\\windows\\system32\\drivers\\en-us\\mrxsmb.sys.mui")
Region:
id = 2098
start_va = 0xf80000
end_va = 0xff1fff
monitored = 0
entry_point = 0xfd7000
region_type = mapped_file
name = "mrxsmb.sys"
filename = "\\Windows\\System32\\drivers\\mrxsmb.sys" (normalized: "c:\\windows\\system32\\drivers\\mrxsmb.sys")
Region:
id = 2099
start_va = 0x7ff87aad0000
end_va = 0x7ff87aaddfff
monitored = 0
entry_point = 0x7ff87aad2b10
region_type = mapped_file
name = "perfos.dll"
filename = "\\Windows\\System32\\perfos.dll" (normalized: "c:\\windows\\system32\\perfos.dll")
Thread:
id = 131
os_tid = 0x12e8
Thread:
id = 132
os_tid = 0xdd0
Thread:
id = 133
os_tid = 0xd74
Thread:
id = 134
os_tid = 0x474
[0209.876] LoadStringW (in: hInstance=0x7ff868ff0000, uID=0x3e, lpBuffer=0x137d6c0, cchBufferMax=256 | out: lpBuffer="Base Board") returned 0xa
[0209.876] lstrlenW (lpString="Dell Inc.") returned 9
[0209.876] lstrlenW (lpString="0G3HR7") returned 6
[0209.876] lstrlenW (lpString="A00") returned 3
[0209.876] lstrlenW (lpString="..XXXXXXXXXXXXX.") returned 16
[0215.106] malloc (_Size=0x600) returned 0xed0e20
[0215.106] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0x0, ReturnedLength=0x137d7f8 | out: Buffer=0x0, ReturnedLength=0x137d7f8) returned 0
[0215.106] GetLastError () returned 0x7a
[0215.106] malloc (_Size=0x250) returned 0xe8d060
[0215.107] GetLogicalProcessorInformationEx (in: RelationshipType=0xffff, Buffer=0xe8d060, ReturnedLength=0x137d7f8 | out: Buffer=0xe8d060, ReturnedLength=0x137d7f8) returned 1
[0215.107] GetActiveProcessorCount (GroupNumber=0xffff) returned 0x4
[0215.107] GetMaximumProcessorGroupCount () returned 0x1
[0215.107] malloc (_Size=0x40) returned 0xecfba0
[0215.107] malloc (_Size=0x40) returned 0xecf790
[0215.107] malloc (_Size=0x8) returned 0xe8cff0
[0215.107] memcpy (in: _Dst=0xecfba0, _Src=0xe8d080, _Size=0x10 | out: _Dst=0xecfba0) returned 0xecfba0
[0215.113] GetActiveProcessorCount (GroupNumber=0x0) returned 0x4
[0215.113] NtPowerInformation (in: InformationLevel=0x2e, InputBuffer=0x137d7f0, InputBufferLength=0x2, OutputBuffer=0xed0e20, OutputBufferLength=0x60 | out: OutputBuffer=0xed0e20) returned 0x0
[0215.113] _vsnwprintf (in: _Buffer=0x137d690, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x137cf88 | out: _Buffer="CPU0") returned 4
[0215.113] GetCurrentThread () returned 0xfffffffffffffffe
[0215.113] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x137cee0, PreviousGroupAffinity=0x137cef0 | out: PreviousGroupAffinity=0x137cef0) returned 1
[0215.115] GetSystemInfo (in: lpSystemInfo=0x137d020 | out: lpSystemInfo=0x137d020*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5507))
[0215.115] mbstowcs (in: _Dest=0x137d2a8, _Source="GenuineIntel", _MaxCount=0x28 | out: _Dest="GenuineIntel") returned 0xc
[0215.115] _wcsicmp (_String1="GenuineIntel", _String2="GenuineIntel") returned 0
[0215.116] mbstowcs (in: _Dest=0x137d118, _Source="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz", _MaxCount=0x28 | out: _Dest="Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz") returned 0x27
[0215.116] GetCurrentThread () returned 0xfffffffffffffffe
[0215.116] SetThreadGroupAffinity (in: hThread=0xfffffffffffffffe, GroupAffinity=0x137cef0, PreviousGroupAffinity=0x0 | out: PreviousGroupAffinity=0x0) returned 1
[0215.117] LoadStringW (in: hInstance=0x7ff868ff0000, uID=0x2c, lpBuffer=0x137ccf0, cchBufferMax=256 | out: lpBuffer="CPU %d") returned 0x6
[0225.796] malloc (_Size=0x34c34) returned 0xed1d50
[0225.898] _wtoi (_String="238") returned 238
[0225.898] _wtoi (_String="6") returned 6
[0225.898] _itow (in: _Dest=0x0, _Radix=20436416 | out: _Dest=0x0) returned="0"
[0225.898] _itow (in: _Dest=0xee, _Radix=20434704 | out: _Dest=0xee) returned="238"
[0225.898] malloc (_Size=0x4000) returned 0xf06990
[0225.898] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xf06990, lpcbData=0x137cee4*=0x4000 | out: lpType=0x0, lpData=0xf06990*=0x50, lpcbData=0x137cee4*=0x600) returned 0x0
[0226.052] free (_Block=0xf06990)
[0226.052] Sleep (dwMilliseconds=0x3e8)
[0227.592] _itow (in: _Dest=0xee, _Radix=20434704 | out: _Dest=0xee) returned="238"
[0227.592] malloc (_Size=0x4000) returned 0xf06990
[0227.592] RegQueryValueExW (in: hKey=0xffffffff80000004, lpValueName="238", lpReserved=0x0, lpType=0x0, lpData=0xf06990, lpcbData=0x137cee4*=0x4000 | out: lpType=0x0, lpData=0xf06990*=0x50, lpcbData=0x137cee4*=0x600) returned 0x0
[0227.906] free (_Block=0xf06990)
[0227.907] free (_Block=0xed1d50)
[0227.913] _vsnwprintf (in: _Buffer=0x137d5c0, _BufferCount=0x40, _Format="%04X%04X%04X%04X", _ArgList=0x137cf88 | out: _Buffer="0F8BFBFF00050657") returned 16
[0227.915] lstrlenW (lpString=" 0") returned 2
[0227.916] lstrlenW (lpString="Intel(R) Xeon(R) Gold 6226 CPU @ 2.70GHz") returned 40
[0227.916] lstrlenW (lpString="") returned 0
[0227.917] lstrlenW (lpString="") returned 0
[0227.917] lstrlenW (lpString="") returned 0
[0227.923] IsProcessorFeaturePresent (ProcessorFeature=0x14) returned 1
[0227.924] IsProcessorFeaturePresent (ProcessorFeature=0x15) returned 1
[0227.926] RtlNumberOfSetBitsUlongPtr (Target=0x1) returned 0x1
[0227.926] RtlNumberOfSetBitsUlongPtr (Target=0x2) returned 0x1
[0227.926] RtlNumberOfSetBitsUlongPtr (Target=0x4) returned 0x1
[0227.926] RtlNumberOfSetBitsUlongPtr (Target=0x8) returned 0x1
[0227.926] _vsnwprintf (in: _Buffer=0x137d880, _BufferCount=0x63, _Format="CPU%d", _ArgList=0x137d7c8 | out: _Buffer="CPU0") returned 4
[0228.235] free (_Block=0xe8cff0)
[0228.235] free (_Block=0xecf790)
[0228.238] free (_Block=0xecfba0)
[0228.239] free (_Block=0xe8d060)
[0228.239] free (_Block=0xed0e20)
[0228.517] RtlAllocateHeap (HeapHandle=0x5a0000, Flags=0x0, Size=0x4) returned 0x6180d0
[0228.518] SetThreadPreferredUILanguages (in: dwFlags=0x8, pwszLanguagesBuffer=0x6180d0, pulNumLanguages=0x137e1c0 | out: pulNumLanguages=0x137e1c0) returned 1
[0228.518] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x6180d0) returned 1
[0228.518] RtlFreeHeap (HeapHandle=0x5a0000, Flags=0x0, BaseAddress=0x5c9360) returned 1
Thread:
id = 135
os_tid = 0xf18
Thread:
id = 136
os_tid = 0xf10
Thread:
id = 137
os_tid = 0xf0c
Thread:
id = 138
os_tid = 0xef8
Thread:
id = 158
os_tid = 0x109c
Process:
id = "10"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x744d7000"
os_pid = "0x364"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "created_scheduled_job"
parent_id = "4"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac30" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2207
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2208
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2209
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2210
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2211
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2212
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2213
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2214
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2215
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2216
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2217
start_va = 0x7ff65d340000
end_va = 0x7ff65d34cfff
monitored = 0
entry_point = 0x7ff65d343980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2218
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2336
start_va = 0x590000
end_va = 0x596fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000590000"
filename = ""
Region:
id = 2337
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 2338
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2339
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2340
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2341
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2342
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2343
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2344
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2345
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2346
start_va = 0x7ffae7fa0000
end_va = 0x7ffae8093fff
monitored = 0
entry_point = 0x7ffae7faa960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2347
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2348
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2349
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2350
start_va = 0x700000
end_va = 0x866fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2351
start_va = 0x870000
end_va = 0xa6ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 2352
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 2353
start_va = 0x480000
end_va = 0x55cfff
monitored = 0
entry_point = 0x4de0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2354
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2355
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2356
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2357
start_va = 0x480000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 2358
start_va = 0xa00000
end_va = 0xb87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 2359
start_va = 0xb90000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 2360
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2361
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 2362
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2363
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2364
start_va = 0xd20000
end_va = 0x111afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d20000"
filename = ""
Region:
id = 2365
start_va = 0x700000
end_va = 0x806fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2366
start_va = 0x860000
end_va = 0x866fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000860000"
filename = ""
Region:
id = 2367
start_va = 0x1120000
end_va = 0x131ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 2368
start_va = 0x1200000
end_va = 0x12fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001200000"
filename = ""
Region:
id = 2369
start_va = 0x700000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2370
start_va = 0x800000
end_va = 0x806fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000800000"
filename = ""
Region:
id = 2371
start_va = 0x7ffae3c30000
end_va = 0x7ffae3c47fff
monitored = 0
entry_point = 0x7ffae3c35910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2372
start_va = 0x7ffae3c50000
end_va = 0x7ffae3d9cfff
monitored = 0
entry_point = 0x7ffae3c93da0
region_type = mapped_file
name = "gpsvc.dll"
filename = "\\Windows\\System32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")
Region:
id = 2373
start_va = 0x7ffae7ab0000
end_va = 0x7ffae7abbfff
monitored = 0
entry_point = 0x7ffae7ab2480
region_type = mapped_file
name = "sysntfy.dll"
filename = "\\Windows\\System32\\sysntfy.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")
Region:
id = 2374
start_va = 0x7ffae3c20000
end_va = 0x7ffae3c29fff
monitored = 0
entry_point = 0x7ffae3c21660
region_type = mapped_file
name = "dsrole.dll"
filename = "\\Windows\\System32\\dsrole.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")
Region:
id = 2375
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2376
start_va = 0x1300000
end_va = 0x1442fff
monitored = 0
entry_point = 0x1328210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2377
start_va = 0x1120000
end_va = 0x11f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 2378
start_va = 0x1300000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 2379
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 2380
start_va = 0x1400000
end_va = 0x1736fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2381
start_va = 0x1740000
end_va = 0x183ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001740000"
filename = ""
Region:
id = 2382
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2383
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2384
start_va = 0x540000
end_va = 0x540fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000540000"
filename = ""
Region:
id = 2385
start_va = 0x7ffae3a30000
end_va = 0x7ffae3aeefff
monitored = 0
entry_point = 0x7ffae3a51c50
region_type = mapped_file
name = "taskschd.dll"
filename = "\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")
Region:
id = 2386
start_va = 0x1840000
end_va = 0x193ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001840000"
filename = ""
Region:
id = 2387
start_va = 0x1940000
end_va = 0x1a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001940000"
filename = ""
Region:
id = 2388
start_va = 0x1a40000
end_va = 0x1b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001a40000"
filename = ""
Region:
id = 2389
start_va = 0x7ffae3480000
end_va = 0x7ffae357bfff
monitored = 0
entry_point = 0x7ffae34b6df0
region_type = mapped_file
name = "schedsvc.dll"
filename = "\\Windows\\System32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")
Region:
id = 2390
start_va = 0x7ffae3430000
end_va = 0x7ffae3470fff
monitored = 0
entry_point = 0x7ffae3447eb0
region_type = mapped_file
name = "ubpm.dll"
filename = "\\Windows\\System32\\ubpm.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")
Region:
id = 2391
start_va = 0x7ffae8c70000
end_va = 0x7ffae8c88fff
monitored = 0
entry_point = 0x7ffae8c75e10
region_type = mapped_file
name = "eventaggregation.dll"
filename = "\\Windows\\System32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")
Region:
id = 2392
start_va = 0x550000
end_va = 0x556fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 2393
start_va = 0x1b40000
end_va = 0x1d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 2394
start_va = 0x1c00000
end_va = 0x1cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001c00000"
filename = ""
Region:
id = 2395
start_va = 0x7ffae80a0000
end_va = 0x7ffae80e8fff
monitored = 0
entry_point = 0x7ffae80aa090
region_type = mapped_file
name = "authz.dll"
filename = "\\Windows\\System32\\authz.dll" (normalized: "c:\\windows\\system32\\authz.dll")
Region:
id = 2396
start_va = 0x7ffae8e20000
end_va = 0x7ffae8e6afff
monitored = 0
entry_point = 0x7ffae8e235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2397
start_va = 0x7ffae30f0000
end_va = 0x7ffae3100fff
monitored = 0
entry_point = 0x7ffae30f3320
region_type = mapped_file
name = "wmiclnt.dll"
filename = "\\Windows\\System32\\wmiclnt.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")
Region:
id = 2398
start_va = 0x7ffae8ae0000
end_va = 0x7ffae8b0cfff
monitored = 0
entry_point = 0x7ffae8af9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2399
start_va = 0x560000
end_va = 0x560fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000560000"
filename = ""
Region:
id = 2400
start_va = 0x7ffae8c90000
end_va = 0x7ffae8cb8fff
monitored = 0
entry_point = 0x7ffae8ca4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2401
start_va = 0x700000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2402
start_va = 0x1d00000
end_va = 0x1dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001d00000"
filename = ""
Region:
id = 2403
start_va = 0x7ffae3000000
end_va = 0x7ffae306dfff
monitored = 0
entry_point = 0x7ffae3007f60
region_type = mapped_file
name = "taskcomp.dll"
filename = "\\Windows\\System32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")
Region:
id = 2404
start_va = 0x7ffae82f0000
end_va = 0x7ffae8320fff
monitored = 0
entry_point = 0x7ffae82f7d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2405
start_va = 0x1e00000
end_va = 0x1efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e00000"
filename = ""
Region:
id = 2406
start_va = 0x7ffae2fb0000
end_va = 0x7ffae2ff1fff
monitored = 0
entry_point = 0x7ffae2fb27d0
region_type = mapped_file
name = "mstask.dll"
filename = "\\Windows\\System32\\mstask.dll" (normalized: "c:\\windows\\system32\\mstask.dll")
Region:
id = 2407
start_va = 0x780000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 2408
start_va = 0x560000
end_va = 0x561fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000560000"
filename = ""
Region:
id = 2409
start_va = 0x1f00000
end_va = 0x1ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f00000"
filename = ""
Region:
id = 2410
start_va = 0x870000
end_va = 0x8effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000870000"
filename = ""
Region:
id = 2411
start_va = 0x2000000
end_va = 0x20fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002000000"
filename = ""
Region:
id = 2412
start_va = 0x7ffae2f50000
end_va = 0x7ffae2fa4fff
monitored = 0
entry_point = 0x7ffae2f5fc00
region_type = mapped_file
name = "profsvc.dll"
filename = "\\Windows\\System32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")
Region:
id = 2413
start_va = 0x7ffae8e70000
end_va = 0x7ffae8e83fff
monitored = 0
entry_point = 0x7ffae8e752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2414
start_va = 0x7ffae2f20000
end_va = 0x7ffae2f46fff
monitored = 0
entry_point = 0x7ffae2f23bf0
region_type = mapped_file
name = "profsvcext.dll"
filename = "\\Windows\\System32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")
Region:
id = 2415
start_va = 0x7ffae9c90000
end_va = 0x7ffae9cebfff
monitored = 0
entry_point = 0x7ffae9cab720
region_type = mapped_file
name = "wldap32.dll"
filename = "\\Windows\\System32\\Wldap32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")
Region:
id = 2416
start_va = 0x7ffae9d50000
end_va = 0x7ffaeb2aefff
monitored = 0
entry_point = 0x7ffae9eb11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2417
start_va = 0x7ffae9360000
end_va = 0x7ffae93a2fff
monitored = 0
entry_point = 0x7ffae9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2418
start_va = 0x7ffae94d0000
end_va = 0x7ffae9b13fff
monitored = 0
entry_point = 0x7ffae96964b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2419
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2420
start_va = 0x7ffae9cf0000
end_va = 0x7ffae9d41fff
monitored = 0
entry_point = 0x7ffae9cff530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2421
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2422
start_va = 0x7ffae8560000
end_va = 0x7ffae857efff
monitored = 0
entry_point = 0x7ffae8565d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2423
start_va = 0x7ffae8210000
end_va = 0x7ffae821bfff
monitored = 0
entry_point = 0x7ffae82127e0
region_type = mapped_file
name = "netutils.dll"
filename = "\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")
Region:
id = 2424
start_va = 0x7ffae2ee0000
end_va = 0x7ffae2f1dfff
monitored = 0
entry_point = 0x7ffae2eea050
region_type = mapped_file
name = "logoncli.dll"
filename = "\\Windows\\System32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")
Region:
id = 2425
start_va = 0x2100000
end_va = 0x21dcfff
monitored = 0
entry_point = 0x215e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2426
start_va = 0x7ffae2eb0000
end_va = 0x7ffae2edefff
monitored = 0
entry_point = 0x7ffae2eb8910
region_type = mapped_file
name = "wptaskscheduler.dll"
filename = "\\Windows\\System32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")
Region:
id = 2427
start_va = 0x7ffae2ea0000
end_va = 0x7ffae2eacfff
monitored = 0
entry_point = 0x7ffae2ea2ca0
region_type = mapped_file
name = "csystemeventsbrokerclient.dll"
filename = "\\Windows\\System32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")
Region:
id = 2428
start_va = 0x1120000
end_va = 0x119ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 2429
start_va = 0x11f0000
end_va = 0x11f6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000011f0000"
filename = ""
Region:
id = 2430
start_va = 0x7ffaec660000
end_va = 0x7ffaec6cafff
monitored = 0
entry_point = 0x7ffaec6790c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2431
start_va = 0x7ffae86d0000
end_va = 0x7ffae872bfff
monitored = 0
entry_point = 0x7ffae86e6f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 2432
start_va = 0x2100000
end_va = 0x21fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002100000"
filename = ""
Region:
id = 2433
start_va = 0x2200000
end_va = 0x22fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002200000"
filename = ""
Region:
id = 2434
start_va = 0x7ffae2e90000
end_va = 0x7ffae2e9afff
monitored = 0
entry_point = 0x7ffae2e91770
region_type = mapped_file
name = "lfsvc.dll"
filename = "\\Windows\\System32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")
Region:
id = 2435
start_va = 0x7ffae3310000
end_va = 0x7ffae33a1fff
monitored = 0
entry_point = 0x7ffae335a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2436
start_va = 0x7ffae2d10000
end_va = 0x7ffae2e8bfff
monitored = 0
entry_point = 0x7ffae2d61650
region_type = mapped_file
name = "locationframework.dll"
filename = "\\Windows\\System32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")
Region:
id = 2437
start_va = 0x7ffae8fa0000
end_va = 0x7ffae9166fff
monitored = 0
entry_point = 0x7ffae8ffdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2438
start_va = 0x7ffae8e10000
end_va = 0x7ffae8e1ffff
monitored = 0
entry_point = 0x7ffae8e156e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2439
start_va = 0x7ffae6150000
end_va = 0x7ffae618ffff
monitored = 0
entry_point = 0x7ffae6161960
region_type = mapped_file
name = "brokerlib.dll"
filename = "\\Windows\\System32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")
Region:
id = 2440
start_va = 0x7ffae2ca0000
end_va = 0x7ffae2d00fff
monitored = 0
entry_point = 0x7ffae2ca4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 2441
start_va = 0x2300000
end_va = 0x23fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002300000"
filename = ""
Region:
id = 2442
start_va = 0x7ffae3b20000
end_va = 0x7ffae3b55fff
monitored = 0
entry_point = 0x7ffae3b30070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2443
start_va = 0x7ffae2bd0000
end_va = 0x7ffae2c97fff
monitored = 0
entry_point = 0x7ffae2c113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 2444
start_va = 0x7ffae7e00000
end_va = 0x7ffae7e23fff
monitored = 0
entry_point = 0x7ffae7e03260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 2445
start_va = 0x7ffae2ae0000
end_va = 0x7ffae2bc5fff
monitored = 0
entry_point = 0x7ffae2afcf10
region_type = mapped_file
name = "usermgr.dll"
filename = "\\Windows\\System32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")
Region:
id = 2446
start_va = 0x7ffae4ad0000
end_va = 0x7ffae4c05fff
monitored = 0
entry_point = 0x7ffae4aff350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2447
start_va = 0x570000
end_va = 0x570fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 2448
start_va = 0x580000
end_va = 0x580fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2449
start_va = 0x2400000
end_va = 0x24fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002400000"
filename = ""
Region:
id = 2450
start_va = 0x580000
end_va = 0x580fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000580000"
filename = ""
Region:
id = 2451
start_va = 0x7ffae32c0000
end_va = 0x7ffae32cffff
monitored = 0
entry_point = 0x7ffae32c2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2452
start_va = 0x7ffae2550000
end_va = 0x7ffae255bfff
monitored = 0
entry_point = 0x7ffae25514d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2453
start_va = 0x2500000
end_va = 0x25fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002500000"
filename = ""
Region:
id = 2454
start_va = 0x7ffae75f0000
end_va = 0x7ffae7602fff
monitored = 0
entry_point = 0x7ffae75f2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2455
start_va = 0x7ffae89a0000
end_va = 0x7ffae89f5fff
monitored = 0
entry_point = 0x7ffae89b0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2456
start_va = 0x7ffae2370000
end_va = 0x7ffae23b0fff
monitored = 0
entry_point = 0x7ffae2374840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2458
start_va = 0x7ffae2350000
end_va = 0x7ffae236ffff
monitored = 0
entry_point = 0x7ffae23539a0
region_type = mapped_file
name = "locationwinpalmisc.dll"
filename = "\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")
Region:
id = 2459
start_va = 0x7ffae7a80000
end_va = 0x7ffae7aa6fff
monitored = 0
entry_point = 0x7ffae7a87940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2460
start_va = 0x580000
end_va = 0x580fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000580000"
filename = ""
Region:
id = 2461
start_va = 0x7ffae2310000
end_va = 0x7ffae2346fff
monitored = 0
entry_point = 0x7ffae2316020
region_type = mapped_file
name = "gnssadapter.dll"
filename = "\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")
Region:
id = 2462
start_va = 0x7ffae22b0000
end_va = 0x7ffae2304fff
monitored = 0
entry_point = 0x7ffae22b3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 2463
start_va = 0x7ffae3580000
end_va = 0x7ffae358bfff
monitored = 0
entry_point = 0x7ffae3582830
region_type = mapped_file
name = "bi.dll"
filename = "\\Windows\\System32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")
Region:
id = 2464
start_va = 0x5a0000
end_va = 0x5a0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005a0000"
filename = ""
Region:
id = 2469
start_va = 0x7ffae2190000
end_va = 0x7ffae21a9fff
monitored = 0
entry_point = 0x7ffae2192cf0
region_type = mapped_file
name = "locationpelegacywinlocation.dll"
filename = "\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")
Region:
id = 2470
start_va = 0x7ffaec470000
end_va = 0x7ffaec5b2fff
monitored = 0
entry_point = 0x7ffaec498210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2471
start_va = 0x2600000
end_va = 0x26fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002600000"
filename = ""
Region:
id = 2472
start_va = 0x7ffae1ec0000
end_va = 0x7ffae1ed2fff
monitored = 0
entry_point = 0x7ffae1ec57f0
region_type = mapped_file
name = "themeservice.dll"
filename = "\\Windows\\System32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")
Region:
id = 2473
start_va = 0x7ffae1ea0000
end_va = 0x7ffae1eb0fff
monitored = 0
entry_point = 0x7ffae1ea7ea0
region_type = mapped_file
name = "dcpapi.dll"
filename = "\\Windows\\System32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")
Region:
id = 2474
start_va = 0x7ffae1e70000
end_va = 0x7ffae1e94fff
monitored = 0
entry_point = 0x7ffae1e82f20
region_type = mapped_file
name = "wificonnapi.dll"
filename = "\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")
Region:
id = 2475
start_va = 0x7ffae2490000
end_va = 0x7ffae24a5fff
monitored = 0
entry_point = 0x7ffae2491b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 2476
start_va = 0x7ffae1e30000
end_va = 0x7ffae1e68fff
monitored = 0
entry_point = 0x7ffae1e39c90
region_type = mapped_file
name = "aepic.dll"
filename = "\\Windows\\System32\\aepic.dll" (normalized: "c:\\windows\\system32\\aepic.dll")
Region:
id = 2477
start_va = 0x7ffae1e10000
end_va = 0x7ffae1e20fff
monitored = 0
entry_point = 0x7ffae1e13e10
region_type = mapped_file
name = "sfc_os.dll"
filename = "\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")
Region:
id = 2478
start_va = 0x7ffae4740000
end_va = 0x7ffae4ac1fff
monitored = 0
entry_point = 0x7ffae4791220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 2479
start_va = 0x7ffae6110000
end_va = 0x7ffae6117fff
monitored = 0
entry_point = 0x7ffae61113e0
region_type = mapped_file
name = "dabapi.dll"
filename = "\\Windows\\System32\\dabapi.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")
Region:
id = 2480
start_va = 0x5a0000
end_va = 0x5a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 2481
start_va = 0x7ffae1db0000
end_va = 0x7ffae1e60fff
monitored = 0
entry_point = 0x7ffae1e288b0
region_type = mapped_file
name = "cellularapi.dll"
filename = "\\Windows\\System32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")
Region:
id = 2482
start_va = 0x7ffae1d90000
end_va = 0x7ffae1da1fff
monitored = 0
entry_point = 0x7ffae1d99260
region_type = mapped_file
name = "rilproxy.dll"
filename = "\\Windows\\System32\\rilproxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")
Region:
id = 2483
start_va = 0x7ffae1ce0000
end_va = 0x7ffae1d8dfff
monitored = 0
entry_point = 0x7ffae1cf80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 2484
start_va = 0x2700000
end_va = 0x27fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002700000"
filename = ""
Region:
id = 2485
start_va = 0x2800000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2486
start_va = 0x2900000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 2487
start_va = 0x2900000
end_va = 0x29fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 2488
start_va = 0x7ffae1cc0000
end_va = 0x7ffae1cd6fff
monitored = 0
entry_point = 0x7ffae1cc5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2489
start_va = 0x7ffae2460000
end_va = 0x7ffae248dfff
monitored = 0
entry_point = 0x7ffae2467550
region_type = mapped_file
name = "netjoin.dll"
filename = "\\Windows\\System32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")
Region:
id = 2490
start_va = 0x7ffae88e0000
end_va = 0x7ffae8900fff
monitored = 0
entry_point = 0x7ffae88f0250
region_type = mapped_file
name = "joinutil.dll"
filename = "\\Windows\\System32\\joinutil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")
Region:
id = 2491
start_va = 0x5a0000
end_va = 0x5a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005a0000"
filename = ""
Region:
id = 2492
start_va = 0x7ffae1ee0000
end_va = 0x7ffae1f43fff
monitored = 0
entry_point = 0x7ffae1ef5ae0
region_type = mapped_file
name = "wevtapi.dll"
filename = "\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")
Region:
id = 2493
start_va = 0x7ffae75b0000
end_va = 0x7ffae75e1fff
monitored = 0
entry_point = 0x7ffae75bb0c0
region_type = mapped_file
name = "shacct.dll"
filename = "\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")
Region:
id = 2494
start_va = 0x7ffae7590000
end_va = 0x7ffae75abfff
monitored = 0
entry_point = 0x7ffae75937a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2495
start_va = 0x7ffae1c20000
end_va = 0x7ffae1cbafff
monitored = 0
entry_point = 0x7ffae1c27220
region_type = mapped_file
name = "settingsync.dll"
filename = "\\Windows\\System32\\SettingSync.dll" (normalized: "c:\\windows\\system32\\settingsync.dll")
Region:
id = 2496
start_va = 0x5b0000
end_va = 0x5b1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 2497
start_va = 0x2200000
end_va = 0x22dffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2500
start_va = 0x2a00000
end_va = 0x2afffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a00000"
filename = ""
Region:
id = 2501
start_va = 0x7ffae1a40000
end_va = 0x7ffae1a50fff
monitored = 0
entry_point = 0x7ffae1a428d0
region_type = mapped_file
name = "credentialmigrationhandler.dll"
filename = "\\Windows\\System32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")
Region:
id = 2502
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 2503
start_va = 0x7ffae1f50000
end_va = 0x7ffae1fc9fff
monitored = 0
entry_point = 0x7ffae1f77630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2504
start_va = 0x5c0000
end_va = 0x5c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 2582
start_va = 0x7ffae8cc0000
end_va = 0x7ffae8d58fff
monitored = 0
entry_point = 0x7ffae8cef4e0
region_type = mapped_file
name = "sxs.dll"
filename = "\\Windows\\System32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")
Region:
id = 2583
start_va = 0x5c0000
end_va = 0x5c1fff
monitored = 0
entry_point = 0x5c5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2584
start_va = 0x5d0000
end_va = 0x5d4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2585
start_va = 0x2c00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 2586
start_va = 0x2c00000
end_va = 0x2cfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002c00000"
filename = ""
Region:
id = 2587
start_va = 0x1b40000
end_va = 0x1bbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001b40000"
filename = ""
Region:
id = 2588
start_va = 0x2800000
end_va = 0x287ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2639
start_va = 0x2b00000
end_va = 0x2bfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b00000"
filename = ""
Region:
id = 2647
start_va = 0x7ffae1180000
end_va = 0x7ffae1219fff
monitored = 0
entry_point = 0x7ffae119ada0
region_type = mapped_file
name = "shsvcs.dll"
filename = "\\Windows\\System32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")
Region:
id = 2651
start_va = 0x7ffae7400000
end_va = 0x7ffae7585fff
monitored = 0
entry_point = 0x7ffae744d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2652
start_va = 0x5c0000
end_va = 0x5c3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2653
start_va = 0x810000
end_va = 0x854fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 2654
start_va = 0x5d0000
end_va = 0x5d3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2655
start_va = 0x1940000
end_va = 0x19cdfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 2681
start_va = 0x2880000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 2685
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 2693
start_va = 0x2d00000
end_va = 0x2dfffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 2698
start_va = 0x5e0000
end_va = 0x5e1fff
monitored = 0
entry_point = 0x5e5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2699
start_va = 0x5f0000
end_va = 0x5f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2700
start_va = 0x5e0000
end_va = 0x5e1fff
monitored = 0
entry_point = 0x5e5630
region_type = mapped_file
name = "sens.dll"
filename = "\\Windows\\System32\\Sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")
Region:
id = 2701
start_va = 0x5f0000
end_va = 0x5f4fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "stdole2.tlb"
filename = "\\Windows\\System32\\stdole2.tlb" (normalized: "c:\\windows\\system32\\stdole2.tlb")
Region:
id = 2745
start_va = 0x7ffae21b0000
end_va = 0x7ffae226ffff
monitored = 0
entry_point = 0x7ffae21dfd20
region_type = mapped_file
name = "fveapi.dll"
filename = "\\Windows\\System32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")
Region:
id = 2746
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005e0000"
filename = ""
Region:
id = 2753
start_va = 0x7ffae0a20000
end_va = 0x7ffae0a2dfff
monitored = 0
entry_point = 0x7ffae0a21460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2755
start_va = 0x2e00000
end_va = 0x2efffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e00000"
filename = ""
Region:
id = 2758
start_va = 0x7ffae09c0000
end_va = 0x7ffae0a11fff
monitored = 0
entry_point = 0x7ffae09c38e0
region_type = mapped_file
name = "proximityservice.dll"
filename = "\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")
Region:
id = 2759
start_va = 0x7ffae0990000
end_va = 0x7ffae09bcfff
monitored = 0
entry_point = 0x7ffae0992290
region_type = mapped_file
name = "proximitycommon.dll"
filename = "\\Windows\\System32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")
Region:
id = 2760
start_va = 0x7ffae0980000
end_va = 0x7ffae0988fff
monitored = 0
entry_point = 0x7ffae0981ed0
region_type = mapped_file
name = "proximitycommonpal.dll"
filename = "\\Windows\\System32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")
Region:
id = 2761
start_va = 0x7ffae2270000
end_va = 0x7ffae22a7fff
monitored = 0
entry_point = 0x7ffae2288cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2762
start_va = 0x7ffae0970000
end_va = 0x7ffae097ffff
monitored = 0
entry_point = 0x7ffae0971700
region_type = mapped_file
name = "proximityservicepal.dll"
filename = "\\Windows\\System32\\ProximityServicePal.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")
Region:
id = 2763
start_va = 0x7ffae8e90000
end_va = 0x7ffae8f15fff
monitored = 0
entry_point = 0x7ffae8e9d8f0
region_type = mapped_file
name = "firewallapi.dll"
filename = "\\Windows\\System32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")
Region:
id = 2764
start_va = 0x7ffae7c80000
end_va = 0x7ffae7cb1fff
monitored = 0
entry_point = 0x7ffae7c92340
region_type = mapped_file
name = "fwbase.dll"
filename = "\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")
Region:
id = 2766
start_va = 0x7ffae0e80000
end_va = 0x7ffae0ec3fff
monitored = 0
entry_point = 0x7ffae0e8c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2767
start_va = 0x7ffae6ed0000
end_va = 0x7ffae6f8dfff
monitored = 0
entry_point = 0x7ffae6f12d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2794
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 2813
start_va = 0x7ffae65c0000
end_va = 0x7ffae6a52fff
monitored = 0
entry_point = 0x7ffae65cf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2831
start_va = 0x7ffae7df0000
end_va = 0x7ffae7dfbfff
monitored = 0
entry_point = 0x7ffae7df2790
region_type = mapped_file
name = "hid.dll"
filename = "\\Windows\\System32\\hid.dll" (normalized: "c:\\windows\\system32\\hid.dll")
Region:
id = 3066
start_va = 0x2d00000
end_va = 0x2d7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002d00000"
filename = ""
Region:
id = 3088
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 3294
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Thread:
id = 159
os_tid = 0x368
Thread:
id = 160
os_tid = 0x388
Thread:
id = 161
os_tid = 0x3d0
Thread:
id = 162
os_tid = 0x11c
Thread:
id = 163
os_tid = 0x140
Thread:
id = 164
os_tid = 0x144
Thread:
id = 165
os_tid = 0x184
Thread:
id = 166
os_tid = 0x188
Thread:
id = 167
os_tid = 0x170
Thread:
id = 168
os_tid = 0x16c
Thread:
id = 169
os_tid = 0x1cc
Thread:
id = 170
os_tid = 0x1b8
Thread:
id = 171
os_tid = 0x1b4
Thread:
id = 172
os_tid = 0x268
Thread:
id = 173
os_tid = 0x26c
Thread:
id = 174
os_tid = 0x264
Thread:
id = 175
os_tid = 0x168
Thread:
id = 176
os_tid = 0x288
Thread:
id = 177
os_tid = 0x2d4
Thread:
id = 178
os_tid = 0x2f0
Thread:
id = 179
os_tid = 0x8
Thread:
id = 180
os_tid = 0x428
Thread:
id = 181
os_tid = 0x42c
Thread:
id = 182
os_tid = 0x474
Thread:
id = 183
os_tid = 0x490
Thread:
id = 198
os_tid = 0x504
Thread:
id = 202
os_tid = 0x4c8
Thread:
id = 203
os_tid = 0x4c4
Thread:
id = 204
os_tid = 0x530
Thread:
id = 207
os_tid = 0x544
Thread:
id = 221
os_tid = 0x5c4
Thread:
id = 249
os_tid = 0x6e0
Process:
id = "11"
image_name = "svchost.exe"
filename = "c:\\windows\\system32\\svchost.exe"
page_root = "0x6f629000"
os_pid = "0x3bc"
os_integrity_level = "0x4000"
os_privileges = "0x60800000"
monitor_reason = "rpc_server"
parent_id = "10"
os_parent_pid = "0x214"
cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\Local Service"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xe], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cb12" [0xc000000f], "LOCAL" [0x7]
Region:
id = 2505
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2506
start_va = 0x20000
end_va = 0x21fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000020000"
filename = ""
Region:
id = 2507
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2508
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2509
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2510
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2511
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2512
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2513
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 2514
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2515
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001e0000"
filename = ""
Region:
id = 2516
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2517
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2518
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2519
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000480000"
filename = ""
Region:
id = 2520
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 2521
start_va = 0x4a0000
end_va = 0x4e8fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-system.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-System.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-system.dat")
Region:
id = 2522
start_va = 0x510000
end_va = 0x516fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000510000"
filename = ""
Region:
id = 2523
start_va = 0x520000
end_va = 0x5dffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 2524
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 2525
start_va = 0x700000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 2526
start_va = 0x810000
end_va = 0x816fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000810000"
filename = ""
Region:
id = 2527
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 2528
start_va = 0xa00000
end_va = 0xb87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 2529
start_va = 0xb90000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 2530
start_va = 0xd20000
end_va = 0x111afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d20000"
filename = ""
Region:
id = 2531
start_va = 0x1120000
end_va = 0x121ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001120000"
filename = ""
Region:
id = 2532
start_va = 0x1260000
end_va = 0x1266fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001260000"
filename = ""
Region:
id = 2533
start_va = 0x1300000
end_va = 0x13fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001300000"
filename = ""
Region:
id = 2534
start_va = 0x1400000
end_va = 0x14fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001400000"
filename = ""
Region:
id = 2535
start_va = 0x1500000
end_va = 0x15fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001500000"
filename = ""
Region:
id = 2536
start_va = 0x1600000
end_va = 0x16fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001600000"
filename = ""
Region:
id = 2537
start_va = 0x1700000
end_va = 0x17fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001700000"
filename = ""
Region:
id = 2538
start_va = 0x1800000
end_va = 0x18fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001800000"
filename = ""
Region:
id = 2539
start_va = 0x1900000
end_va = 0x19fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001900000"
filename = ""
Region:
id = 2540
start_va = 0x1a00000
end_va = 0x29fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-fontface.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-FontFace.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-fontface.dat")
Region:
id = 2541
start_va = 0x2a00000
end_va = 0x2d36fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2542
start_va = 0x2d40000
end_va = 0x353ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "~fontcache-s-1-5-18.dat"
filename = "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\FontCache\\~FontCache-S-1-5-18.dat" (normalized: "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\fontcache\\~fontcache-s-1-5-18.dat")
Region:
id = 2543
start_va = 0x3640000
end_va = 0x373ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003640000"
filename = ""
Region:
id = 2544
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2545
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2546
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2547
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2548
start_va = 0x7ff65d340000
end_va = 0x7ff65d34cfff
monitored = 0
entry_point = 0x7ff65d343980
region_type = mapped_file
name = "svchost.exe"
filename = "\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")
Region:
id = 2549
start_va = 0x7ffae1b20000
end_va = 0x7ffae1b2cfff
monitored = 0
entry_point = 0x7ffae1b22650
region_type = mapped_file
name = "nsisvc.dll"
filename = "\\Windows\\System32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")
Region:
id = 2550
start_va = 0x7ffae1f50000
end_va = 0x7ffae1fc9fff
monitored = 0
entry_point = 0x7ffae1f77630
region_type = mapped_file
name = "es.dll"
filename = "\\Windows\\System32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")
Region:
id = 2551
start_va = 0x7ffae2550000
end_va = 0x7ffae255bfff
monitored = 0
entry_point = 0x7ffae25514d0
region_type = mapped_file
name = "locationframeworkps.dll"
filename = "\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")
Region:
id = 2552
start_va = 0x7ffae3070000
end_va = 0x7ffae3098fff
monitored = 0
entry_point = 0x7ffae30824d0
region_type = mapped_file
name = "fontprovider.dll"
filename = "\\Windows\\System32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")
Region:
id = 2553
start_va = 0x7ffae30a0000
end_va = 0x7ffae30e9fff
monitored = 0
entry_point = 0x7ffae30aac30
region_type = mapped_file
name = "deviceaccess.dll"
filename = "\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")
Region:
id = 2554
start_va = 0x7ffae3110000
end_va = 0x7ffae32b1fff
monitored = 0
entry_point = 0x7ffae315c2d0
region_type = mapped_file
name = "fntcache.dll"
filename = "\\Windows\\System32\\FntCache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")
Region:
id = 2555
start_va = 0x7ffae32d0000
end_va = 0x7ffae3302fff
monitored = 0
entry_point = 0x7ffae32dd5a0
region_type = mapped_file
name = "biwinrt.dll"
filename = "\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")
Region:
id = 2556
start_va = 0x7ffae3310000
end_va = 0x7ffae33a1fff
monitored = 0
entry_point = 0x7ffae335a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2557
start_va = 0x7ffae33b0000
end_va = 0x7ffae3428fff
monitored = 0
entry_point = 0x7ffae33c7800
region_type = mapped_file
name = "geolocation.dll"
filename = "\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")
Region:
id = 2558
start_va = 0x7ffae3590000
end_va = 0x7ffae35a9fff
monitored = 0
entry_point = 0x7ffae359b670
region_type = mapped_file
name = "tzautoupdate.dll"
filename = "\\Windows\\System32\\tzautoupdate.dll" (normalized: "c:\\windows\\system32\\tzautoupdate.dll")
Region:
id = 2559
start_va = 0x7ffae3b20000
end_va = 0x7ffae3b55fff
monitored = 0
entry_point = 0x7ffae3b30070
region_type = mapped_file
name = "xmllite.dll"
filename = "\\Windows\\System32\\xmllite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")
Region:
id = 2560
start_va = 0x7ffae78d0000
end_va = 0x7ffae79cffff
monitored = 0
entry_point = 0x7ffae7910f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2561
start_va = 0x7ffae7fa0000
end_va = 0x7ffae8093fff
monitored = 0
entry_point = 0x7ffae7faa960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 2562
start_va = 0x7ffae8560000
end_va = 0x7ffae857efff
monitored = 0
entry_point = 0x7ffae8565d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2563
start_va = 0x7ffae8c90000
end_va = 0x7ffae8cb8fff
monitored = 0
entry_point = 0x7ffae8ca4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2564
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2565
start_va = 0x7ffae8e70000
end_va = 0x7ffae8e83fff
monitored = 0
entry_point = 0x7ffae8e752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2566
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2567
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2568
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2569
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2570
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2571
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2572
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2573
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2574
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2575
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2576
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2577
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2578
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2579
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2580
start_va = 0x3740000
end_va = 0x383ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003740000"
filename = ""
Region:
id = 2581
start_va = 0x7ffaec330000
end_va = 0x7ffaec337fff
monitored = 0
entry_point = 0x7ffaec331ea0
region_type = mapped_file
name = "nsi.dll"
filename = "\\Windows\\System32\\nsi.dll" (normalized: "c:\\windows\\system32\\nsi.dll")
Region:
id = 2715
start_va = 0x3840000
end_va = 0x393ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003840000"
filename = ""
Region:
id = 2716
start_va = 0x7ffae0ed0000
end_va = 0x7ffae0f5afff
monitored = 0
entry_point = 0x7ffae0eed2a0
region_type = mapped_file
name = "netprofmsvc.dll"
filename = "\\Windows\\System32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")
Region:
id = 2717
start_va = 0x7ffae3c30000
end_va = 0x7ffae3c47fff
monitored = 0
entry_point = 0x7ffae3c35910
region_type = mapped_file
name = "nlaapi.dll"
filename = "\\Windows\\System32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")
Region:
id = 2743
start_va = 0x3940000
end_va = 0x3a3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003940000"
filename = ""
Region:
id = 2747
start_va = 0x4f0000
end_va = 0x4f1fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netprofmsvc.dll.mui"
filename = "\\Windows\\System32\\en-US\\netprofmsvc.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\netprofmsvc.dll.mui")
Region:
id = 2748
start_va = 0x3a40000
end_va = 0x3b3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003a40000"
filename = ""
Region:
id = 2749
start_va = 0x3b40000
end_va = 0x3c3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003b40000"
filename = ""
Region:
id = 2750
start_va = 0x3c40000
end_va = 0x3d3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c40000"
filename = ""
Region:
id = 2751
start_va = 0x3d40000
end_va = 0x3e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003d40000"
filename = ""
Region:
id = 2752
start_va = 0x7ffae0a20000
end_va = 0x7ffae0a2dfff
monitored = 0
entry_point = 0x7ffae0a21460
region_type = mapped_file
name = "npmproxy.dll"
filename = "\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")
Region:
id = 2754
start_va = 0x7ffaec470000
end_va = 0x7ffaec5b2fff
monitored = 0
entry_point = 0x7ffaec498210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2757
start_va = 0x780000
end_va = 0x7adfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000780000"
filename = ""
Region:
id = 2769
start_va = 0x820000
end_va = 0x8fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2770
start_va = 0x7ffae0870000
end_va = 0x7ffae0883fff
monitored = 0
entry_point = 0x7ffae0871a50
region_type = mapped_file
name = "wlanradiomanager.dll"
filename = "\\Windows\\System32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll")
Region:
id = 2774
start_va = 0x7ffae2270000
end_va = 0x7ffae22a7fff
monitored = 0
entry_point = 0x7ffae2288cc0
region_type = mapped_file
name = "iphlpapi.dll"
filename = "\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")
Region:
id = 2775
start_va = 0x7ffae2ca0000
end_va = 0x7ffae2d00fff
monitored = 0
entry_point = 0x7ffae2ca4b50
region_type = mapped_file
name = "wlanapi.dll"
filename = "\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")
Region:
id = 2776
start_va = 0x7ffae0850000
end_va = 0x7ffae0868fff
monitored = 0
entry_point = 0x7ffae0852180
region_type = mapped_file
name = "bthradiomedia.dll"
filename = "\\Windows\\System32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll")
Region:
id = 2789
start_va = 0x7ffae9360000
end_va = 0x7ffae93a2fff
monitored = 0
entry_point = 0x7ffae9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2790
start_va = 0x7ffae7a80000
end_va = 0x7ffae7aa6fff
monitored = 0
entry_point = 0x7ffae7a87940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2791
start_va = 0x3e40000
end_va = 0x403ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e40000"
filename = ""
Region:
id = 2792
start_va = 0x3f00000
end_va = 0x3ffffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f00000"
filename = ""
Region:
id = 2793
start_va = 0x7ffae0820000
end_va = 0x7ffae083dfff
monitored = 0
entry_point = 0x7ffae0821690
region_type = mapped_file
name = "bluetoothapis.dll"
filename = "\\Windows\\System32\\BluetoothApis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll")
Region:
id = 2797
start_va = 0x7ffae1870000
end_va = 0x7ffae187afff
monitored = 0
entry_point = 0x7ffae1871d30
region_type = mapped_file
name = "winnsi.dll"
filename = "\\Windows\\System32\\winnsi.dll" (normalized: "c:\\windows\\system32\\winnsi.dll")
Region:
id = 2811
start_va = 0x7ffaec660000
end_va = 0x7ffaec6cafff
monitored = 0
entry_point = 0x7ffaec6790c0
region_type = mapped_file
name = "ws2_32.dll"
filename = "\\Windows\\System32\\ws2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")
Region:
id = 2812
start_va = 0x7ffae86d0000
end_va = 0x7ffae872bfff
monitored = 0
entry_point = 0x7ffae86e6f70
region_type = mapped_file
name = "mswsock.dll"
filename = "\\Windows\\System32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")
Region:
id = 3013
start_va = 0x7ffae7e00000
end_va = 0x7ffae7e23fff
monitored = 0
entry_point = 0x7ffae7e03260
region_type = mapped_file
name = "gpapi.dll"
filename = "\\Windows\\System32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")
Region:
id = 3059
start_va = 0x4000000
end_va = 0x40fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004000000"
filename = ""
Region:
id = 3060
start_va = 0x7ffae35a0000
end_va = 0x7ffae35aafff
monitored = 0
entry_point = 0x7ffae35a1a20
region_type = mapped_file
name = "licensemanagersvc.dll"
filename = "\\Windows\\System32\\LicenseManagerSvc.dll" (normalized: "c:\\windows\\system32\\licensemanagersvc.dll")
Region:
id = 3061
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 3062
start_va = 0x7ffadec50000
end_va = 0x7ffaded8cfff
monitored = 0
entry_point = 0x7ffadec6a6a0
region_type = mapped_file
name = "licensemanager.dll"
filename = "\\Windows\\System32\\LicenseManager.dll" (normalized: "c:\\windows\\system32\\licensemanager.dll")
Region:
id = 3067
start_va = 0x7ffadec30000
end_va = 0x7ffadec45fff
monitored = 0
entry_point = 0x7ffadec3b550
region_type = mapped_file
name = "clipc.dll"
filename = "\\Windows\\System32\\Clipc.dll" (normalized: "c:\\windows\\system32\\clipc.dll")
Region:
id = 3147
start_va = 0x4100000
end_va = 0x41fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004100000"
filename = ""
Region:
id = 3148
start_va = 0x7ffae2bd0000
end_va = 0x7ffae2c97fff
monitored = 0
entry_point = 0x7ffae2c113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 3288
start_va = 0x7ffae8e20000
end_va = 0x7ffae8e6afff
monitored = 0
entry_point = 0x7ffae8e235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 3289
start_va = 0x4200000
end_va = 0x42fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004200000"
filename = ""
Region:
id = 3292
start_va = 0x7ffae17b0000
end_va = 0x7ffae17c5fff
monitored = 0
entry_point = 0x7ffae17b19f0
region_type = mapped_file
name = "dhcpcsvc6.dll"
filename = "\\Windows\\System32\\dhcpcsvc6.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")
Region:
id = 3293
start_va = 0x7ffae1790000
end_va = 0x7ffae17a9fff
monitored = 0
entry_point = 0x7ffae1792430
region_type = mapped_file
name = "dhcpcsvc.dll"
filename = "\\Windows\\System32\\dhcpcsvc.dll" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")
Region:
id = 3296
start_va = 0x7ffae7820000
end_va = 0x7ffae78c9fff
monitored = 0
entry_point = 0x7ffae7847910
region_type = mapped_file
name = "dnsapi.dll"
filename = "\\Windows\\System32\\dnsapi.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")
Region:
id = 3300
start_va = 0x4300000
end_va = 0x43fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004300000"
filename = ""
Region:
id = 3301
start_va = 0x7ffae26f0000
end_va = 0x7ffae26f9fff
monitored = 0
entry_point = 0x7ffae26f14c0
region_type = mapped_file
name = "rasadhlp.dll"
filename = "\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")
Thread:
id = 184
os_tid = 0x424
Thread:
id = 185
os_tid = 0x178
Thread:
id = 186
os_tid = 0x190
Thread:
id = 187
os_tid = 0x18c
Thread:
id = 188
os_tid = 0x164
Thread:
id = 189
os_tid = 0x158
Thread:
id = 190
os_tid = 0x148
Thread:
id = 191
os_tid = 0x3d4
Thread:
id = 192
os_tid = 0x3c0
Thread:
id = 193
os_tid = 0x4bc
Thread:
id = 194
os_tid = 0x4c0
Thread:
id = 211
os_tid = 0x580
Thread:
id = 215
os_tid = 0x59c
Thread:
id = 216
os_tid = 0x5b0
Thread:
id = 217
os_tid = 0x5b4
Thread:
id = 218
os_tid = 0x5b8
Thread:
id = 219
os_tid = 0x5bc
Thread:
id = 247
os_tid = 0x6d8
Thread:
id = 260
os_tid = 0x734
Thread:
id = 282
os_tid = 0x78c
Thread:
id = 286
os_tid = 0x7a0
Process:
id = "12"
image_name = "sihost.exe"
filename = "c:\\windows\\system32\\sihost.exe"
page_root = "0x2fe70000"
os_pid = "0x4e8"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x364"
cmd_line = "sihost.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e173" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2589
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2590
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2591
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2592
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2593
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2594
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2595
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2596
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2597
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2598
start_va = 0x7ff6fb3e0000
end_va = 0x7ff6fb3f5fff
monitored = 0
entry_point = 0x7ff6fb3e5190
region_type = mapped_file
name = "sihost.exe"
filename = "\\Windows\\System32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")
Region:
id = 2599
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2600
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2601
start_va = 0x570000
end_va = 0x66ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000570000"
filename = ""
Region:
id = 2602
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2603
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2604
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2605
start_va = 0xf0000
end_va = 0x1adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2606
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2607
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2608
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2609
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2610
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2611
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2612
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2613
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2614
start_va = 0x7ffae82f0000
end_va = 0x7ffae8320fff
monitored = 0
entry_point = 0x7ffae82f7d10
region_type = mapped_file
name = "ntmarta.dll"
filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")
Region:
id = 2615
start_va = 0x7ffae6ed0000
end_va = 0x7ffae6f8dfff
monitored = 0
entry_point = 0x7ffae6f12d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 2620
start_va = 0x7ffae14b0000
end_va = 0x7ffae1737fff
monitored = 0
entry_point = 0x7ffae150f670
region_type = mapped_file
name = "coreuicomponents.dll"
filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")
Region:
id = 2621
start_va = 0x7ffae4ad0000
end_va = 0x7ffae4c05fff
monitored = 0
entry_point = 0x7ffae4aff350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2622
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2623
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2624
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2625
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2626
start_va = 0x670000
end_va = 0x7a5fff
monitored = 0
entry_point = 0x69f350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2627
start_va = 0x480000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2628
start_va = 0x7b0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 2629
start_va = 0x1b0000
end_va = 0x1b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 2630
start_va = 0x1c0000
end_va = 0x1f8fff
monitored = 0
entry_point = 0x1c12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2631
start_va = 0x8d0000
end_va = 0xa57fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000008d0000"
filename = ""
Region:
id = 2632
start_va = 0x7ffaec2f0000
end_va = 0x7ffaec32afff
monitored = 0
entry_point = 0x7ffaec2f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2633
start_va = 0xa60000
end_va = 0xbe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a60000"
filename = ""
Region:
id = 2634
start_va = 0xbf0000
end_va = 0x1feffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000bf0000"
filename = ""
Region:
id = 2635
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2636
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001d0000"
filename = ""
Region:
id = 2637
start_va = 0x7b0000
end_va = 0x88cfff
monitored = 0
entry_point = 0x80e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2638
start_va = 0x8c0000
end_va = 0x8cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000008c0000"
filename = ""
Region:
id = 2640
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2641
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2642
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001f0000"
filename = ""
Region:
id = 2643
start_va = 0x7ffae1320000
end_va = 0x7ffae133dfff
monitored = 0
entry_point = 0x7ffae1325340
region_type = mapped_file
name = "desktopshellext.dll"
filename = "\\Windows\\System32\\DesktopShellExt.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll")
Region:
id = 2644
start_va = 0x7ffae1300000
end_va = 0x7ffae1311fff
monitored = 0
entry_point = 0x7ffae1305110
region_type = mapped_file
name = "windows.shell.servicehostbuilder.dll"
filename = "\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll")
Region:
id = 2645
start_va = 0x7b0000
end_va = 0x8affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000007b0000"
filename = ""
Region:
id = 2646
start_va = 0x1ff0000
end_va = 0x20ccfff
monitored = 0
entry_point = 0x204e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2648
start_va = 0x1ff0000
end_va = 0x206ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001ff0000"
filename = ""
Region:
id = 2649
start_va = 0x2070000
end_va = 0x20effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002070000"
filename = ""
Region:
id = 2650
start_va = 0x20f0000
end_va = 0x216ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000020f0000"
filename = ""
Region:
id = 2656
start_va = 0x7ffae65c0000
end_va = 0x7ffae6a52fff
monitored = 0
entry_point = 0x7ffae65cf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2657
start_va = 0x7ffae1080000
end_va = 0x7ffae1159fff
monitored = 0
entry_point = 0x7ffae10d03b0
region_type = mapped_file
name = "modernexecserver.dll"
filename = "\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll")
Region:
id = 2670
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2671
start_va = 0x7ffae8e20000
end_va = 0x7ffae8e6afff
monitored = 0
entry_point = 0x7ffae8e235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2672
start_va = 0x7ffae7b80000
end_va = 0x7ffae7ba9fff
monitored = 0
entry_point = 0x7ffae7b88b90
region_type = mapped_file
name = "rmclient.dll"
filename = "\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")
Region:
id = 2673
start_va = 0x7ffae1030000
end_va = 0x7ffae107afff
monitored = 0
entry_point = 0x7ffae1047b70
region_type = mapped_file
name = "veeventdispatcher.dll"
filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")
Region:
id = 2674
start_va = 0x7ffae3310000
end_va = 0x7ffae33a1fff
monitored = 0
entry_point = 0x7ffae335a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2675
start_va = 0x7ffae78d0000
end_va = 0x7ffae79cffff
monitored = 0
entry_point = 0x7ffae7910f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2676
start_va = 0x7ffae8c90000
end_va = 0x7ffae8cb8fff
monitored = 0
entry_point = 0x7ffae8ca4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2677
start_va = 0x2170000
end_va = 0x22b2fff
monitored = 0
entry_point = 0x2198210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2678
start_va = 0x500000
end_va = 0x501fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 2679
start_va = 0x510000
end_va = 0x510fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000510000"
filename = ""
Region:
id = 2680
start_va = 0x2170000
end_va = 0x224ffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2682
start_va = 0x2250000
end_va = 0x22cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002250000"
filename = ""
Region:
id = 2683
start_va = 0x7ffae7780000
end_va = 0x7ffae7815fff
monitored = 0
entry_point = 0x7ffae77a5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2684
start_va = 0x22d0000
end_va = 0x249ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022d0000"
filename = ""
Region:
id = 2686
start_va = 0x7ffae0ff0000
end_va = 0x7ffae1020fff
monitored = 0
entry_point = 0x7ffae0ff3400
region_type = mapped_file
name = "clipboardserver.dll"
filename = "\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll")
Region:
id = 2687
start_va = 0x7ffae0f90000
end_va = 0x7ffae0fecfff
monitored = 0
entry_point = 0x7ffae0fa0080
region_type = mapped_file
name = "activationmanager.dll"
filename = "\\Windows\\System32\\ActivationManager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll")
Region:
id = 2688
start_va = 0x7ffae0f60000
end_va = 0x7ffae0f82fff
monitored = 0
entry_point = 0x7ffae0f63020
region_type = mapped_file
name = "appointmentactivation.dll"
filename = "\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll")
Region:
id = 2689
start_va = 0x22d0000
end_va = 0x234ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000022d0000"
filename = ""
Region:
id = 2690
start_va = 0x2490000
end_va = 0x249ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002490000"
filename = ""
Region:
id = 2691
start_va = 0x7ffaec470000
end_va = 0x7ffaec5b2fff
monitored = 0
entry_point = 0x7ffaec498210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2692
start_va = 0x7ffae2370000
end_va = 0x7ffae23b0fff
monitored = 0
entry_point = 0x7ffae2374840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 2694
start_va = 0x2350000
end_va = 0x23cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002350000"
filename = ""
Region:
id = 2695
start_va = 0x7ffae32c0000
end_va = 0x7ffae32cffff
monitored = 0
entry_point = 0x7ffae32c2c60
region_type = mapped_file
name = "usermgrcli.dll"
filename = "\\Windows\\System32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")
Region:
id = 2696
start_va = 0x24a0000
end_va = 0x259ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000024a0000"
filename = ""
Region:
id = 2697
start_va = 0x25a0000
end_va = 0x2d9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025a0000"
filename = ""
Region:
id = 2702
start_va = 0x23d0000
end_va = 0x244ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000023d0000"
filename = ""
Region:
id = 2703
start_va = 0x2da0000
end_va = 0x2e1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002da0000"
filename = ""
Region:
id = 2718
start_va = 0x2e20000
end_va = 0x2e9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002e20000"
filename = ""
Region:
id = 2719
start_va = 0x7ffae0e80000
end_va = 0x7ffae0ec3fff
monitored = 0
entry_point = 0x7ffae0e8c010
region_type = mapped_file
name = "execmodelclient.dll"
filename = "\\Windows\\System32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")
Region:
id = 2720
start_va = 0x7ffae0e70000
end_va = 0x7ffae0e7dfff
monitored = 0
entry_point = 0x7ffae0e72690
region_type = mapped_file
name = "notificationplatformcomponent.dll"
filename = "\\Windows\\System32\\notificationplatformcomponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll")
Region:
id = 2721
start_va = 0x7ffae0dd0000
end_va = 0x7ffae0e66fff
monitored = 0
entry_point = 0x7ffae0de4fd0
region_type = mapped_file
name = "appcontracts.dll"
filename = "\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll")
Region:
id = 2737
start_va = 0x7ffae0d20000
end_va = 0x7ffae0dc1fff
monitored = 0
entry_point = 0x7ffae0d22b20
region_type = mapped_file
name = "sharehost.dll"
filename = "\\Windows\\System32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll")
Region:
id = 2738
start_va = 0x7ffae9cf0000
end_va = 0x7ffae9d41fff
monitored = 0
entry_point = 0x7ffae9cff530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2739
start_va = 0x7ffae94d0000
end_va = 0x7ffae9b13fff
monitored = 0
entry_point = 0x7ffae96964b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2740
start_va = 0x7ffae9360000
end_va = 0x7ffae93a2fff
monitored = 0
entry_point = 0x7ffae9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2741
start_va = 0x7ffae8e70000
end_va = 0x7ffae8e83fff
monitored = 0
entry_point = 0x7ffae8e752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2742
start_va = 0x7ffae0d10000
end_va = 0x7ffae0d18fff
monitored = 0
entry_point = 0x7ffae0d11480
region_type = mapped_file
name = "wpportinglibrary.dll"
filename = "\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")
Region:
id = 2744
start_va = 0x7ffae0ab0000
end_va = 0x7ffae0d0cfff
monitored = 0
entry_point = 0x7ffae0b38610
region_type = mapped_file
name = "twinui.appcore.dll"
filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")
Region:
id = 2756
start_va = 0x2ea0000
end_va = 0x2f1ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002ea0000"
filename = ""
Region:
id = 2765
start_va = 0x7ffae08f0000
end_va = 0x7ffae0904fff
monitored = 0
entry_point = 0x7ffae08f1ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 2768
start_va = 0x2f20000
end_va = 0x2f9ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002f20000"
filename = ""
Region:
id = 2788
start_va = 0x2fa0000
end_va = 0x301ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002fa0000"
filename = ""
Region:
id = 2795
start_va = 0x7ffae8780000
end_va = 0x7ffae8796fff
monitored = 0
entry_point = 0x7ffae87879d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2796
start_va = 0x7ffae8410000
end_va = 0x7ffae8443fff
monitored = 0
entry_point = 0x7ffae842ae70
region_type = mapped_file
name = "rsaenh.dll"
filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")
Region:
id = 2798
start_va = 0x3020000
end_va = 0x3356fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2799
start_va = 0x7ffae88a0000
end_va = 0x7ffae88aafff
monitored = 0
entry_point = 0x7ffae88a19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 2814
start_va = 0x7ffae0550000
end_va = 0x7ffae0560fff
monitored = 0
entry_point = 0x7ffae0555e90
region_type = mapped_file
name = "licensemanagerapi.dll"
filename = "\\Windows\\System32\\LicenseManagerApi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")
Region:
id = 3302
start_va = 0x520000
end_va = 0x521fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep")
Region:
id = 3303
start_va = 0x3360000
end_va = 0x33dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003360000"
filename = ""
Region:
id = 3304
start_va = 0x520000
end_va = 0x54dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000520000"
filename = ""
Region:
id = 3305
start_va = 0x7df5ffe40000
end_va = 0x7df5ffebdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb")
Region:
id = 3306
start_va = 0x550000
end_va = 0x551fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep"
filename = "\\ProgramData\\Microsoft\\Windows\\AppRepository\\Packages\\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\S-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep" (normalized: "c:\\programdata\\microsoft\\windows\\apprepository\\packages\\microsoft.messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\s-1-5-21-1560258661-3990802383-1811730007-1000.pckgdep")
Region:
id = 3307
start_va = 0x7df5ffe40000
end_va = 0x7df5ffebdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sysmain.sdb"
filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb")
Thread:
id = 195
os_tid = 0x4ec
Thread:
id = 196
os_tid = 0x4f0
Thread:
id = 197
os_tid = 0x4f4
Thread:
id = 199
os_tid = 0x50c
Thread:
id = 200
os_tid = 0x510
Thread:
id = 201
os_tid = 0x514
Thread:
id = 205
os_tid = 0x538
Thread:
id = 206
os_tid = 0x53c
Thread:
id = 208
os_tid = 0x54c
Thread:
id = 209
os_tid = 0x574
Thread:
id = 210
os_tid = 0x57c
Thread:
id = 213
os_tid = 0x594
Thread:
id = 220
os_tid = 0x5c0
Thread:
id = 222
os_tid = 0x5e8
Thread:
id = 223
os_tid = 0x600
Thread:
id = 283
os_tid = 0x794
Process:
id = "13"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x6b480000"
os_pid = "0x524"
os_integrity_level = "0x4000"
os_privileges = "0xe60b1e890"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x364"
cmd_line = "taskhostw.exe SYSTEM"
cur_dir = "C:\\Windows\\system32\\"
os_username = "NT AUTHORITY\\SYSTEM"
bitness = "32"
os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\DcpSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\RetailDemo" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000ac30" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe]
Region:
id = 2658
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2659
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2660
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2661
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2662
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2663
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2664
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2665
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2666
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2667
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2668
start_va = 0x7ff7e1230000
end_va = 0x7ff7e1248fff
monitored = 0
entry_point = 0x7ff7e12359b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 2669
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2722
start_va = 0x4b0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 2723
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2724
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2725
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2726
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2727
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2728
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2729
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2730
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2731
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2732
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2733
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2734
start_va = 0x5b0000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 2735
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2736
start_va = 0x630000
end_va = 0x772fff
monitored = 0
entry_point = 0x658210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2800
start_va = 0x630000
end_va = 0x70cfff
monitored = 0
entry_point = 0x68e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 2801
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2802
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2803
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2804
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2805
start_va = 0x630000
end_va = 0x7b7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000630000"
filename = ""
Region:
id = 2806
start_va = 0x7c0000
end_va = 0x940fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007c0000"
filename = ""
Region:
id = 2807
start_va = 0x950000
end_va = 0xa0ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000950000"
filename = ""
Region:
id = 2808
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2809
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2810
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 2995
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2996
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 2997
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3157
start_va = 0x4a0000
end_va = 0x4a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 3158
start_va = 0xa10000
end_va = 0xa8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a10000"
filename = ""
Region:
id = 3159
start_va = 0xa90000
end_va = 0xb0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000a90000"
filename = ""
Region:
id = 3160
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3161
start_va = 0x5b0000
end_va = 0x5b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 3162
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 3163
start_va = 0x7ffaddea0000
end_va = 0x7ffaddeb0fff
monitored = 0
entry_point = 0x7ffaddea6710
region_type = mapped_file
name = "tpmtasks.dll"
filename = "\\Windows\\System32\\TpmTasks.dll" (normalized: "c:\\windows\\system32\\tpmtasks.dll")
Region:
id = 3202
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3203
start_va = 0x7ffadd640000
end_va = 0x7ffadd6adfff
monitored = 0
entry_point = 0x7ffadd68e6c0
region_type = mapped_file
name = "tpmcoreprovisioning.dll"
filename = "\\Windows\\System32\\TpmCoreProvisioning.dll" (normalized: "c:\\windows\\system32\\tpmcoreprovisioning.dll")
Thread:
id = 214
os_tid = 0x528
Thread:
id = 224
os_tid = 0x598
Thread:
id = 265
os_tid = 0x6fc
Thread:
id = 266
os_tid = 0x6f8
Process:
id = "14"
image_name = "locationnotificationwindows.exe"
filename = "c:\\windows\\system32\\locationnotificationwindows.exe"
page_root = "0x69fc7000"
os_pid = "0x584"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x364"
cmd_line = "C:\\Windows\\System32\\LocationNotificationWindows.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e173" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2704
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 2705
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2706
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2707
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2708
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000e0000"
filename = ""
Region:
id = 2709
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2710
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2711
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2712
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2713
start_va = 0x7ff627670000
end_va = 0x7ff62767dfff
monitored = 0
entry_point = 0x7ff627672e60
region_type = mapped_file
name = "locationnotificationwindows.exe"
filename = "\\Windows\\System32\\LocationNotificationWindows.exe" (normalized: "c:\\windows\\system32\\locationnotificationwindows.exe")
Region:
id = 2714
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2777
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2778
start_va = 0x440000
end_va = 0x53ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000440000"
filename = ""
Region:
id = 2779
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2780
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2781
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2782
start_va = 0xf0000
end_va = 0x1adfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2783
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2784
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2785
start_va = 0x540000
end_va = 0x5bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 2786
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2787
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2815
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2816
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2817
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2818
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2819
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2820
start_va = 0x7ffae9d50000
end_va = 0x7ffaeb2aefff
monitored = 0
entry_point = 0x7ffae9eb11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2821
start_va = 0x7ffae9360000
end_va = 0x7ffae93a2fff
monitored = 0
entry_point = 0x7ffae9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2822
start_va = 0x7ffae94d0000
end_va = 0x7ffae9b13fff
monitored = 0
entry_point = 0x7ffae96964b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2823
start_va = 0x7ffae9cf0000
end_va = 0x7ffae9d41fff
monitored = 0
entry_point = 0x7ffae9cff530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2824
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2825
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2826
start_va = 0x7ffae8e20000
end_va = 0x7ffae8e6afff
monitored = 0
entry_point = 0x7ffae8e235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2827
start_va = 0x7ffae8e70000
end_va = 0x7ffae8e83fff
monitored = 0
entry_point = 0x7ffae8e752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2828
start_va = 0x7ffaec470000
end_va = 0x7ffaec5b2fff
monitored = 0
entry_point = 0x7ffaec498210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2829
start_va = 0x7ffae3310000
end_va = 0x7ffae33a1fff
monitored = 0
entry_point = 0x7ffae335a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2830
start_va = 0x5c0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005c0000"
filename = ""
Region:
id = 3048
start_va = 0x1b0000
end_va = 0x1b6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001b0000"
filename = ""
Region:
id = 3049
start_va = 0x1c0000
end_va = 0x1f8fff
monitored = 0
entry_point = 0x1c12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3050
start_va = 0x6c0000
end_va = 0x847fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006c0000"
filename = ""
Region:
id = 3051
start_va = 0x7ffaec2f0000
end_va = 0x7ffaec32afff
monitored = 0
entry_point = 0x7ffaec2f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3052
start_va = 0x850000
end_va = 0x9d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000850000"
filename = ""
Region:
id = 3053
start_va = 0x9e0000
end_va = 0x1ddffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009e0000"
filename = ""
Region:
id = 3054
start_va = 0x1c0000
end_va = 0x1c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001c0000"
filename = ""
Region:
id = 3055
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 3056
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locationnotificationwindows.exe.mui"
filename = "\\Windows\\System32\\en-US\\LocationNotificationWindows.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\locationnotificationwindows.exe.mui")
Region:
id = 3142
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 3143
start_va = 0x400000
end_va = 0x400fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3144
start_va = 0x5c0000
end_va = 0x67ffff
monitored = 0
entry_point = 0x5e0da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3145
start_va = 0x6b0000
end_va = 0x6bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000006b0000"
filename = ""
Region:
id = 3193
start_va = 0x410000
end_va = 0x411fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskbarcpl.dll.mui"
filename = "\\Windows\\System32\\en-US\\taskbarcpl.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\taskbarcpl.dll.mui")
Region:
id = 3194
start_va = 0x5c0000
end_va = 0x63dfff
monitored = 0
entry_point = 0x5c94a0
region_type = mapped_file
name = "taskbarcpl.dll"
filename = "\\Windows\\System32\\taskbarcpl.dll" (normalized: "c:\\windows\\system32\\taskbarcpl.dll")
Region:
id = 3290
start_va = 0x7ffae7780000
end_va = 0x7ffae7815fff
monitored = 0
entry_point = 0x7ffae77a5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3291
start_va = 0x1de0000
end_va = 0x1faffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001de0000"
filename = ""
Thread:
id = 212
os_tid = 0x588
Thread:
id = 225
os_tid = 0x604
Process:
id = "15"
image_name = "explorer.exe"
filename = "c:\\windows\\explorer.exe"
page_root = "0x69de6000"
os_pid = "0x624"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "12"
os_parent_pid = "0x5f8"
cmd_line = "C:\\Windows\\Explorer.EXE"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e173" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 2832
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 2833
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 2834
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 2835
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 2836
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 2837
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 2838
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 2839
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 2840
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 2841
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 2842
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 2843
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001f0000"
filename = ""
Region:
id = 2844
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 2845
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 2846
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 2847
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000490000"
filename = ""
Region:
id = 2848
start_va = 0x4a0000
end_va = 0x4a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 2849
start_va = 0x4b0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 2850
start_va = 0x5b0000
end_va = 0x5b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 2851
start_va = 0x5c0000
end_va = 0x5c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 2852
start_va = 0x5d0000
end_va = 0x5d3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 2853
start_va = 0x5e0000
end_va = 0x5e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Region:
id = 2854
start_va = 0x5f0000
end_va = 0x5fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005f0000"
filename = ""
Region:
id = 2855
start_va = 0x600000
end_va = 0x601fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000600000"
filename = ""
Region:
id = 2856
start_va = 0x610000
end_va = 0x61ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000610000"
filename = ""
Region:
id = 2857
start_va = 0x620000
end_va = 0x7a7fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000620000"
filename = ""
Region:
id = 2858
start_va = 0x7b0000
end_va = 0x930fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000007b0000"
filename = ""
Region:
id = 2859
start_va = 0x940000
end_va = 0x1d3ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000940000"
filename = ""
Region:
id = 2860
start_va = 0x1d40000
end_va = 0x213afff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001d40000"
filename = ""
Region:
id = 2861
start_va = 0x2140000
end_va = 0x2476fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "sortdefault.nls"
filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls")
Region:
id = 2862
start_va = 0x2480000
end_va = 0x2496fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000d.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000d.db")
Region:
id = 2863
start_va = 0x24a0000
end_va = 0x24b7fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000f.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x000000000000000f.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x000000000000000f.db")
Region:
id = 2864
start_va = 0x24c0000
end_va = 0x24c1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000024c0000"
filename = ""
Region:
id = 2865
start_va = 0x24d0000
end_va = 0x24fdfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000024d0000"
filename = ""
Region:
id = 2866
start_va = 0x2500000
end_va = 0x2501fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002500000"
filename = ""
Region:
id = 2867
start_va = 0x2510000
end_va = 0x2511fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002510000"
filename = ""
Region:
id = 2868
start_va = 0x2520000
end_va = 0x259ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002520000"
filename = ""
Region:
id = 2869
start_va = 0x25a0000
end_va = 0x261ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000025a0000"
filename = ""
Region:
id = 2870
start_va = 0x2620000
end_va = 0x269ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002620000"
filename = ""
Region:
id = 2871
start_va = 0x26a0000
end_va = 0x271ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000026a0000"
filename = ""
Region:
id = 2872
start_va = 0x2720000
end_va = 0x27fffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "kernelbase.dll.mui"
filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui")
Region:
id = 2873
start_va = 0x2800000
end_va = 0x287ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002800000"
filename = ""
Region:
id = 2874
start_va = 0x2880000
end_va = 0x28fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002880000"
filename = ""
Region:
id = 2875
start_va = 0x2900000
end_va = 0x297ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002900000"
filename = ""
Region:
id = 2876
start_va = 0x2980000
end_va = 0x2981fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "oleaccrc.dll"
filename = "\\Windows\\System32\\oleaccrc.dll" (normalized: "c:\\windows\\system32\\oleaccrc.dll")
Region:
id = 2877
start_va = 0x2990000
end_va = 0x2a4bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002990000"
filename = ""
Region:
id = 2878
start_va = 0x2a50000
end_va = 0x2a53fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002a50000"
filename = ""
Region:
id = 2879
start_va = 0x2a60000
end_va = 0x2b5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002a60000"
filename = ""
Region:
id = 2880
start_va = 0x2b60000
end_va = 0x2b66fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002b60000"
filename = ""
Region:
id = 2881
start_va = 0x2b70000
end_va = 0x2b71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000002b70000"
filename = ""
Region:
id = 2882
start_va = 0x2b80000
end_va = 0x3bbffff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "staticcache.dat"
filename = "\\Windows\\Fonts\\StaticCache.dat" (normalized: "c:\\windows\\fonts\\staticcache.dat")
Region:
id = 2883
start_va = 0x3bc0000
end_va = 0x3bc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bc0000"
filename = ""
Region:
id = 2884
start_va = 0x3bd0000
end_va = 0x3bd0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003bd0000"
filename = ""
Region:
id = 2885
start_va = 0x3be0000
end_va = 0x3be0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003be0000"
filename = ""
Region:
id = 2886
start_va = 0x3bf0000
end_va = 0x3bf1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003bf0000"
filename = ""
Region:
id = 2887
start_va = 0x3c00000
end_va = 0x3c7ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c00000"
filename = ""
Region:
id = 2888
start_va = 0x3c80000
end_va = 0x3c81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c80000"
filename = ""
Region:
id = 2889
start_va = 0x3c90000
end_va = 0x3c90fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003c90000"
filename = ""
Region:
id = 2890
start_va = 0x3ca0000
end_va = 0x3ca0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ca0000"
filename = ""
Region:
id = 2891
start_va = 0x3cb0000
end_va = 0x3cb0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cb0000"
filename = ""
Region:
id = 2892
start_va = 0x3cc0000
end_va = 0x3dbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003cc0000"
filename = ""
Region:
id = 2893
start_va = 0x3dc0000
end_va = 0x3dc0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003dc0000"
filename = ""
Region:
id = 2894
start_va = 0x3dd0000
end_va = 0x3ddffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003dd0000"
filename = ""
Region:
id = 2895
start_va = 0x3de0000
end_va = 0x3deffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003de0000"
filename = ""
Region:
id = 2896
start_va = 0x3df0000
end_va = 0x3dfffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003df0000"
filename = ""
Region:
id = 2897
start_va = 0x3e00000
end_va = 0x3e00fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e00000"
filename = ""
Region:
id = 2898
start_va = 0x3e10000
end_va = 0x3e10fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e10000"
filename = ""
Region:
id = 2899
start_va = 0x3e20000
end_va = 0x3e20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e20000"
filename = ""
Region:
id = 2900
start_va = 0x3e30000
end_va = 0x3e33fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 2901
start_va = 0x3e40000
end_va = 0x3e40fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e40000"
filename = ""
Region:
id = 2902
start_va = 0x3e50000
end_va = 0x3e50fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003e50000"
filename = ""
Region:
id = 2903
start_va = 0x3e60000
end_va = 0x3e60fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003e60000"
filename = ""
Region:
id = 2904
start_va = 0x3e70000
end_va = 0x3e71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003e70000"
filename = ""
Region:
id = 2905
start_va = 0x3e80000
end_va = 0x3eb8fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003e80000"
filename = ""
Region:
id = 2906
start_va = 0x3ec0000
end_va = 0x3ec0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ec0000"
filename = ""
Region:
id = 2907
start_va = 0x3ed0000
end_va = 0x3ed0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ed0000"
filename = ""
Region:
id = 2908
start_va = 0x3ef0000
end_va = 0x3f13fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ef0000"
filename = ""
Region:
id = 2909
start_va = 0x3f20000
end_va = 0x3f43fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f20000"
filename = ""
Region:
id = 2910
start_va = 0x3f50000
end_va = 0x3fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f50000"
filename = ""
Region:
id = 2911
start_va = 0x3fd0000
end_va = 0x3fd1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003fd0000"
filename = ""
Region:
id = 2912
start_va = 0x3fe0000
end_va = 0x3fe3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2913
start_va = 0x3ff0000
end_va = 0x4034fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db")
Region:
id = 2914
start_va = 0x4040000
end_va = 0x4043fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 2915
start_va = 0x4050000
end_va = 0x40ddfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db")
Region:
id = 2916
start_va = 0x40e0000
end_va = 0x40e0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040e0000"
filename = ""
Region:
id = 2917
start_va = 0x4160000
end_va = 0x41dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004160000"
filename = ""
Region:
id = 2918
start_va = 0x41e0000
end_va = 0x425ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000041e0000"
filename = ""
Region:
id = 2919
start_va = 0x4260000
end_va = 0x42dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004260000"
filename = ""
Region:
id = 2920
start_va = 0x42e0000
end_va = 0x435ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000042e0000"
filename = ""
Region:
id = 2921
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 2922
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 2923
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 2924
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 2925
start_va = 0x7ff678a10000
end_va = 0x7ff678e57fff
monitored = 0
entry_point = 0x7ff678aae090
region_type = mapped_file
name = "explorer.exe"
filename = "\\Windows\\explorer.exe" (normalized: "c:\\windows\\explorer.exe")
Region:
id = 2926
start_va = 0x7ffadf140000
end_va = 0x7ffadf14bfff
monitored = 0
entry_point = 0x7ffadf1418b0
region_type = mapped_file
name = "wldp.dll"
filename = "\\Windows\\System32\\wldp.dll" (normalized: "c:\\windows\\system32\\wldp.dll")
Region:
id = 2927
start_va = 0x7ffadf150000
end_va = 0x7ffadf19cfff
monitored = 0
entry_point = 0x7ffadf15d180
region_type = mapped_file
name = "windows.immersiveshell.serviceprovider.dll"
filename = "\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll")
Region:
id = 2928
start_va = 0x7ffadf1a0000
end_va = 0x7ffadfcaafff
monitored = 0
entry_point = 0x7ffadf2ea540
region_type = mapped_file
name = "twinui.dll"
filename = "\\Windows\\System32\\twinui.dll" (normalized: "c:\\windows\\system32\\twinui.dll")
Region:
id = 2929
start_va = 0x7ffadfcb0000
end_va = 0x7ffadfcfffff
monitored = 0
entry_point = 0x7ffadfcb2580
region_type = mapped_file
name = "edputil.dll"
filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")
Region:
id = 2930
start_va = 0x7ffadfd00000
end_va = 0x7ffae019ffff
monitored = 0
entry_point = 0x7ffadfd98740
region_type = mapped_file
name = "explorerframe.dll"
filename = "\\Windows\\System32\\ExplorerFrame.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")
Region:
id = 2931
start_va = 0x7ffae01a0000
end_va = 0x7ffae01e9fff
monitored = 0
entry_point = 0x7ffae01a5800
region_type = mapped_file
name = "dataexchange.dll"
filename = "\\Windows\\System32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")
Region:
id = 2932
start_va = 0x7ffae01f0000
end_va = 0x7ffae0259fff
monitored = 0
entry_point = 0x7ffae0205e90
region_type = mapped_file
name = "oleacc.dll"
filename = "\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")
Region:
id = 2933
start_va = 0x7ffae0260000
end_va = 0x7ffae02c4fff
monitored = 0
entry_point = 0x7ffae0264c50
region_type = mapped_file
name = "sndvolsso.dll"
filename = "\\Windows\\System32\\SndVolSSO.dll" (normalized: "c:\\windows\\system32\\sndvolsso.dll")
Region:
id = 2934
start_va = 0x7ffae02d0000
end_va = 0x7ffae0543fff
monitored = 0
entry_point = 0x7ffae0340400
region_type = mapped_file
name = "comctl32.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")
Region:
id = 2935
start_va = 0x7ffae0570000
end_va = 0x7ffae063dfff
monitored = 0
entry_point = 0x7ffae05a14c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 2936
start_va = 0x7ffae0640000
end_va = 0x7ffae0738fff
monitored = 0
entry_point = 0x7ffae0688000
region_type = mapped_file
name = "settingsynccore.dll"
filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")
Region:
id = 2937
start_va = 0x7ffae0740000
end_va = 0x7ffae0754fff
monitored = 0
entry_point = 0x7ffae0742c90
region_type = mapped_file
name = "settingsyncpolicy.dll"
filename = "\\Windows\\System32\\SettingSyncPolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll")
Region:
id = 2938
start_va = 0x7ffae0760000
end_va = 0x7ffae0810fff
monitored = 0
entry_point = 0x7ffae07708f0
region_type = mapped_file
name = "twinapi.dll"
filename = "\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")
Region:
id = 2939
start_va = 0x7ffae1a60000
end_va = 0x7ffae1acffff
monitored = 0
entry_point = 0x7ffae1a82960
region_type = mapped_file
name = "mmdevapi.dll"
filename = "\\Windows\\System32\\MMDevAPI.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")
Region:
id = 2940
start_va = 0x7ffae22b0000
end_va = 0x7ffae2304fff
monitored = 0
entry_point = 0x7ffae22b3fb0
region_type = mapped_file
name = "policymanager.dll"
filename = "\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")
Region:
id = 2941
start_va = 0x7ffae2520000
end_va = 0x7ffae2547fff
monitored = 0
entry_point = 0x7ffae2528c10
region_type = mapped_file
name = "idstore.dll"
filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")
Region:
id = 2942
start_va = 0x7ffae3310000
end_va = 0x7ffae33a1fff
monitored = 0
entry_point = 0x7ffae335a780
region_type = mapped_file
name = "msvcp110_win.dll"
filename = "\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")
Region:
id = 2943
start_va = 0x7ffae4580000
end_va = 0x7ffae473cfff
monitored = 0
entry_point = 0x7ffae45aaf90
region_type = mapped_file
name = "windows.ui.immersive.dll"
filename = "\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll")
Region:
id = 2944
start_va = 0x7ffae4ad0000
end_va = 0x7ffae4c05fff
monitored = 0
entry_point = 0x7ffae4aff350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 2945
start_va = 0x7ffae5d00000
end_va = 0x7ffae5e0dfff
monitored = 0
entry_point = 0x7ffae5d4eaa0
region_type = mapped_file
name = "mrmcorer.dll"
filename = "\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")
Region:
id = 2946
start_va = 0x7ffae6250000
end_va = 0x7ffae6400fff
monitored = 0
entry_point = 0x7ffae62e61a0
region_type = mapped_file
name = "windowscodecs.dll"
filename = "\\Windows\\System32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")
Region:
id = 2947
start_va = 0x7ffae65c0000
end_va = 0x7ffae6a52fff
monitored = 0
entry_point = 0x7ffae65cf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 2948
start_va = 0x7ffae6a60000
end_va = 0x7ffae6ac6fff
monitored = 0
entry_point = 0x7ffae6a7e710
region_type = mapped_file
name = "bcp47langs.dll"
filename = "\\Windows\\System32\\BCP47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")
Region:
id = 2949
start_va = 0x7ffae6b20000
end_va = 0x7ffae6bc1fff
monitored = 0
entry_point = 0x7ffae6b40a40
region_type = mapped_file
name = "dxgi.dll"
filename = "\\Windows\\System32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")
Region:
id = 2950
start_va = 0x7ffae6bd0000
end_va = 0x7ffae6e77fff
monitored = 0
entry_point = 0x7ffae6c63250
region_type = mapped_file
name = "d3d11.dll"
filename = "\\Windows\\System32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")
Region:
id = 2951
start_va = 0x7ffae6e80000
end_va = 0x7ffae6ea1fff
monitored = 0
entry_point = 0x7ffae6e81a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 2952
start_va = 0x7ffae6f90000
end_va = 0x7ffae7072fff
monitored = 0
entry_point = 0x7ffae6fc7da0
region_type = mapped_file
name = "dcomp.dll"
filename = "\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")
Region:
id = 2953
start_va = 0x7ffae7380000
end_va = 0x7ffae73f8fff
monitored = 0
entry_point = 0x7ffae739fb90
region_type = mapped_file
name = "apphelp.dll"
filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")
Region:
id = 2954
start_va = 0x7ffae7400000
end_va = 0x7ffae7585fff
monitored = 0
entry_point = 0x7ffae744d700
region_type = mapped_file
name = "propsys.dll"
filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll")
Region:
id = 2955
start_va = 0x7ffae7590000
end_va = 0x7ffae75abfff
monitored = 0
entry_point = 0x7ffae75937a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 2956
start_va = 0x7ffae75f0000
end_va = 0x7ffae7602fff
monitored = 0
entry_point = 0x7ffae75f2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 2957
start_va = 0x7ffae7610000
end_va = 0x7ffae7634fff
monitored = 0
entry_point = 0x7ffae7612300
region_type = mapped_file
name = "sppc.dll"
filename = "\\Windows\\System32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")
Region:
id = 2958
start_va = 0x7ffae7670000
end_va = 0x7ffae7694fff
monitored = 0
entry_point = 0x7ffae7685220
region_type = mapped_file
name = "slc.dll"
filename = "\\Windows\\System32\\slc.dll" (normalized: "c:\\windows\\system32\\slc.dll")
Region:
id = 2959
start_va = 0x7ffae7780000
end_va = 0x7ffae7815fff
monitored = 0
entry_point = 0x7ffae77a5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 2960
start_va = 0x7ffae78d0000
end_va = 0x7ffae79cffff
monitored = 0
entry_point = 0x7ffae7910f80
region_type = mapped_file
name = "twinapi.appcore.dll"
filename = "\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")
Region:
id = 2961
start_va = 0x7ffae7a80000
end_va = 0x7ffae7aa6fff
monitored = 0
entry_point = 0x7ffae7a87940
region_type = mapped_file
name = "devobj.dll"
filename = "\\Windows\\System32\\devobj.dll" (normalized: "c:\\windows\\system32\\devobj.dll")
Region:
id = 2962
start_va = 0x7ffae8560000
end_va = 0x7ffae857efff
monitored = 0
entry_point = 0x7ffae8565d30
region_type = mapped_file
name = "userenv.dll"
filename = "\\Windows\\System32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")
Region:
id = 2963
start_va = 0x7ffae8780000
end_va = 0x7ffae8796fff
monitored = 0
entry_point = 0x7ffae87879d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 2964
start_va = 0x7ffae89a0000
end_va = 0x7ffae89f5fff
monitored = 0
entry_point = 0x7ffae89b0bf0
region_type = mapped_file
name = "winsta.dll"
filename = "\\Windows\\System32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")
Region:
id = 2965
start_va = 0x7ffae8ae0000
end_va = 0x7ffae8b0cfff
monitored = 0
entry_point = 0x7ffae8af9d40
region_type = mapped_file
name = "sspicli.dll"
filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")
Region:
id = 2966
start_va = 0x7ffae8c90000
end_va = 0x7ffae8cb8fff
monitored = 0
entry_point = 0x7ffae8ca4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 2967
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 2968
start_va = 0x7ffae8e10000
end_va = 0x7ffae8e1ffff
monitored = 0
entry_point = 0x7ffae8e156e0
region_type = mapped_file
name = "msasn1.dll"
filename = "\\Windows\\System32\\msasn1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")
Region:
id = 2969
start_va = 0x7ffae8e20000
end_va = 0x7ffae8e6afff
monitored = 0
entry_point = 0x7ffae8e235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 2970
start_va = 0x7ffae8e70000
end_va = 0x7ffae8e83fff
monitored = 0
entry_point = 0x7ffae8e752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 2971
start_va = 0x7ffae8f40000
end_va = 0x7ffae8f94fff
monitored = 0
entry_point = 0x7ffae8f57970
region_type = mapped_file
name = "wintrust.dll"
filename = "\\Windows\\System32\\wintrust.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")
Region:
id = 2972
start_va = 0x7ffae8fa0000
end_va = 0x7ffae9166fff
monitored = 0
entry_point = 0x7ffae8ffdb80
region_type = mapped_file
name = "crypt32.dll"
filename = "\\Windows\\System32\\crypt32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")
Region:
id = 2973
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 2974
start_va = 0x7ffae9360000
end_va = 0x7ffae93a2fff
monitored = 0
entry_point = 0x7ffae9374b50
region_type = mapped_file
name = "cfgmgr32.dll"
filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")
Region:
id = 2975
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 2976
start_va = 0x7ffae94d0000
end_va = 0x7ffae9b13fff
monitored = 0
entry_point = 0x7ffae96964b0
region_type = mapped_file
name = "windows.storage.dll"
filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")
Region:
id = 2977
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 2978
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 2979
start_va = 0x7ffae9cf0000
end_va = 0x7ffae9d41fff
monitored = 0
entry_point = 0x7ffae9cff530
region_type = mapped_file
name = "shlwapi.dll"
filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")
Region:
id = 2980
start_va = 0x7ffae9d50000
end_va = 0x7ffaeb2aefff
monitored = 0
entry_point = 0x7ffae9eb11f0
region_type = mapped_file
name = "shell32.dll"
filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")
Region:
id = 2981
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 2982
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 2983
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 2984
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 2985
start_va = 0x7ffaebe70000
end_va = 0x7ffaebfc9fff
monitored = 0
entry_point = 0x7ffaebeb38e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 2986
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 2987
start_va = 0x7ffaec160000
end_va = 0x7ffaec1cefff
monitored = 0
entry_point = 0x7ffaec185f70
region_type = mapped_file
name = "coml2.dll"
filename = "\\Windows\\System32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")
Region:
id = 2988
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 2989
start_va = 0x7ffaec2f0000
end_va = 0x7ffaec32afff
monitored = 0
entry_point = 0x7ffaec2f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 2990
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 2991
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 2992
start_va = 0x7ffaec470000
end_va = 0x7ffaec5b2fff
monitored = 0
entry_point = 0x7ffaec498210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 2993
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 2994
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 2998
start_va = 0x4360000
end_va = 0x43dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004360000"
filename = ""
Region:
id = 2999
start_va = 0x43e0000
end_va = 0x445ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000043e0000"
filename = ""
Region:
id = 3000
start_va = 0x7ffae2370000
end_va = 0x7ffae23b0fff
monitored = 0
entry_point = 0x7ffae2374840
region_type = mapped_file
name = "usermgrproxy.dll"
filename = "\\Windows\\System32\\UserMgrProxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")
Region:
id = 3001
start_va = 0x7ffae0ab0000
end_va = 0x7ffae0d0cfff
monitored = 0
entry_point = 0x7ffae0b38610
region_type = mapped_file
name = "twinui.appcore.dll"
filename = "\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")
Region:
id = 3002
start_va = 0x7ffae6ed0000
end_va = 0x7ffae6f8dfff
monitored = 0
entry_point = 0x7ffae6f12d40
region_type = mapped_file
name = "coremessaging.dll"
filename = "\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")
Region:
id = 3003
start_va = 0x7ffae14b0000
end_va = 0x7ffae1737fff
monitored = 0
entry_point = 0x7ffae150f670
region_type = mapped_file
name = "coreuicomponents.dll"
filename = "\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")
Region:
id = 3004
start_va = 0x7ffadf000000
end_va = 0x7ffadf11ffff
monitored = 0
entry_point = 0x7ffadf038310
region_type = mapped_file
name = "applicationframe.dll"
filename = "\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll")
Region:
id = 3005
start_va = 0x7ffae3dc0000
end_va = 0x7ffae4304fff
monitored = 0
entry_point = 0x7ffae3f5a450
region_type = mapped_file
name = "d2d1.dll"
filename = "\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")
Region:
id = 3006
start_va = 0x4460000
end_va = 0x44dffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004460000"
filename = ""
Region:
id = 3007
start_va = 0x44e0000
end_va = 0x4cdffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000044e0000"
filename = ""
Region:
id = 3008
start_va = 0x4ce0000
end_va = 0x4d5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004ce0000"
filename = ""
Region:
id = 3009
start_va = 0x7ffadef20000
end_va = 0x7ffadeff9fff
monitored = 0
entry_point = 0x7ffadef53c00
region_type = mapped_file
name = "wpncore.dll"
filename = "\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll")
Region:
id = 3010
start_va = 0x7ffae2bd0000
end_va = 0x7ffae2c97fff
monitored = 0
entry_point = 0x7ffae2c113f0
region_type = mapped_file
name = "winhttp.dll"
filename = "\\Windows\\System32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")
Region:
id = 3011
start_va = 0x7ffadee90000
end_va = 0x7ffadef15fff
monitored = 0
entry_point = 0x7ffadeeb1e10
region_type = mapped_file
name = "notificationcontroller.dll"
filename = "\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll")
Region:
id = 3012
start_va = 0x7ffae1030000
end_va = 0x7ffae107afff
monitored = 0
entry_point = 0x7ffae1047b70
region_type = mapped_file
name = "veeventdispatcher.dll"
filename = "\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")
Region:
id = 3014
start_va = 0x40f0000
end_va = 0x4138fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000040f0000"
filename = ""
Region:
id = 3015
start_va = 0x4d60000
end_va = 0x4e5ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004d60000"
filename = ""
Region:
id = 3016
start_va = 0x4e60000
end_va = 0x71e1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "appdb.dat"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Notifications\\appdb.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\notifications\\appdb.dat")
Region:
id = 3047
start_va = 0x7ffadedc0000
end_va = 0x7ffadedeafff
monitored = 0
entry_point = 0x7ffadedc4240
region_type = mapped_file
name = "abovelockapphost.dll"
filename = "\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll")
Region:
id = 3057
start_va = 0x7270000
end_va = 0x72effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007270000"
filename = ""
Region:
id = 3058
start_va = 0x7ffaded90000
end_va = 0x7ffadedb5fff
monitored = 0
entry_point = 0x7ffadeda5cb0
region_type = mapped_file
name = "npsm.dll"
filename = "\\Windows\\System32\\NPSM.dll" (normalized: "c:\\windows\\system32\\npsm.dll")
Region:
id = 3063
start_va = 0x72f0000
end_va = 0x736ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000072f0000"
filename = ""
Region:
id = 3064
start_va = 0x7370000
end_va = 0x73effff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007370000"
filename = ""
Region:
id = 3065
start_va = 0x73f0000
end_va = 0x746ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000073f0000"
filename = ""
Region:
id = 3068
start_va = 0x3ee0000
end_va = 0x3eeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ee0000"
filename = ""
Region:
id = 3070
start_va = 0x3ee0000
end_va = 0x3eeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ee0000"
filename = ""
Region:
id = 3071
start_va = 0x3ee0000
end_va = 0x3eeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003ee0000"
filename = ""
Region:
id = 3109
start_va = 0x3ee0000
end_va = 0x3ee8fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003ee0000"
filename = ""
Region:
id = 3110
start_va = 0x4140000
end_va = 0x4148fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004140000"
filename = ""
Region:
id = 3111
start_va = 0x4150000
end_va = 0x415ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000004150000"
filename = ""
Region:
id = 3112
start_va = 0x71f0000
end_va = 0x7213fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000071f0000"
filename = ""
Region:
id = 3113
start_va = 0x7220000
end_va = 0x7243fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007220000"
filename = ""
Region:
id = 3114
start_va = 0x7470000
end_va = 0x756ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007470000"
filename = ""
Region:
id = 3115
start_va = 0x4150000
end_va = 0x4150fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000004150000"
filename = ""
Region:
id = 3116
start_va = 0x7570000
end_va = 0x7a61fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007570000"
filename = ""
Region:
id = 3117
start_va = 0x7ffae23d0000
end_va = 0x7ffae243cfff
monitored = 0
entry_point = 0x7ffae23dd750
region_type = mapped_file
name = "photometadatahandler.dll"
filename = "\\Windows\\System32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll")
Region:
id = 3118
start_va = 0x7a70000
end_va = 0x7f61fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a70000"
filename = ""
Region:
id = 3119
start_va = 0x7ffadea30000
end_va = 0x7ffadeb0afff
monitored = 0
entry_point = 0x7ffadea428b0
region_type = mapped_file
name = "ntshrui.dll"
filename = "\\Windows\\System32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")
Region:
id = 3120
start_va = 0x7ffadea00000
end_va = 0x7ffadea25fff
monitored = 0
entry_point = 0x7ffadea01cf0
region_type = mapped_file
name = "srvcli.dll"
filename = "\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")
Region:
id = 3121
start_va = 0x7ffae1400000
end_va = 0x7ffae1411fff
monitored = 0
entry_point = 0x7ffae1403580
region_type = mapped_file
name = "cscapi.dll"
filename = "\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")
Region:
id = 3122
start_va = 0x7f70000
end_va = 0x7feffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007f70000"
filename = ""
Region:
id = 3123
start_va = 0x3ef0000
end_va = 0x3ef3fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.2.db"
filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db")
Region:
id = 3124
start_va = 0x3f00000
end_va = 0x3f01fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f00000"
filename = ""
Region:
id = 3125
start_va = 0x7ffade9b0000
end_va = 0x7ffade9fcfff
monitored = 0
entry_point = 0x7ffade9c7de0
region_type = mapped_file
name = "thumbcache.dll"
filename = "\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")
Region:
id = 3126
start_va = 0x3f10000
end_va = 0x3f11fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f10000"
filename = ""
Region:
id = 3127
start_va = 0x3f20000
end_va = 0x3f21fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 3128
start_va = 0x3f30000
end_va = 0x3f30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3129
start_va = 0x3f30000
end_va = 0x3f30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3130
start_va = 0x7ff0000
end_va = 0x8037fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007ff0000"
filename = ""
Region:
id = 3131
start_va = 0x3f30000
end_va = 0x3f30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3132
start_va = 0x3f30000
end_va = 0x3f30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3133
start_va = 0x3f30000
end_va = 0x3f30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3134
start_va = 0x3f30000
end_va = 0x3f30fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3135
start_va = 0x7220000
end_va = 0x7267fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007220000"
filename = ""
Region:
id = 3136
start_va = 0x3f20000
end_va = 0x3f23fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000003f20000"
filename = ""
Region:
id = 3137
start_va = 0x8040000
end_va = 0x80bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008040000"
filename = ""
Region:
id = 3138
start_va = 0x80c0000
end_va = 0x813ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000080c0000"
filename = ""
Region:
id = 3146
start_va = 0x3f30000
end_va = 0x3f3ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f30000"
filename = ""
Region:
id = 3149
start_va = 0x3f30000
end_va = 0x3f3ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f30000"
filename = ""
Region:
id = 3150
start_va = 0x8140000
end_va = 0x81bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008140000"
filename = ""
Region:
id = 3151
start_va = 0x81c0000
end_va = 0x823ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000081c0000"
filename = ""
Region:
id = 3152
start_va = 0x3f30000
end_va = 0x3f31fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 3153
start_va = 0x80c0000
end_va = 0x81bffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 3154
start_va = 0x7ffade070000
end_va = 0x7ffade30ffff
monitored = 0
entry_point = 0x7ffade0751e0
region_type = mapped_file
name = "gameux.dll"
filename = "\\Windows\\System32\\gameux.dll" (normalized: "c:\\windows\\system32\\gameux.dll")
Region:
id = 3155
start_va = 0x3f40000
end_va = 0x3f41fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000003f40000"
filename = ""
Region:
id = 3156
start_va = 0x7ffaddec0000
end_va = 0x7ffade068fff
monitored = 0
entry_point = 0x7ffaddf14060
region_type = mapped_file
name = "gdiplus.dll"
filename = "\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\GdiPlus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")
Region:
id = 3164
start_va = 0x8240000
end_va = 0x824ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008240000"
filename = ""
Region:
id = 3165
start_va = 0x8240000
end_va = 0x824ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008240000"
filename = ""
Region:
id = 3166
start_va = 0x8240000
end_va = 0x8c3ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008240000"
filename = ""
Region:
id = 3167
start_va = 0x8c40000
end_va = 0x8e3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008c40000"
filename = ""
Region:
id = 3168
start_va = 0x8040000
end_va = 0x8043fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 3169
start_va = 0x8050000
end_va = 0x8053fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cversions.1.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db")
Region:
id = 3170
start_va = 0x8060000
end_va = 0x8078fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000010.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000010.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000010.db")
Region:
id = 3171
start_va = 0x8040000
end_va = 0x8058fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000010.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000010.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000010.db")
Region:
id = 3172
start_va = 0x8060000
end_va = 0x8060fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "netmsg.dll"
filename = "\\Windows\\System32\\netmsg.dll" (normalized: "c:\\windows\\system32\\netmsg.dll")
Region:
id = 3173
start_va = 0x8070000
end_va = 0x8071fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008070000"
filename = ""
Region:
id = 3174
start_va = 0x8080000
end_va = 0x8089fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 3175
start_va = 0x8090000
end_va = 0x809dfff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 3176
start_va = 0x7ffae4740000
end_va = 0x7ffae4ac1fff
monitored = 0
entry_point = 0x7ffae4791220
region_type = mapped_file
name = "iertutil.dll"
filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")
Region:
id = 3177
start_va = 0x80a0000
end_va = 0x80a1fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 3178
start_va = 0x80b0000
end_va = 0x80b0fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3179
start_va = 0x8e40000
end_va = 0x8e41fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 3180
start_va = 0x8e50000
end_va = 0x8f4ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 3181
start_va = 0x7ffae5c50000
end_va = 0x7ffae5cf8fff
monitored = 0
entry_point = 0x7ffae5c79010
region_type = mapped_file
name = "windows.ui.dll"
filename = "\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")
Region:
id = 3182
start_va = 0x8f50000
end_va = 0x90affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008f50000"
filename = ""
Region:
id = 3183
start_va = 0x8f50000
end_va = 0x8fcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008f50000"
filename = ""
Region:
id = 3184
start_va = 0x90a0000
end_va = 0x90affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000090a0000"
filename = ""
Region:
id = 3185
start_va = 0x8fd0000
end_va = 0x904ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008fd0000"
filename = ""
Region:
id = 3186
start_va = 0x8f50000
end_va = 0x8f56fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 3187
start_va = 0x8070000
end_va = 0x8072fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008070000"
filename = ""
Region:
id = 3188
start_va = 0x7ffaddd10000
end_va = 0x7ffadde9efff
monitored = 0
entry_point = 0x7ffaddd201d8
region_type = mapped_file
name = "filesyncshell64.dll"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\filesyncshell64.dll")
Region:
id = 3189
start_va = 0x7ffaddc60000
end_va = 0x7ffaddd05fff
monitored = 0
entry_point = 0x7ffaddcaefec
region_type = mapped_file
name = "msvcp120.dll"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll")
Region:
id = 3190
start_va = 0x9050000
end_va = 0x90cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009050000"
filename = ""
Region:
id = 3191
start_va = 0x7ffaddb60000
end_va = 0x7ffaddb69fff
monitored = 0
entry_point = 0x7ffaddb61350
region_type = mapped_file
name = "version.dll"
filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll")
Region:
id = 3192
start_va = 0x7ffaddb70000
end_va = 0x7ffaddc5efff
monitored = 0
entry_point = 0x7ffaddb929cc
region_type = mapped_file
name = "msvcr120.dll"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll")
Region:
id = 3195
start_va = 0x90d0000
end_va = 0x914ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000090d0000"
filename = ""
Region:
id = 3196
start_va = 0x7ffadd8d0000
end_va = 0x7ffaddb5dfff
monitored = 0
entry_point = 0x7ffadd9a0f00
region_type = mapped_file
name = "wininet.dll"
filename = "\\Windows\\System32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")
Region:
id = 3197
start_va = 0x8070000
end_va = 0x8071fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_idx.db")
Region:
id = 3198
start_va = 0x8080000
end_va = 0x8080fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "iconcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\iconcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_48.db")
Region:
id = 3199
start_va = 0x8f50000
end_va = 0x8fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008f50000"
filename = ""
Region:
id = 3200
start_va = 0x9150000
end_va = 0x91cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009150000"
filename = ""
Region:
id = 3201
start_va = 0x7ffadd6b0000
end_va = 0x7ffadd8c3fff
monitored = 0
entry_point = 0x7ffadd6b1000
region_type = mapped_file
name = "grooveex.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll")
Region:
id = 3204
start_va = 0x91d0000
end_va = 0x924ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000091d0000"
filename = ""
Region:
id = 3205
start_va = 0x8090000
end_va = 0x8091fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008090000"
filename = ""
Region:
id = 3206
start_va = 0x7ffadd620000
end_va = 0x7ffadd636fff
monitored = 0
entry_point = 0x7ffadd62c440
region_type = mapped_file
name = "vcruntime140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\vcruntime140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll")
Region:
id = 3207
start_va = 0x7ffadd580000
end_va = 0x7ffadd61dfff
monitored = 0
entry_point = 0x7ffadd5c9d40
region_type = mapped_file
name = "msvcp140.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\msvcp140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll")
Region:
id = 3208
start_va = 0x7ffae7fa0000
end_va = 0x7ffae8093fff
monitored = 0
entry_point = 0x7ffae7faa960
region_type = mapped_file
name = "ucrtbase.dll"
filename = "\\Windows\\System32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")
Region:
id = 3209
start_va = 0x7ffae88a0000
end_va = 0x7ffae88aafff
monitored = 0
entry_point = 0x7ffae88a19a0
region_type = mapped_file
name = "cryptbase.dll"
filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")
Region:
id = 3210
start_va = 0x8f50000
end_va = 0x8f50fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008f50000"
filename = ""
Region:
id = 3211
start_va = 0x8fb0000
end_va = 0x8fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000008fb0000"
filename = ""
Region:
id = 3212
start_va = 0x8f60000
end_va = 0x8f61fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_idx.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db")
Region:
id = 3213
start_va = 0x9250000
end_va = 0x934ffff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "thumbcache_48.db"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_48.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_48.db")
Region:
id = 3214
start_va = 0x7ffadd240000
end_va = 0x7ffadd579fff
monitored = 0
entry_point = 0x7ffadd248520
region_type = mapped_file
name = "msi.dll"
filename = "\\Windows\\System32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")
Region:
id = 3215
start_va = 0x9350000
end_va = 0x93cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009350000"
filename = ""
Region:
id = 3216
start_va = 0x8f70000
end_va = 0x8f71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000008f70000"
filename = ""
Region:
id = 3217
start_va = 0x93d0000
end_va = 0x9588fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "office.odf"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\cultures\\office.odf")
Region:
id = 3218
start_va = 0x180000000
end_va = 0x18087dfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "grooveintlresource.dll"
filename = "\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll")
Region:
id = 3219
start_va = 0x7ffae29d0000
end_va = 0x7ffae2a06fff
monitored = 0
entry_point = 0x7ffae29d20a0
region_type = mapped_file
name = "ehstorshell.dll"
filename = "\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")
Region:
id = 3220
start_va = 0x7ffaeb720000
end_va = 0x7ffaebb48fff
monitored = 0
entry_point = 0x7ffaeb748740
region_type = mapped_file
name = "setupapi.dll"
filename = "\\Windows\\System32\\setupapi.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")
Region:
id = 3221
start_va = 0x7ffae2900000
end_va = 0x7ffae29c5fff
monitored = 0
entry_point = 0x7ffae2903ac0
region_type = mapped_file
name = "cscui.dll"
filename = "\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")
Region:
id = 3222
start_va = 0x7a70000
end_va = 0x7a71fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007a70000"
filename = ""
Region:
id = 3223
start_va = 0x7ffae08f0000
end_va = 0x7ffae0904fff
monitored = 0
entry_point = 0x7ffae08f1ab0
region_type = mapped_file
name = "execmodelproxy.dll"
filename = "\\Windows\\System32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")
Region:
id = 3279
start_va = 0x7a80000
end_va = 0x7a8ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007a80000"
filename = ""
Region:
id = 3280
start_va = 0x7ffae2490000
end_va = 0x7ffae24a5fff
monitored = 0
entry_point = 0x7ffae2491b60
region_type = mapped_file
name = "wkscli.dll"
filename = "\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")
Region:
id = 3281
start_va = 0x7a80000
end_va = 0x7ab2fff
monitored = 1
entry_point = 0x0
region_type = mapped_file
name = "cachedimage_1440_900_pos4.jpg"
filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg")
Region:
id = 3282
start_va = 0x7a80000
end_va = 0x7b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a80000"
filename = ""
Region:
id = 3283
start_va = 0x9590000
end_va = 0x9a81fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009590000"
filename = ""
Region:
id = 3284
start_va = 0x9a90000
end_va = 0x9b0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009a90000"
filename = ""
Region:
id = 3285
start_va = 0x7a80000
end_va = 0x7a82fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a80000"
filename = ""
Region:
id = 3286
start_va = 0x7a90000
end_va = 0x7b2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000007a90000"
filename = ""
Region:
id = 3287
start_va = 0x9b10000
end_va = 0x9b8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009b10000"
filename = ""
Region:
id = 3295
start_va = 0x7a90000
end_va = 0x7a9ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000007a90000"
filename = ""
Region:
id = 3298
start_va = 0x9b90000
end_va = 0x9c0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009b90000"
filename = ""
Region:
id = 3299
start_va = 0x9c10000
end_va = 0x9c8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009c10000"
filename = ""
Region:
id = 3309
start_va = 0x9c90000
end_va = 0x9d0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009c90000"
filename = ""
Region:
id = 3310
start_va = 0x9d10000
end_va = 0x9d8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009d10000"
filename = ""
Region:
id = 3311
start_va = 0x9d90000
end_va = 0x9e0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009d90000"
filename = ""
Region:
id = 3312
start_va = 0x7ffae7750000
end_va = 0x7ffae775bfff
monitored = 0
entry_point = 0x7ffae77514b0
region_type = mapped_file
name = "notificationcontrollerps.dll"
filename = "\\Windows\\System32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll")
Region:
id = 3313
start_va = 0x7ffae1ce0000
end_va = 0x7ffae1d8dfff
monitored = 0
entry_point = 0x7ffae1cf80c0
region_type = mapped_file
name = "windows.networking.connectivity.dll"
filename = "\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")
Region:
id = 3314
start_va = 0x9e10000
end_va = 0x9e8ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e10000"
filename = ""
Region:
id = 3315
start_va = 0x9e90000
end_va = 0x9f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000009e90000"
filename = ""
Region:
id = 3316
start_va = 0x7ffae7700000
end_va = 0x7ffae7747fff
monitored = 0
entry_point = 0x7ffae770a430
region_type = mapped_file
name = "notificationobjfactory.dll"
filename = "\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll")
Region:
id = 3317
start_va = 0x7ffae5f50000
end_va = 0x7ffae6107fff
monitored = 0
entry_point = 0x7ffae5fbe630
region_type = mapped_file
name = "urlmon.dll"
filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")
Thread:
id = 226
os_tid = 0x684
Thread:
id = 227
os_tid = 0x678
Thread:
id = 228
os_tid = 0x66c
Thread:
id = 229
os_tid = 0x664
Thread:
id = 230
os_tid = 0x65c
Thread:
id = 231
os_tid = 0x658
Thread:
id = 232
os_tid = 0x64c
Thread:
id = 233
os_tid = 0x650
Thread:
id = 234
os_tid = 0x648
Thread:
id = 235
os_tid = 0x644
Thread:
id = 236
os_tid = 0x640
Thread:
id = 237
os_tid = 0x63c
Thread:
id = 238
os_tid = 0x638
Thread:
id = 239
os_tid = 0x62c
Thread:
id = 240
os_tid = 0x628
Thread:
id = 241
os_tid = 0x694
Thread:
id = 242
os_tid = 0x6a0
Thread:
id = 243
os_tid = 0x6a4
Thread:
id = 244
os_tid = 0x6b0
Thread:
id = 245
os_tid = 0x6cc
Thread:
id = 250
os_tid = 0x6e4
Thread:
id = 251
os_tid = 0x6e8
Thread:
id = 252
os_tid = 0x6ec
Thread:
id = 253
os_tid = 0x6f0
Thread:
id = 256
os_tid = 0x724
Thread:
id = 257
os_tid = 0x72c
Thread:
id = 258
os_tid = 0x730
Thread:
id = 263
os_tid = 0x744
Thread:
id = 264
os_tid = 0x74c
Thread:
id = 267
os_tid = 0x754
Thread:
id = 268
os_tid = 0x758
Thread:
id = 269
os_tid = 0x75c
Thread:
id = 270
os_tid = 0x760
Thread:
id = 271
os_tid = 0x764
Thread:
id = 272
os_tid = 0x768
Thread:
id = 273
os_tid = 0x76c
Thread:
id = 280
os_tid = 0x784
Thread:
id = 281
os_tid = 0x788
Thread:
id = 284
os_tid = 0x798
Thread:
id = 285
os_tid = 0x79c
Thread:
id = 287
os_tid = 0x7a4
Thread:
id = 288
os_tid = 0x7b4
Thread:
id = 289
os_tid = 0x7bc
Thread:
id = 290
os_tid = 0x7c0
Thread:
id = 291
os_tid = 0x7c4
Process:
id = "16"
image_name = "taskhostw.exe"
filename = "c:\\windows\\system32\\taskhostw.exe"
page_root = "0x2d47c000"
os_pid = "0x6d0"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "child_process"
parent_id = "10"
os_parent_pid = "0x364"
cmd_line = "taskhostw.exe"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e173" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3017
start_va = 0x10000
end_va = 0x2ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000010000"
filename = ""
Region:
id = 3018
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3019
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 3020
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 3021
start_va = 0xe0000
end_va = 0xe0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 3022
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 3023
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 3024
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3025
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 3026
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 3027
start_va = 0x7ff7e1230000
end_va = 0x7ff7e1248fff
monitored = 0
entry_point = 0x7ff7e12359b0
region_type = mapped_file
name = "taskhostw.exe"
filename = "\\Windows\\System32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")
Region:
id = 3028
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Region:
id = 3029
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3030
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3031
start_va = 0x4b0000
end_va = 0x5affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000004b0000"
filename = ""
Region:
id = 3032
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 3033
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3034
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3035
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3036
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3037
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3038
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 3039
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 3040
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3041
start_va = 0x5b0000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000005b0000"
filename = ""
Region:
id = 3042
start_va = 0x20000
end_va = 0x26fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3043
start_va = 0x630000
end_va = 0x772fff
monitored = 0
entry_point = 0x658210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3044
start_va = 0x630000
end_va = 0x70cfff
monitored = 0
entry_point = 0x68e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3045
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 3046
start_va = 0x1c0000
end_va = 0x1c6fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3069
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3072
start_va = 0x630000
end_va = 0x6affff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000630000"
filename = ""
Region:
id = 3073
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3074
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3075
start_va = 0x5b0000
end_va = 0x5e8fff
monitored = 0
entry_point = 0x5b12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3076
start_va = 0x620000
end_va = 0x62ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000620000"
filename = ""
Region:
id = 3077
start_va = 0x6b0000
end_va = 0x837fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000006b0000"
filename = ""
Region:
id = 3078
start_va = 0x7ffaec2f0000
end_va = 0x7ffaec32afff
monitored = 0
entry_point = 0x7ffaec2f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3079
start_va = 0x840000
end_va = 0x9c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000840000"
filename = ""
Region:
id = 3080
start_va = 0x9d0000
end_va = 0x1dcffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000009d0000"
filename = ""
Region:
id = 3081
start_va = 0x1d0000
end_va = 0x1d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 3082
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 3083
start_va = 0x1f0000
end_va = 0x1f0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "taskhostw.exe.mui"
filename = "\\Windows\\System32\\en-US\\taskhostw.exe.mui" (normalized: "c:\\windows\\system32\\en-us\\taskhostw.exe.mui")
Region:
id = 3084
start_va = 0x480000
end_va = 0x480fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 3085
start_va = 0x490000
end_va = 0x490fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000490000"
filename = ""
Region:
id = 3086
start_va = 0x7ffae7780000
end_va = 0x7ffae7815fff
monitored = 0
entry_point = 0x7ffae77a5570
region_type = mapped_file
name = "uxtheme.dll"
filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")
Region:
id = 3087
start_va = 0x1dd0000
end_va = 0x1f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001dd0000"
filename = ""
Region:
id = 3089
start_va = 0x7ffaebe70000
end_va = 0x7ffaebfc9fff
monitored = 0
entry_point = 0x7ffaebeb38e0
region_type = mapped_file
name = "msctf.dll"
filename = "\\Windows\\System32\\msctf.dll" (normalized: "c:\\windows\\system32\\msctf.dll")
Region:
id = 3090
start_va = 0x4a0000
end_va = 0x4a0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 3091
start_va = 0x1dd0000
end_va = 0x1e8bfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000001dd0000"
filename = ""
Region:
id = 3092
start_va = 0x1f30000
end_va = 0x1f3ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f30000"
filename = ""
Region:
id = 3093
start_va = 0x4a0000
end_va = 0x4a3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000004a0000"
filename = ""
Region:
id = 3094
start_va = 0x7ffae6e80000
end_va = 0x7ffae6ea1fff
monitored = 0
entry_point = 0x7ffae6e81a40
region_type = mapped_file
name = "dwmapi.dll"
filename = "\\Windows\\System32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")
Region:
id = 3095
start_va = 0x5b0000
end_va = 0x5b0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005b0000"
filename = ""
Region:
id = 3096
start_va = 0x1e90000
end_va = 0x1f0ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001e90000"
filename = ""
Region:
id = 3097
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3098
start_va = 0x5c0000
end_va = 0x5c0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005c0000"
filename = ""
Region:
id = 3099
start_va = 0x7ffae0640000
end_va = 0x7ffae0738fff
monitored = 0
entry_point = 0x7ffae0688000
region_type = mapped_file
name = "settingsynccore.dll"
filename = "\\Windows\\System32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")
Region:
id = 3100
start_va = 0x5d0000
end_va = 0x5d1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005d0000"
filename = ""
Region:
id = 3101
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 3102
start_va = 0x7ffae8e70000
end_va = 0x7ffae8e83fff
monitored = 0
entry_point = 0x7ffae8e752e0
region_type = mapped_file
name = "profapi.dll"
filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")
Region:
id = 3103
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3104
start_va = 0x7ffae8c90000
end_va = 0x7ffae8cb8fff
monitored = 0
entry_point = 0x7ffae8ca4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 3105
start_va = 0x7ffae8780000
end_va = 0x7ffae8796fff
monitored = 0
entry_point = 0x7ffae87879d0
region_type = mapped_file
name = "cryptsp.dll"
filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")
Region:
id = 3106
start_va = 0x7ffae0570000
end_va = 0x7ffae063dfff
monitored = 0
entry_point = 0x7ffae05a14c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 3107
start_va = 0x7ffae4ad0000
end_va = 0x7ffae4c05fff
monitored = 0
entry_point = 0x7ffae4aff350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 3108
start_va = 0x1f40000
end_va = 0x201cfff
monitored = 0
entry_point = 0x1f9e0b0
region_type = mapped_file
name = "rpcss.dll"
filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")
Region:
id = 3139
start_va = 0x1f40000
end_va = 0x1fbffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001f40000"
filename = ""
Region:
id = 3140
start_va = 0x1fc0000
end_va = 0x203ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000001fc0000"
filename = ""
Region:
id = 3141
start_va = 0x2040000
end_va = 0x20bffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000002040000"
filename = ""
Region:
id = 3297
start_va = 0x7ffae65c0000
end_va = 0x7ffae6a52fff
monitored = 0
entry_point = 0x7ffae65cf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 3308
start_va = 0x5e0000
end_va = 0x60dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000005e0000"
filename = ""
Thread:
id = 246
os_tid = 0x6d4
Thread:
id = 248
os_tid = 0x6dc
Thread:
id = 254
os_tid = 0x710
Thread:
id = 255
os_tid = 0x714
Thread:
id = 259
os_tid = 0x720
Thread:
id = 261
os_tid = 0x738
Thread:
id = 262
os_tid = 0x73c
Process:
id = "17"
image_name = "runtimebroker.exe"
filename = "c:\\windows\\system32\\runtimebroker.exe"
page_root = "0x68975000"
os_pid = "0x670"
os_integrity_level = "0x2000"
os_privileges = "0x800000"
monitor_reason = "rpc_server"
parent_id = "16"
os_parent_pid = "0x274"
cmd_line = "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding"
cur_dir = "C:\\Windows\\system32\\"
os_username = "XC64ZB\\RDhJ0CNFevzX"
bitness = "32"
os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e173" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7]
Region:
id = 3224
start_va = 0x10000
end_va = 0x1ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000010000"
filename = ""
Region:
id = 3225
start_va = 0x20000
end_va = 0x20fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000020000"
filename = ""
Region:
id = 3226
start_va = 0x30000
end_va = 0x44fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000030000"
filename = ""
Region:
id = 3227
start_va = 0x50000
end_va = 0xcffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000050000"
filename = ""
Region:
id = 3228
start_va = 0xd0000
end_va = 0xd3fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000d0000"
filename = ""
Region:
id = 3229
start_va = 0xe0000
end_va = 0xe1fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000000e0000"
filename = ""
Region:
id = 3230
start_va = 0xf0000
end_va = 0xf1fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000000f0000"
filename = ""
Region:
id = 3231
start_va = 0x100000
end_va = 0x1bdfff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "locale.nls"
filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls")
Region:
id = 3232
start_va = 0x1c0000
end_va = 0x1c0fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x00000000001c0000"
filename = ""
Region:
id = 3233
start_va = 0x1d0000
end_va = 0x1d0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001d0000"
filename = ""
Region:
id = 3234
start_va = 0x1e0000
end_va = 0x1e0fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00000000001e0000"
filename = ""
Region:
id = 3235
start_va = 0x200000
end_va = 0x3fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000200000"
filename = ""
Region:
id = 3236
start_va = 0x400000
end_va = 0x47ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000400000"
filename = ""
Region:
id = 3237
start_va = 0x480000
end_va = 0x4fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000480000"
filename = ""
Region:
id = 3238
start_va = 0x500000
end_va = 0x52dfff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000500000"
filename = ""
Region:
id = 3239
start_va = 0x540000
end_va = 0x546fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000540000"
filename = ""
Region:
id = 3240
start_va = 0x550000
end_va = 0x5cffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000550000"
filename = ""
Region:
id = 3241
start_va = 0x600000
end_va = 0x6fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000600000"
filename = ""
Region:
id = 3242
start_va = 0x700000
end_va = 0x77ffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000700000"
filename = ""
Region:
id = 3243
start_va = 0x780000
end_va = 0x7fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000780000"
filename = ""
Region:
id = 3244
start_va = 0x880000
end_va = 0x886fff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000880000"
filename = ""
Region:
id = 3245
start_va = 0x900000
end_va = 0x9fffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x0000000000900000"
filename = ""
Region:
id = 3246
start_va = 0xa00000
end_va = 0xb87fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000a00000"
filename = ""
Region:
id = 3247
start_va = 0xb90000
end_va = 0xd10fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000b90000"
filename = ""
Region:
id = 3248
start_va = 0xd20000
end_va = 0x211ffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x0000000000d20000"
filename = ""
Region:
id = 3249
start_va = 0x7ffe0000
end_va = 0x7ffeffff
monitored = 1
entry_point = 0x0
region_type = private
name = "private_0x000000007ffe0000"
filename = ""
Region:
id = 3250
start_va = 0x7df5ffec0000
end_va = 0x7df5fffbffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffec0000"
filename = ""
Region:
id = 3251
start_va = 0x7df5fffc0000
end_va = 0x7df5fffe2fff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5fffc0000"
filename = ""
Region:
id = 3252
start_va = 0x7df5ffff0000
end_va = 0x7ff5fffeffff
monitored = 1
entry_point = 0x0
region_type = pagefile_backed
name = "pagefile_0x00007df5ffff0000"
filename = ""
Region:
id = 3253
start_va = 0x7ff7e8390000
end_va = 0x7ff7e83a6fff
monitored = 0
entry_point = 0x7ff7e83944f0
region_type = mapped_file
name = "runtimebroker.exe"
filename = "\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")
Region:
id = 3254
start_va = 0x7ffae0570000
end_va = 0x7ffae063dfff
monitored = 0
entry_point = 0x7ffae05a14c0
region_type = mapped_file
name = "tokenbroker.dll"
filename = "\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")
Region:
id = 3255
start_va = 0x7ffae2520000
end_va = 0x7ffae2547fff
monitored = 0
entry_point = 0x7ffae2528c10
region_type = mapped_file
name = "idstore.dll"
filename = "\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")
Region:
id = 3256
start_va = 0x7ffae4ad0000
end_va = 0x7ffae4c05fff
monitored = 0
entry_point = 0x7ffae4aff350
region_type = mapped_file
name = "wintypes.dll"
filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")
Region:
id = 3257
start_va = 0x7ffae65c0000
end_va = 0x7ffae6a52fff
monitored = 0
entry_point = 0x7ffae65cf760
region_type = mapped_file
name = "actxprxy.dll"
filename = "\\Windows\\System32\\actxprxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")
Region:
id = 3258
start_va = 0x7ffae7590000
end_va = 0x7ffae75abfff
monitored = 0
entry_point = 0x7ffae75937a0
region_type = mapped_file
name = "samlib.dll"
filename = "\\Windows\\System32\\samlib.dll" (normalized: "c:\\windows\\system32\\samlib.dll")
Region:
id = 3259
start_va = 0x7ffae75f0000
end_va = 0x7ffae7602fff
monitored = 0
entry_point = 0x7ffae75f2760
region_type = mapped_file
name = "wtsapi32.dll"
filename = "\\Windows\\System32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")
Region:
id = 3260
start_va = 0x7ffae8c90000
end_va = 0x7ffae8cb8fff
monitored = 0
entry_point = 0x7ffae8ca4530
region_type = mapped_file
name = "bcrypt.dll"
filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")
Region:
id = 3261
start_va = 0x7ffae8e00000
end_va = 0x7ffae8e0efff
monitored = 0
entry_point = 0x7ffae8e03210
region_type = mapped_file
name = "kernel.appcore.dll"
filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")
Region:
id = 3262
start_va = 0x7ffae8e20000
end_va = 0x7ffae8e6afff
monitored = 0
entry_point = 0x7ffae8e235f0
region_type = mapped_file
name = "powrprof.dll"
filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")
Region:
id = 3263
start_va = 0x7ffae9170000
end_va = 0x7ffae9357fff
monitored = 0
entry_point = 0x7ffae919ba70
region_type = mapped_file
name = "kernelbase.dll"
filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")
Region:
id = 3264
start_va = 0x7ffae9460000
end_va = 0x7ffae94c9fff
monitored = 0
entry_point = 0x7ffae9496d50
region_type = mapped_file
name = "bcryptprimitives.dll"
filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")
Region:
id = 3265
start_va = 0x7ffae9b20000
end_va = 0x7ffae9bd4fff
monitored = 0
entry_point = 0x7ffae9b622e0
region_type = mapped_file
name = "shcore.dll"
filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")
Region:
id = 3266
start_va = 0x7ffae9be0000
end_va = 0x7ffae9c86fff
monitored = 0
entry_point = 0x7ffae9beb4d0
region_type = mapped_file
name = "clbcatq.dll"
filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")
Region:
id = 3267
start_va = 0x7ffaeb2b0000
end_va = 0x7ffaeb356fff
monitored = 0
entry_point = 0x7ffaeb2c58d0
region_type = mapped_file
name = "advapi32.dll"
filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")
Region:
id = 3268
start_va = 0x7ffaeb360000
end_va = 0x7ffaeb5dcfff
monitored = 0
entry_point = 0x7ffaeb434970
region_type = mapped_file
name = "combase.dll"
filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")
Region:
id = 3269
start_va = 0x7ffaeb640000
end_va = 0x7ffaeb700fff
monitored = 0
entry_point = 0x7ffaeb660da0
region_type = mapped_file
name = "oleaut32.dll"
filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")
Region:
id = 3270
start_va = 0x7ffaebd00000
end_va = 0x7ffaebe55fff
monitored = 0
entry_point = 0x7ffaebd0a8d0
region_type = mapped_file
name = "user32.dll"
filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")
Region:
id = 3271
start_va = 0x7ffaebfd0000
end_va = 0x7ffaec155fff
monitored = 0
entry_point = 0x7ffaec01ffc0
region_type = mapped_file
name = "gdi32.dll"
filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")
Region:
id = 3272
start_va = 0x7ffaec1d0000
end_va = 0x7ffaec2ebfff
monitored = 0
entry_point = 0x7ffaec2102b0
region_type = mapped_file
name = "rpcrt4.dll"
filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")
Region:
id = 3273
start_va = 0x7ffaec2f0000
end_va = 0x7ffaec32afff
monitored = 0
entry_point = 0x7ffaec2f12f0
region_type = mapped_file
name = "imm32.dll"
filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")
Region:
id = 3274
start_va = 0x7ffaec360000
end_va = 0x7ffaec3bafff
monitored = 0
entry_point = 0x7ffaec3738b0
region_type = mapped_file
name = "sechost.dll"
filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")
Region:
id = 3275
start_va = 0x7ffaec3c0000
end_va = 0x7ffaec46cfff
monitored = 0
entry_point = 0x7ffaec3d81a0
region_type = mapped_file
name = "kernel32.dll"
filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")
Region:
id = 3276
start_va = 0x7ffaec470000
end_va = 0x7ffaec5b2fff
monitored = 0
entry_point = 0x7ffaec498210
region_type = mapped_file
name = "ole32.dll"
filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")
Region:
id = 3277
start_va = 0x7ffaec5c0000
end_va = 0x7ffaec65cfff
monitored = 0
entry_point = 0x7ffaec5c78a0
region_type = mapped_file
name = "msvcrt.dll"
filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")
Region:
id = 3278
start_va = 0x7ffaec7e0000
end_va = 0x7ffaec9a0fff
monitored = 0
entry_point = 0x0
region_type = mapped_file
name = "ntdll.dll"
filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")
Thread:
id = 274
os_tid = 0x690
Thread:
id = 275
os_tid = 0x68c
Thread:
id = 276
os_tid = 0x688
Thread:
id = 277
os_tid = 0x680
Thread:
id = 278
os_tid = 0x67c
Thread:
id = 279
os_tid = 0x674